From afb5759cc33b4766e962aaf01dacc57e8d2d9cb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Thu, 2 Dec 2021 13:55:21 +0100 Subject: [PATCH] Disable capability check, handle failure better Fixes #214 --- src/main.cpp | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/src/main.cpp b/src/main.cpp index 52964ce..50593ee 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -206,27 +206,11 @@ int main(int argc, char **argv) { init_ui(); } - if (geteuid() != 0) { -#ifdef __linux__ - char exe_path[PATH_MAX]; - ssize_t len; - unsigned int caps[5] = {0, 0, 0, 0, 0}; - - if ((len = readlink("/proc/self/exe", exe_path, PATH_MAX)) == -1) - forceExit(false, "Failed to locate nethogs binary."); - exe_path[len] = '\0'; - - getxattr(exe_path, "security.capability", (char *)caps, sizeof(caps)); - - if ((((caps[1] >> CAP_NET_ADMIN) & 1) != 1) || - (((caps[1] >> CAP_NET_RAW) & 1) != 1)) - forceExit(false, "To run nethogs without being root you need to enable " - "capabilities on the program (cap_net_admin, " - "cap_net_raw), see the documentation for details."); -#else +#ifndef __linux__ + if (geteuid() != 0) forceExit(false, "You need to be root to run NetHogs!"); #endif - } + // on Linux, we can run as non-root given the cap_net_admin and cap_net_raw capabilities // use the Self-Pipe trick to interrupt the select() in the main loop self_pipe = create_self_pipe(); @@ -292,6 +276,10 @@ int main(int argc, char **argv) { } if (nb_devices == nb_failed_devices) { + if (geteuid() != 0) + fprintf(stderr, "To run nethogs without being root, you need to enable " + "capabilities on the program (cap_net_admin, cap_new_raw). " + "See the documentation for details.\n"); forceExit(false, "Error opening pcap handlers for all devices.\n"); }