src: report EPERM for non-root users

$ /usr/sbin/nft list ruleset Operation not permitted (you must be root) Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1372 Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-12-03 13:33:46 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-12-04 12:53:00 +0100
commit: 3cfb9e4b3e40e0fef18383dd865bb083f9168e95 (patch)
tree: 779b86fbd20552127128460f2d87bde273ab1632
parent: 6975c6d39366e0a086a43fa984392e2231c1b193 (diff)
2 files changed, 7 insertions, 2 deletions
diff --git a/src/libnftables.c b/src/libnftables.c
index a180a9a3..04436591 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -463,8 +463,13 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
 	parser_rc = rc;
 
 	rc = nft_evaluate(nft, &msgs, &cmds);
-	if (rc < 0)
+	if (rc < 0) {
+		if (errno == EPERM) {
+			fprintf(stderr, "%s (you must be root)\n",
+				strerror(errno));
+		}
 		goto err;
+	}
 
 	if (parser_rc) {
 		rc = parser_rc;
diff --git a/src/netlink.c b/src/netlink.c
index f8ac2b9e..2ea2d445 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -635,7 +635,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h)
 		if (errno == EINTR)
 			return -1;
 
-		return 0;
+		return -1;
 	}
 
 	ctx->data = h;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-12-03 13:33:46 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-12-04 12:53:00 +0100
commit	3cfb9e4b3e40e0fef18383dd865bb083f9168e95 (patch)
tree	779b86fbd20552127128460f2d87bde273ab1632
parent	6975c6d39366e0a086a43fa984392e2231c1b193 (diff)