From 16c75df7976003305f57885639cbc4df4a6a12cf Mon Sep 17 00:00:00 2001 From: Dave Barach Date: Tue, 31 May 2016 14:05:46 -0400 Subject: VPP-83 Allow non-privileged clients to use the vpp binary API. Use the command line argument "api-segment { uid gid }" to configure shared memory segment file ownership. Defaults to uid = gid = 0. Shared-memory segments are explicitly set to 0770 mode, aka "rwxrwx---". Change-Id: Ic5d596b68139add61e7de6ace035c57dfd030111 Signed-off-by: Dave Barach --- vlib-api/vlibapi/api.h | 4 ++++ vlib-api/vlibapi/api_shared.c | 8 ++++++++ 2 files changed, 12 insertions(+) (limited to 'vlib-api/vlibapi') diff --git a/vlib-api/vlibapi/api.h b/vlib-api/vlibapi/api.h index fc2c30cfa0a..3c4b68dc006 100644 --- a/vlib-api/vlibapi/api.h +++ b/vlib-api/vlibapi/api.h @@ -134,6 +134,10 @@ typedef struct { /* vector of message ranges */ vl_api_msg_range_t *msg_ranges; + /* gid for the api shared memory region */ + int api_gid; + int api_uid; + /* Client-only data structures */ unix_shared_memory_queue_t *vl_input_queue; diff --git a/vlib-api/vlibapi/api_shared.c b/vlib-api/vlibapi/api_shared.c index 308f0028e25..0600e621a4e 100644 --- a/vlib-api/vlibapi/api_shared.c +++ b/vlib-api/vlibapi/api_shared.c @@ -647,6 +647,14 @@ vl_api_init (vlib_main_t *vm) once = 1; am->region_name = "/unset"; + /* + * Eventually passed to fchown, -1 => "current user" + * instead of 0 => "root". A very fine disctinction at best. + */ + if (am->api_uid == 0) + am->api_uid = -1; + if (am->api_gid == 0) + am->api_gid = -1; return (0); } -- cgit 1.2.3-korg