diff options
| author |   Dave Barach <dave@barachs.net> | 2016-07-18 14:23:36 -0400 |
|---|---|---|
| committer | Dave Barach <dave@barachs.net> | 2016-07-18 14:29:04 -0400 |
| commit | 98cfc1aab07d311b53b0171fad62a4031c96fcfd (patch) | |
| tree | 7779590482e032169590f2a5d1c4f4fcab66678f /vpp | |
| parent | 2221cd8dd18e66bcdb9bb9a4114ba0c3dddcd00c (diff) | |
Add uid/gid config parameters to shared-vm database map operator
So vpp_get_metrics and similar will not need to run as root
Change-Id: I635e830834c82990ad84ddaae06f2e50e55fd616
Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'vpp')
| -rw-r--r-- | vpp/vpp-api/gmon.c | 9 | ||||
| -rw-r--r-- | vpp/vpp-api/vpp_get_metrics.c | 65 |
2 files changed, 70 insertions, 4 deletions
diff --git a/vpp/vpp-api/gmon.c b/vpp/vpp-api/gmon.c index 6ab7109662e..05d6a11773f 100644 --- a/vpp/vpp-api/gmon.c +++ b/vpp/vpp-api/gmon.c @@ -166,6 +166,7 @@ gmon_init (vlib_main_t *vm) pid_t *swp = 0; f64 *v = 0; clib_error_t * error; + svmdb_map_args_t _ma, *ma= &_ma; if ((error = vlib_call_init_function(vm, vpe_api_init))) return(error); @@ -174,7 +175,13 @@ gmon_init (vlib_main_t *vm) svm_region_init_chroot_uid_gid (am->root_path, am->api_uid, am->api_gid); gm->vlib_main = vm; - gm->svmdb_client = svmdb_map_chroot(am->root_path); + + memset (ma, 0, sizeof (*ma)); + ma->root_path = am->root_path; + ma->uid = am->api_uid; + ma->gid = am->api_gid; + + gm->svmdb_client = svmdb_map (ma); /* Find or create, set to zero */ vec_add1 (v, 0.0); diff --git a/vpp/vpp-api/vpp_get_metrics.c b/vpp/vpp-api/vpp_get_metrics.c index e963bc6d211..ea4af01d66e 100644 --- a/vpp/vpp-api/vpp_get_metrics.c +++ b/vpp/vpp-api/vpp_get_metrics.c @@ -18,6 +18,8 @@ #include <sys/types.h> #include <sys/mman.h> #include <sys/stat.h> +#include <pwd.h> +#include <grp.h> #include <netinet/in.h> #include <signal.h> #include <pthread.h> @@ -106,9 +108,17 @@ main (int argc, char **argv) int interval = 0; f64 *vector_ratep, *rx_ratep, *sig_error_ratep; pid_t *vpp_pidp; + svmdb_map_args_t _ma, *ma= &_ma; + int uid, gid, rv; + struct passwd _pw, *pw; + struct group _grp, *grp; + char *s, buf[128]; unformat_init_command_line (&input, argv); + uid = geteuid(); + gid = getegid(); + while (unformat_check_input (&input) != UNFORMAT_END_OF_INPUT) { if (unformat (&input, "chroot %s", &chroot_path_u8)) @@ -117,6 +127,46 @@ main (int argc, char **argv) } else if (unformat (&input, "interval %d", &interval)) ; + else if (unformat (&input, "uid %d", &uid)) + ; + else if (unformat (&input, "gid %d", &gid)) + ; + else if (unformat (&input, "uid %s", &s)) + { + /* lookup the username */ + pw = NULL; + rv = getpwnam_r(s, &_pw, buf, sizeof(buf), &pw); + if (rv < 0) + { + fformat (stderr, "cannot fetch username %s", s); + exit (1); + } + if (pw == NULL) + { + fformat (stderr, "username %s does not exist", s); + exit (1); + } + vec_free (s); + uid = pw->pw_uid; + } + else if (unformat (&input, "gid %s", &s)) + { + /* lookup the group name */ + grp = NULL; + rv = getgrnam_r(s, &_grp, buf, sizeof(buf), &grp); + if (rv != 0) + { + fformat (stderr, "cannot fetch group %s", s); + exit (1); + } + if (grp == NULL) + { + fformat (stderr, "group %s does not exist", s); + exit (1); + } + vec_free (s); + gid = grp->gr_gid; + } else { fformat (stderr, @@ -127,7 +177,12 @@ main (int argc, char **argv) setup_signal_handlers (); - c = svmdb_map_chroot (chroot_path); + memset (ma, 0, sizeof (*ma)); + ma->root_path = chroot_path; + ma->uid = uid; + ma->gid = gid; + + c = svmdb_map (ma); vpp_pidp = svmdb_local_get_variable_reference (c, SVMDB_NAMESPACE_VEC, "vpp_pid"); @@ -156,8 +211,12 @@ main (int argc, char **argv) do { - /* Once vpp exits, the svm db region will be recreated... */ - if (*vpp_pidp == 0 || kill (*vpp_pidp, 0) < 0) + /* + * Once vpp exits, the svm db region will be recreated... + * Can't use kill (*vpp_pidp, 0) if running as non-root / + * accessing the shared-VM database via group perms. + */ + if (*vpp_pidp == 0) { fformat (stdout, "vpp not running\n"); exit (1); |