aboutsummaryrefslogtreecommitdiffstats
path: root/vlib-api/vlibapi
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2016-05-31 14:05:46 -0400
committerChris Luke <chris_luke@cable.comcast.com>2016-06-01 20:05:08 +0000
commit16c75df7976003305f57885639cbc4df4a6a12cf (patch)
tree10d27134bbd595985645f461738632f7de2f92b8 /vlib-api/vlibapi
parentc79491571fcdb3c77fc7c07c6ea247c14ba3e406 (diff)
VPP-83 Allow non-privileged clients to use the vpp binary API.
Use the command line argument "api-segment { uid <nnn> gid <nnn> }" to configure shared memory segment file ownership. Defaults to uid = gid = 0. Shared-memory segments are explicitly set to 0770 mode, aka "rwxrwx---". Change-Id: Ic5d596b68139add61e7de6ace035c57dfd030111 Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'vlib-api/vlibapi')
-rw-r--r--vlib-api/vlibapi/api.h4
-rw-r--r--vlib-api/vlibapi/api_shared.c8
2 files changed, 12 insertions, 0 deletions
diff --git a/vlib-api/vlibapi/api.h b/vlib-api/vlibapi/api.h
index fc2c30cfa0a..3c4b68dc006 100644
--- a/vlib-api/vlibapi/api.h
+++ b/vlib-api/vlibapi/api.h
@@ -134,6 +134,10 @@ typedef struct {
/* vector of message ranges */
vl_api_msg_range_t *msg_ranges;
+ /* gid for the api shared memory region */
+ int api_gid;
+ int api_uid;
+
/* Client-only data structures */
unix_shared_memory_queue_t *vl_input_queue;
diff --git a/vlib-api/vlibapi/api_shared.c b/vlib-api/vlibapi/api_shared.c
index 308f0028e25..0600e621a4e 100644
--- a/vlib-api/vlibapi/api_shared.c
+++ b/vlib-api/vlibapi/api_shared.c
@@ -647,6 +647,14 @@ vl_api_init (vlib_main_t *vm)
once = 1;
am->region_name = "/unset";
+ /*
+ * Eventually passed to fchown, -1 => "current user"
+ * instead of 0 => "root". A very fine disctinction at best.
+ */
+ if (am->api_uid == 0)
+ am->api_uid = -1;
+ if (am->api_gid == 0)
+ am->api_gid = -1;
return (0);
}