src: report EPERM for non-root users

$ /usr/sbin/nft list ruleset
Operation not permitted (you must be root)

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1372
Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/libnftables.c b/src/libnftables.c
index a180a9a30b3dda248610f194d96afd1b664f224f..044365914747204209a0be7d8813049e35d00fdf 100644 (file)
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -463,8 +463,13 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
        parser_rc = rc;
 
        rc = nft_evaluate(nft, &msgs, &cmds);
-       if (rc < 0)
+       if (rc < 0) {
+               if (errno == EPERM) {
+                       fprintf(stderr, "%s (you must be root)\n",
+                               strerror(errno));
+               }
                goto err;
+       }
 
        if (parser_rc) {
                rc = parser_rc;

diff --git a/src/netlink.c b/src/netlink.c
index f8ac2b9e3665f3a62d8e13fa51d25488562386c1..2ea2d4457664a337d7b3273ac9c749cbc6f472c2 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -635,7 +635,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h)
                if (errno == EINTR)
                        return -1;
 
-               return 0;
+               return -1;
        }
 
        ctx->data = h;