[Bug 1393] New: iptables-nft -S hangs if not run as root

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1393

            Bug ID: 1393
           Summary: iptables-nft -S hangs if not run as root
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: other
            Status: NEW
          Severity: normal
          Priority: P5
         Component: iptables over nftable
          Assignee: pablo at netfilter.org
          Reporter: kfm at plushkava.net

Created attachment 581
  --> https://bugzilla.netfilter.org/attachment.cgi?id=581&action=edit
iptables-nft-trace.txt.xz

As per the summary. The steps to reproduce here are to initialize a ruleset:

  printf '%s\n' '*filter' :{INPUT,FORWARD,OUTPUT}' ACCEPT [0:0]' COMMIT |
iptables-nft-restore

Then, to run the following under an ordinary user account:

  timeout 5 strace -o iptables-nft-trace.txt iptables-nft -S

In my case, iptables-nft never exits. That is why I have used GNU timeout to
constrain the execution time and the size of the trace, which would otherwise
grow to enormous proportions.

The machine in question is running Arch Linux, with the following components:

  Linux 5.4.6
  glibc-2.30
  iptables-nft-1.8.3
  libnfnetlink-1.0.1
  libnetfilter_conntrack-1.0.7
  libnfntl-1.1.5
  nftables-0.9.3

The trace is attached.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191231/27d71c21/attachment.html>