From 75f06cb4139f6f00dfe952eac84ff31d3db014cb Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Thu, 14 Sep 2017 12:05:09 +0200
Subject: [PATCH 5/5] firewall-offline-cmd: Don't require root for help output

Allow unprivileged users to retrieve help output.

Fixes: RHBZ#1445214
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 src/firewall-offline-cmd | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/firewall-offline-cmd b/src/firewall-offline-cmd
index 1b4550830b7bb..fccfb7251c4f5 100755
--- a/src/firewall-offline-cmd
+++ b/src/firewall-offline-cmd
@@ -43,9 +43,10 @@ from firewall.core.io.helper import helper_reader
 from firewall.command import FirewallCommand
 
 # check for root user
-if os.getuid() != 0:
-    sys.stderr.write("You need to be root to run %s.\n" % sys.argv[0])
-    sys.exit(-1)
+def assert_root():
+    if os.getuid() != 0:
+        sys.stderr.write("You need to be root to run %s.\n" % sys.argv[0])
+        sys.exit(-1)
 
 SYSTEM_CONFIG_FIREWALL = config.SYSCONFIGDIR + '/system-config-firewall'
 
@@ -775,6 +776,8 @@ if len(sys.argv) > 1 and \
     if a.help:
         __usage()
         sys.exit(0)
+    else:
+        assert_root()
     if a.quiet:
         # it makes no sense to use --quiet with these options
         a.quiet = False
@@ -809,6 +812,7 @@ elif len(sys.argv) > 1:
         args = aux_args[:i+1] # all but not <args>
         args.append(joinArgs(aux_args[i+1:])) # add <args> as one arg
 else:
+    assert_root()
     # migrate configuration from SYSTEM_CONFIG_FIREWALL
     args = read_sysconfig_args()
     if not args:
@@ -1020,6 +1024,8 @@ if a.help:
     __usage()
     sys.exit(0)
 
+assert_root()
+
 zone = a.zone
 fw = Firewall_test()
 fw.start()
-- 
2.13.1