Merge parser: Remove check for root to run parser

The check isn't correct, it should be checking for capability MAC_ADMIN, but in the future that won't be correct either. Instead rely on the kernel to check permission to load policy, which it alread does as it is possible to by-pass the parser to load policy. Also improve the error message when the kernel does deny loading policy due to failed permission checks. Signed-off-by: John Johansen <john.johansen@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1044 Approved-by: Seth Arnold <seth.arnold@gmail.com> Merged-by: John Johansen <john@jjmx.net>
2025-08-31 06:16:03 +00:00 · 2023-06-30 07:02:34 +00:00
parent fef3eb3693 e7844e723e
commit ab218526bf
2 changed files with 6 additions and 10 deletions
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -855,12 +855,6 @@ int have_enough_privilege(void)
 	uid = getuid();
 	euid = geteuid();

-	if (uid != 0 && euid != 0) {
-		PERROR(_("%s: Sorry. You need root privileges to run this program.\n\n"),
-		       progname);
-		return EPERM;
-	}
-
 	if (uid != 0 && euid == 0) {
 		PERROR(_("%s: Warning! You've set this program setuid root.\n"
 			 "Anybody who can run this program can update "