Merge pull request #215 from ncfavier/capability-check

Disable capability check, handle failure better
2021-12-02 14:14:32 +01:00
parent 3e0bba6966 afb5759cc3
commit 54f88038f6
1 changed files with 7 additions and 19 deletions
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -206,27 +206,11 @@ int main(int argc, char **argv) {
    init_ui();
  }

-  if (geteuid() != 0) {
-#ifdef __linux__
-    char exe_path[PATH_MAX];
-    ssize_t len;
-    unsigned int caps[5] = {0, 0, 0, 0, 0};
-
-    if ((len = readlink("/proc/self/exe", exe_path, PATH_MAX)) == -1)
-      forceExit(false, "Failed to locate nethogs binary.");
-    exe_path[len] = '\0';
-
-    getxattr(exe_path, "security.capability", (char *)caps, sizeof(caps));
-
-    if ((((caps[1] >> CAP_NET_ADMIN) & 1) != 1) ||
-        (((caps[1] >> CAP_NET_RAW) & 1) != 1))
-      forceExit(false, "To run nethogs without being root you need to enable "
-                       "capabilities on the program (cap_net_admin, "
-                       "cap_net_raw), see the documentation for details.");
-#else
+#ifndef __linux__
+  if (geteuid() != 0)
    forceExit(false, "You need to be root to run NetHogs!");
 #endif
-  }
+  // on Linux, we can run as non-root given the cap_net_admin and cap_net_raw capabilities

  // use the Self-Pipe trick to interrupt the select() in the main loop
  self_pipe = create_self_pipe();
@@ -292,6 +276,10 @@ int main(int argc, char **argv) {
  }

  if (nb_devices == nb_failed_devices) {
+    if (geteuid() != 0)
+      fprintf(stderr, "To run nethogs without being root, you need to enable "
+                      "capabilities on the program (cap_net_admin, cap_new_raw). "
+                      "See the documentation for details.\n");
    forceExit(false, "Error opening pcap handlers for all devices.\n");
  }