Re: Running nft --check as non-root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Peter Hoeg <peter@xxxxxxxx> wrote:
> as part of deploying nftables rules on NixOS, I want to check the syntax before actually trying to deploy them.
> 
> Now, nft --check --file works fine when run as root but the builder used does not have root permissions (or access to sudo or anything like that). Is there any particular reason why nft --check needs to run as root or any way to make it work as !root?

Yes, this not a syntax check. The ruleset is passed to the kernel.

The only difference is the lack of the final 'commit' instruction to
activate the ruleset, this makes the kernel abort/unwind the entire
transaction.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux