summaryrefslogtreecommitdiffstats
path: root/iptables/tests/shell/testcases/iptables/0008-unprivileged_0
Commit message (Collapse)AuthorAgeFilesLines
* nft: Fix EPERM handling for extensions without rev 0Phil Sutter2022-05-111-0/+6
| | | | | | | | | | Treating revision 0 as compatible in EPERM case works fine as long as there is a revision 0 of that extension defined in DSO. Fix the code for others: Extend the EPERM handling to all revisions and keep the existing warning for revision 0. Fixes: 17534cb18ed0a ("Improve error messages for unsupported extensions") Signed-off-by: Phil Sutter <phil@nwl.cc>
* xshared: Fix response to unprivileged usersPhil Sutter2022-01-201-0/+60
Expected behaviour in both variants is: * Print help without error, append extension help if -m and/or -j options are present * Indicate lack of permissions in an error message for anything else With iptables-nft, this was broken basically from day 1. Shared use of do_parse() then somewhat broke legacy: it started complaining about inability to create a lock file. Fix this by making iptables-nft assume extension revision 0 is present if permissions don't allow to verify. This is consistent with legacy. Second part is to exit directly after printing help - this avoids having to make the following code "nop-aware" to prevent privileged actions. Signed-off-by: Phil Sutter <phil@nwl.cc> Reviewed-by: Florian Westphal <fw@strlen.de>