[PATCH nft] src: report EPERM for non-root users

[PATCH nft] src: report EPERM for non-root users

[Pablo Neira Ayuso]

$ /usr/sbin/nft list ruleset
Operation not permitted (you must be root)

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1372
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnftables.c | 7 ++++++-
 src/netlink.c     | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/libnftables.c b/src/libnftables.c
index a180a9a30b3d..044365914747 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -463,8 +463,13 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
 	parser_rc = rc;
 
 	rc = nft_evaluate(nft, &msgs, &cmds);
-	if (rc < 0)
+	if (rc < 0) {
+		if (errno == EPERM) {
+			fprintf(stderr, "%s (you must be root)\n",
+				strerror(errno));
+		}
 		goto err;
+	}
 
 	if (parser_rc) {
 		rc = parser_rc;
diff --git a/src/netlink.c b/src/netlink.c
index f8ac2b9e3665..2ea2d4457664 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -635,7 +635,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h)
 		if (errno == EINTR)
 			return -1;
 
-		return 0;
+		return -1;
 	}
 
 	ctx->data = h;
-- 
2.20.1

Re: [PATCH nft] src: report EPERM for non-root users

[Arturo Borrero Gonzalez]

On 12/3/20 1:44 PM, Pablo Neira Ayuso wrote:
> $ /usr/sbin/nft list ruleset
> Operation not permitted (you must be root)
> 
> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1372
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>   src/libnftables.c | 7 ++++++-
>   src/netlink.c     | 2 +-
>   2 files changed, 7 insertions(+), 2 deletions(-)
> 

Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>