aboutsummaryrefslogtreecommitdiffstats
path: root/vpp/api
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2016-05-31 14:05:46 -0400
committerChris Luke <chris_luke@cable.comcast.com>2016-06-01 20:05:08 +0000
commit16c75df7976003305f57885639cbc4df4a6a12cf (patch)
tree10d27134bbd595985645f461738632f7de2f92b8 /vpp/api
parentc79491571fcdb3c77fc7c07c6ea247c14ba3e406 (diff)
VPP-83 Allow non-privileged clients to use the vpp binary API.
Use the command line argument "api-segment { uid <nnn> gid <nnn> }" to configure shared memory segment file ownership. Defaults to uid = gid = 0. Shared-memory segments are explicitly set to 0770 mode, aka "rwxrwx---". Change-Id: Ic5d596b68139add61e7de6ace035c57dfd030111 Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'vpp/api')
-rw-r--r--vpp/api/api.c13
-rw-r--r--vpp/api/gmon.c10
2 files changed, 18 insertions, 5 deletions
diff --git a/vpp/api/api.c b/vpp/api/api.c
index ea14bffb..6c387a38 100644
--- a/vpp/api/api.c
+++ b/vpp/api/api.c
@@ -6301,9 +6301,10 @@ vpe_api_init (vlib_main_t *vm)
VLIB_INIT_FUNCTION(vpe_api_init);
static clib_error_t *
-chroot_config (vlib_main_t * vm, unformat_input_t * input)
+api_segment_config (vlib_main_t * vm, unformat_input_t * input)
{
u8 * chroot_path;
+ int uid, gid;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
@@ -6312,13 +6313,17 @@ chroot_config (vlib_main_t * vm, unformat_input_t * input)
vec_add1 (chroot_path, 0);
vl_set_memory_root_path ((char *)chroot_path);
}
+ else if (unformat (input, "uid %d", &uid))
+ vl_set_memory_uid (uid);
+ else if (unformat (input, "gid %d", &gid))
+ vl_set_memory_gid (gid);
else
- return clib_error_return (0, "unknown input `%U'",
- format_unformat_error, input);
+ return clib_error_return (0, "unknown input `%U'",
+ format_unformat_error, input);
}
return 0;
}
-VLIB_EARLY_CONFIG_FUNCTION (chroot_config, "chroot");
+VLIB_EARLY_CONFIG_FUNCTION (api_segment_config, "api-segment");
void * get_unformat_vnet_sw_interface (void)
{
diff --git a/vpp/api/gmon.c b/vpp/api/gmon.c
index 8ab890fc..9d37155f 100644
--- a/vpp/api/gmon.c
+++ b/vpp/api/gmon.c
@@ -165,6 +165,13 @@ gmon_init (vlib_main_t *vm)
api_main_t * am = &api_main;
pid_t *swp = 0;
f64 *v = 0;
+ clib_error_t * error;
+
+ if ((error = vlib_call_init_function(vm, vpe_api_init)))
+ return(error);
+
+ /* Make sure that /global-vm is owned as directed */
+ svm_region_init_chroot_uid_gid (am->root_path, am->api_uid, am->api_gid);
gm->vlib_main = vm;
gm->svmdb_client = svmdb_map_chroot(am->root_path);
@@ -223,7 +230,8 @@ static clib_error_t *gmon_exit (vlib_main_t *vm)
*gm->vpef_pid_ptr = 0;
*gm->input_rate_ptr = 0.0;
*gm->sig_error_rate_ptr = 0.0;
- svmdb_unmap (gm->svmdb_client);
+ svm_region_unmap ((void *) gm->svmdb_client->db_rp);
+ vec_free(gm->svmdb_client);
}
return 0;
}