main: consolidate EPERM to non-root users

Move the check added by 3cfb9e4b3e40 ("src: report EPERM for non-root users")
to the main function.

EPERM is also possible when removing a ruleset that is owned by a
process, tone it down to suggest that root is maybe needed.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/libnftables.c b/src/libnftables.c
index 66b03a1170bba5182410ec9c5729817a429b59cd..bc42c32de889a438f46315b59469ea322c8bf9a7 100644 (file)
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -630,13 +630,8 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
        parser_rc = rc;
 
        rc = nft_evaluate(nft, &msgs, &cmds);
        parser_rc = rc;
 
        rc = nft_evaluate(nft, &msgs, &cmds);

-       if (rc < 0) {
-               if (errno == EPERM) {
-                       fprintf(stderr, "%s (you must be root)\n",
-                               strerror(errno));
-               }
+       if (rc < 0)

                goto err;
                goto err;

-       }

 
        if (parser_rc) {
                rc = parser_rc;
 
        if (parser_rc) {
                rc = parser_rc;

diff --git a/src/main.c b/src/main.c
index 29b0533dee7c9325cda78654d1a210f26f8aea24..4cb51ff7f5fef70af0011d284027c16361128e59 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -548,6 +548,8 @@ int main(int argc, char * const *argv)
                goto out_fail;
        }
 
                goto out_fail;
        }
 

+       if (rc && errno == EPERM)
+                fprintf(stderr, "Error: %s (perhaps you must be root?)\n", strerror(errno));

 out:
        nft_ctx_free(nft);
        return rc;
 out:
        nft_ctx_free(nft);
        return rc;