Improve permission warning

Improve permission warning when Suricata-update runs with the wrong user

When suricata-update runs with a non-root user, it gives an ugly traceback.
To avoid those ugly tracebacks, try except block is put around the operation
that are being performed on the file i.e. shutil.copyfile(src, dest) and
exit cleanly with an error in the log.
Also, to avoid ugly tracebacks for permission of suricata.yaml, try-except
is put around where it is accessed and exit cleanly.

diff --git a/suricata/update/main.py b/suricata/update/main.py
index ac5ab1596a473e769506ff778aa0b59c81dc212a..cd4afc087407602b86e72f6fda54702683aa9253 100644 (file)
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -391,6 +391,10 @@ class Fetch:
                     "will use latest cached version: %s", url, err)
                 return self.extract_files(tmp_filename)
             raise err
+        except IOError as err:
+            self.progress_hook_finish()
+            logger.error("Failed to copy file: %s", err)
+            sys.exit(1)
         except Exception as err:
             raise err
         self.progress_hook_finish()
@@ -1306,8 +1310,11 @@ def _main():
        os.path.exists(config.get("suricata-conf")) and \
        suricata_path and os.path.exists(suricata_path):
         logger.info("Loading %s",config.get("suricata-conf"))
-        suriconf = suricata.update.engine.Configuration.load(
-            config.get("suricata-conf"), suricata_path=suricata_path)
+        try:
+            suriconf = suricata.update.engine.Configuration.load(
+                config.get("suricata-conf"), suricata_path=suricata_path)
+        except subprocess.CalledProcessError:
+            return 1
 
     # Disable rule that are for app-layers that are not enabled.
     if suriconf: