From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 3 Dec 2020 12:33:46 +0000 (+0100)
Subject: src: report EPERM for non-root users
X-Git-Tag: v0.9.8~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3cfb9e4b3e40e0fef18383dd865bb083f9168e95;p=thirdparty%2Fnftables.git

src: report EPERM for non-root users

$ /usr/sbin/nft list ruleset
Operation not permitted (you must be root)

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1372
Acked-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/libnftables.c b/src/libnftables.c
index a180a9a30..044365914 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -463,8 +463,13 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
 	parser_rc = rc;
 
 	rc = nft_evaluate(nft, &msgs, &cmds);
-	if (rc < 0)
+	if (rc < 0) {
+		if (errno == EPERM) {
+			fprintf(stderr, "%s (you must be root)\n",
+				strerror(errno));
+		}
 		goto err;
+	}
 
 	if (parser_rc) {
 		rc = parser_rc;
diff --git a/src/netlink.c b/src/netlink.c
index f8ac2b9e3..2ea2d4457 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -635,7 +635,7 @@ int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h)
 		if (errno == EINTR)
 			return -1;
 
-		return 0;
+		return -1;
 	}
 
 	ctx->data = h;