From c347693fe81b5e52c64b9c131ea4c76f2797a3ac Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 8 Apr 2026 13:05:18 +0200 Subject: [PATCH] main: consolidate EPERM to non-root users Move the check added by 3cfb9e4b3e40 ("src: report EPERM for non-root users") to the main function. EPERM is also possible when removing a ruleset that is owned by a process, tone it down to suggest that root is maybe needed. Signed-off-by: Pablo Neira Ayuso --- src/libnftables.c | 7 +------ src/main.c | 2 ++ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/libnftables.c b/src/libnftables.c index 66b03a11..bc42c32d 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -630,13 +630,8 @@ int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf) parser_rc = rc; rc = nft_evaluate(nft, &msgs, &cmds); - if (rc < 0) { - if (errno == EPERM) { - fprintf(stderr, "%s (you must be root)\n", - strerror(errno)); - } + if (rc < 0) goto err; - } if (parser_rc) { rc = parser_rc; diff --git a/src/main.c b/src/main.c index 29b0533d..4cb51ff7 100644 --- a/src/main.c +++ b/src/main.c @@ -548,6 +548,8 @@ int main(int argc, char * const *argv) goto out_fail; } + if (rc && errno == EPERM) + fprintf(stderr, "Error: %s (perhaps you must be root?)\n", strerror(errno)); out: nft_ctx_free(nft); return rc; -- 2.47.3