From b6a595ae00d1ec60670af73a94e577634ee71c72 Mon Sep 17 00:00:00 2001
From: rain1 <rain1@openmailbox.org>
Date: Mon, 18 Apr 2016 18:04:37 +0100
Subject: [PATCH] * src/main.cpp: Made cap test conditional on __linux__.
 Improved the error message. * src/nethogs.cpp: Reduced the scope of the
 includes moving them out of this file. * src/nethogs.h: Removed NEEDROOT
 variable.

---
 src/main.cpp    | 33 ++++++++++++++++++++-------------
 src/nethogs.cpp |  8 --------
 src/nethogs.h   |  7 -------
 3 files changed, 20 insertions(+), 28 deletions(-)

diff --git a/src/main.cpp b/src/main.cpp
index bc01334..3794cd4 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -2,6 +2,14 @@
 #include <fcntl.h>
 #include <vector>
 
+#ifdef __linux__
+#include <linux/limits.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/xattr.h>
+#include <linux/capability.h>
+#endif
+
 // The self_pipe is used to interrupt the select() in the main loop
 static std::pair<int, int> self_pipe = std::make_pair(-1, -1);
 static time_t last_refresh_time = 0;
@@ -173,21 +181,20 @@ int main(int argc, char **argv) {
     init_ui();
   }
 
-#if NEEDROOT == 1
-  if (geteuid() != 0)
-    forceExit(false, "You need to be root to run NetHogs!");
+  if (geteuid() != 0) {
+#ifdef __linux__
+    char exe_path[PATH_MAX];
+    unsigned int caps[5] = {0};
+
+    readlink("/proc/self/exe", exe_path, PATH_MAX);
+    getxattr(exe_path, "security.capability", (char *)caps, sizeof(caps));
+
+    if ((((caps[1] >> CAP_NET_ADMIN) & 1) != 1) || (((caps[1] >> CAP_NET_RAW) & 1) != 1))
+      forceExit(false, "To run nethogs without being root you need to enable capabilities on the program (cap_net_admin, cap_net_raw), see the documentation for details.");
 #else
-  char exe_path[PATH_MAX];
-  unsigned int caps[5] = {0};
-
-  readlink("/proc/self/exe", exe_path, PATH_MAX);
-  getxattr(exe_path, "security.capability", (char *)caps, sizeof(caps));
-
-  if (((caps[1] >> CAP_NET_ADMIN) & 1) != 1)
-    forceExit(false, "You need to enable cap_net_admin (and cap_net_raw) to run NetHogs!");
-  if (((caps[1] >> CAP_NET_RAW) & 1) != 1)
-    forceExit(false, "You need to enable cap_net_raw to run NetHogs!");
+    forceExit(false, "You need to be root to run NetHogs!");
 #endif
+  }
 
   // use the Self-Pipe trick to interrupt the select() in the main loop
   self_pipe = create_self_pipe();
diff --git a/src/nethogs.cpp b/src/nethogs.cpp
index d08c4e7..682c790 100644
--- a/src/nethogs.cpp
+++ b/src/nethogs.cpp
@@ -38,14 +38,6 @@
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
 
-#if NEEDROOT == 0
-#include <linux/limits.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/xattr.h>
-#include <linux/capability.h>
-#endif
-
 #include "cui.h"
 
 extern "C" {
diff --git a/src/nethogs.h b/src/nethogs.h
index 08f1add..b4f5102 100644
--- a/src/nethogs.h
+++ b/src/nethogs.h
@@ -49,13 +49,6 @@
  * after which a connection is removed */
 #define CONNTIMEOUT 50
 
-/* Set to '0' when compiling for a system that uses Linux Capabilities,
- * like www.adamantix.org: in that case nethogs shouldn't check if it's
- * running as root. Take care to give it sufficient privileges though. */
-#ifndef NEEDROOT
-#define NEEDROOT 1
-#endif
-
 #define DEBUG 0
 
 #define REVERSEHACK 0