VPP-83 Allow non-privileged clients to use the vpp binary API.

Use the command line argument "api-segment { uid <nnn> gid <nnn> }" to configure shared memory segment file ownership. Defaults to uid = gid = 0. Shared-memory segments are explicitly set to 0770 mode, aka "rwxrwx---". Change-Id: Ic5d596b68139add61e7de6ace035c57dfd030111 Signed-off-by: Dave Barach <dave@barachs.net>
author: Dave Barach <dave@barachs.net> 2016-05-31 14:05:46 -0400
committer: Chris Luke <chris_luke@cable.comcast.com> 2016-06-01 20:05:08 +0000
commit: 16c75df7976003305f57885639cbc4df4a6a12cf (patch)
tree: 10d27134bbd595985645f461738632f7de2f92b8 /vlib-api/vlibapi/api_shared.c
parent: c79491571fcdb3c77fc7c07c6ea247c14ba3e406 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/vlib-api/vlibapi/api_shared.c b/vlib-api/vlibapi/api_shared.c
index 308f0028e25..0600e621a4e 100644
--- a/vlib-api/vlibapi/api_shared.c
+++ b/vlib-api/vlibapi/api_shared.c
@@ -647,6 +647,14 @@ vl_api_init (vlib_main_t *vm)
     once = 1;
 
     am->region_name = "/unset";
+    /* 
+     * Eventually passed to fchown, -1 => "current user" 
+     * instead of 0 => "root". A very fine disctinction at best.
+     */
+    if (am->api_uid == 0)
+        am->api_uid = -1;
+    if (am->api_gid == 0)
+        am->api_gid = -1;
 
     return (0);
 }
author	Dave Barach <dave@barachs.net>	2016-05-31 14:05:46 -0400
committer	Chris Luke <chris_luke@cable.comcast.com>	2016-06-01 20:05:08 +0000
commit	16c75df7976003305f57885639cbc4df4a6a12cf (patch)
tree	10d27134bbd595985645f461738632f7de2f92b8 /vlib-api/vlibapi/api_shared.c
parent	c79491571fcdb3c77fc7c07c6ea247c14ba3e406 (diff)