netsniff-ng: mlock: only lock current and future pages when root

When we're still root, we tell the kernel to lock/protect all current
and future pages in memory so that they will not be swapped out in
case the system uses up too much. Now when we do xzmalloc_aligned(),
it calls internally posix_memalign() that can call mmap(2), thus we
will get an EAGAIN as errno, since we're not root anymore and since
we wanted to touch sth. that belongs to root. Nasty. Fix this up by
only protecting these pages when we do not use -u/-g.

Reported-by: Doug Burks <doug.burks@gmail.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>

1 files changed, 4 insertions, 2 deletions

diff --git a/netsniff-ng.c b/netsniff-ng.c
index 25f59ac..c1e0d26 100644
--- a/netsniff-ng.c
+++ b/netsniff-ng.c
@@ -1384,11 +1384,13 @@ int main(int argc, char **argv)
 	init_geoip(0);
 	if (setsockmem)
 		set_system_socket_memory(vals, array_size(vals));
-	xlockme();
+	if (!ctx.enforce)
+		xlockme();
 
 	main_loop(&ctx);
 
-	xunlockme();
+	if (!ctx.enforce)
+		xunlockme();
 	if (setsockmem)
 		reset_system_socket_memory(vals, array_size(vals));
 	destroy_geoip();