diff options
| author |   Dave Barach <dave@barachs.net> | 2016-05-31 14:05:46 -0400 |
|---|---|---|
| committer |   Chris Luke <chris_luke@cable.comcast.com> | 2016-06-01 20:05:08 +0000 |
| commit | 16c75df7976003305f57885639cbc4df4a6a12cf (patch) | |
| tree | 10d27134bbd595985645f461738632f7de2f92b8 /vpp | |
| parent | c79491571fcdb3c77fc7c07c6ea247c14ba3e406 (diff) | |
VPP-83 Allow non-privileged clients to use the vpp binary API.
Use the command line argument "api-segment { uid <nnn> gid <nnn> }" to
configure shared memory segment file ownership. Defaults to uid = gid
= 0. Shared-memory segments are explicitly set to 0770 mode, aka
"rwxrwx---".
Change-Id: Ic5d596b68139add61e7de6ace035c57dfd030111
Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'vpp')
| -rw-r--r-- | vpp/api/api.c | 13 | ||||
| -rw-r--r-- | vpp/api/gmon.c | 10 |
2 files changed, 18 insertions, 5 deletions
diff --git a/vpp/api/api.c b/vpp/api/api.c index ea14bffb..6c387a38 100644 --- a/vpp/api/api.c +++ b/vpp/api/api.c @@ -6301,9 +6301,10 @@ vpe_api_init (vlib_main_t *vm) VLIB_INIT_FUNCTION(vpe_api_init); static clib_error_t * -chroot_config (vlib_main_t * vm, unformat_input_t * input) +api_segment_config (vlib_main_t * vm, unformat_input_t * input) { u8 * chroot_path; + int uid, gid; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { @@ -6312,13 +6313,17 @@ chroot_config (vlib_main_t * vm, unformat_input_t * input) vec_add1 (chroot_path, 0); vl_set_memory_root_path ((char *)chroot_path); } + else if (unformat (input, "uid %d", &uid)) + vl_set_memory_uid (uid); + else if (unformat (input, "gid %d", &gid)) + vl_set_memory_gid (gid); else - return clib_error_return (0, "unknown input `%U'", - format_unformat_error, input); + return clib_error_return (0, "unknown input `%U'", + format_unformat_error, input); } return 0; } -VLIB_EARLY_CONFIG_FUNCTION (chroot_config, "chroot"); +VLIB_EARLY_CONFIG_FUNCTION (api_segment_config, "api-segment"); void * get_unformat_vnet_sw_interface (void) { diff --git a/vpp/api/gmon.c b/vpp/api/gmon.c index 8ab890fc..9d37155f 100644 --- a/vpp/api/gmon.c +++ b/vpp/api/gmon.c @@ -165,6 +165,13 @@ gmon_init (vlib_main_t *vm) api_main_t * am = &api_main; pid_t *swp = 0; f64 *v = 0; + clib_error_t * error; + + if ((error = vlib_call_init_function(vm, vpe_api_init))) + return(error); + + /* Make sure that /global-vm is owned as directed */ + svm_region_init_chroot_uid_gid (am->root_path, am->api_uid, am->api_gid); gm->vlib_main = vm; gm->svmdb_client = svmdb_map_chroot(am->root_path); @@ -223,7 +230,8 @@ static clib_error_t *gmon_exit (vlib_main_t *vm) *gm->vpef_pid_ptr = 0; *gm->input_rate_ptr = 0.0; *gm->sig_error_rate_ptr = 0.0; - svmdb_unmap (gm->svmdb_client); + svm_region_unmap ((void *) gm->svmdb_client->db_rp); + vec_free(gm->svmdb_client); } return 0; } |