Description
I am trying to run the python-iptables as a non-root user.
My script is test.py:
import iptc
import os
uid = os.getuid()
print("Real user ID of the current process:", uid)
table = iptc.Table(iptc.Table.FILTER)
print("Table is:".format(table))
I tried:
- Giving the capability CAP_NET_ADMIN to /usr/bin/python2.7 (outcome is: $ getcap /usr/bin/python2.7 /usr/bin/python2.7 = cap_net_admin+eip ) and executing /usr/bin/python2.7 ./test.py
- Compiling and running with ambient capabilities as defined in: https://gist.github.com/tomix86/32394a43be70c337cbf1e0c0a56cbd8d and executing ./ambient -c '12' /usr/bin/python2.7 ./test.py
- I haven't yet tested with python-prctl but it requires to start as root and then drop privileges which is not possible in my case.
The logs are:
('Real user ID of the current process:', 1000)
Traceback (most recent call last):
File "test.py", line 7, in
table = iptc.Table(iptc.Table.FILTER)
File "/usr/lib64/python2.7/site-packages/iptc/ip4tc.py", line 1566, in new
obj._init(name, autocommit)
File "/usr/lib64/python2.7/site-packages/iptc/ip4tc.py", line 1582, in _init
self.refresh()
File "/usr/lib64/python2.7/site-packages/iptc/ip4tc.py", line 1619, in refresh
self.strerror()))
iptc.ip4tc.IPTCError: can't initialize filter: Permission denied (you must be root)
My kernel is:
$ uname -r
4.4.224-1.el7.elrepo.x86_64
My python version is:
Python 2.7.5
My python-iptables version is:
python-iptables 0.12.0
I can successfully run "iptables -L" as a non-root user but I cannot successfully run iptc python commands as a non-root user.
Could it be failing because it requires additional capabilities?