From a54230d4e79e088b13f581e301846fc3e259548e Mon Sep 17 00:00:00 2001
From: Damjan Marion <damarion@cisco.com>
Date: Wed, 21 Jun 2017 11:57:07 +0200
Subject: Add knob to specify effective group id (gid) for VPP process

Change-Id: Icf9bd4abda058fb380f1a25d5fe3917ffb38b1c4
Signed-off-by: Damjan Marion <damarion@cisco.com>
---
 src/vlib/unix/main.c        |  7 +++++++
 src/vppinfra/format.h       |  3 +++
 src/vppinfra/unix-formats.c | 26 ++++++++++++++++++++++++++
 3 files changed, 36 insertions(+)

diff --git a/src/vlib/unix/main.c b/src/vlib/unix/main.c
index e31ea815..ad1a7c3c 100644
--- a/src/vlib/unix/main.c
+++ b/src/vlib/unix/main.c
@@ -48,6 +48,7 @@
 #include <fcntl.h>
 #include <sys/time.h>
 #include <sys/resource.h>
+#include <unistd.h>
 
 /** Default CLI pager limit is not configured in startup.conf */
 #define UNIX_CLI_DEFAULT_PAGER_LIMIT 100000
@@ -313,6 +314,7 @@ unix_config (vlib_main_t * vm, unformat_input_t * input)
 {
   unix_main_t *um = &unix_main;
   clib_error_t *error = 0;
+  gid_t gid;
 
   /* Defaults */
   um->cli_pager_buffer_limit = UNIX_CLI_DEFAULT_PAGER_LIMIT;
@@ -404,6 +406,11 @@ unix_config (vlib_main_t * vm, unformat_input_t * input)
 	      vec_free (lv);
 	    }
 	}
+      else if (unformat (input, "gid %U", unformat_unix_gid, &gid))
+	{
+	  if (setegid (gid) == -1)
+	    return clib_error_return_unix (0, "setegid");
+	}
       else
 	return clib_error_return (0, "unknown input `%U'",
 				  format_unformat_error, input);
diff --git a/src/vppinfra/format.h b/src/vppinfra/format.h
index bec1b6b4..5b7023a3 100644
--- a/src/vppinfra/format.h
+++ b/src/vppinfra/format.h
@@ -310,6 +310,9 @@ void unformat_init_unix_file (unformat_input_t * input, int file_descriptor);
 /* Take input from Unix environment variable; returns
    1 if variable exists zero otherwise. */
 uword unformat_init_unix_env (unformat_input_t * input, char *var);
+
+/* Unformat unix group id (gid) specified as integer or string */
+unformat_function_t unformat_unix_gid;
 #endif /* CLIB_UNIX */
 
 /* Test code. */
diff --git a/src/vppinfra/unix-formats.c b/src/vppinfra/unix-formats.c
index a4c81ca2..91986516 100644
--- a/src/vppinfra/unix-formats.c
+++ b/src/vppinfra/unix-formats.c
@@ -49,6 +49,7 @@
 
 #include <unistd.h>
 #include <signal.h>
+#include <grp.h>
 
 #include <time.h>
 #include <sys/socket.h>
@@ -915,4 +916,29 @@ u8 * format_ucontext_pc (u8 * s, va_list * args)
     return format (s, "%p", regs[reg_no]);
 }
 
+uword
+unformat_unix_gid (unformat_input_t * input, va_list * args)
+{
+  gid_t *gid = va_arg (*args, gid_t *);
+  struct group *grp = 0;
+  int r;
+  u8 *s;
+
+  if (unformat (input, "%d", &r))
+    {
+      grp = getgrgid (r);
+    }
+  else if (unformat (input, "%s", &s))
+    {
+      grp = getgrnam ((char *) s);
+      vec_free (s);
+    }
+  if (grp)
+    {
+      *gid = grp->gr_gid;
+      return 1;
+    }
+  return 0;
+}
+
 #endif /* __KERNEL__ */
-- 
cgit 1.2.3-korg