From 3cfb9e4b3e40e0fef18383dd865bb083f9168e95 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 3 Dec 2020 13:33:46 +0100
Subject: src: report EPERM for non-root users

$ /usr/sbin/nft list ruleset
Operation not permitted (you must be root)

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1372
Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnftables.c | 7 ++++++-
 src/netlink.c     | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/libnftables.c b/src/libnftables.c
index a180a9a3..04436591 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -463,8 +463,13 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
 	parser_rc = rc;
 
 	rc = nft_evaluate(nft, &msgs, &cmds);
-	if (rc < 0)
+	if (rc < 0) {
+		if (errno == EPERM) {
+			fprintf(stderr, "%s (you must be root)\n",
+				strerror(errno));
+		}
 		goto err;
+	}
 
 	if (parser_rc) {
 		rc = parser_rc;
diff --git a/src/netlink.c b/src/netlink.c
index f8ac2b9e..2ea2d445 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -635,7 +635,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h)
 		if (errno == EINTR)
 			return -1;
 
-		return 0;
+		return -1;
 	}
 
 	ctx->data = h;
-- 
cgit v1.2.3