From db0cf7963b971ebb393d105a0a29fa7bd926521c Mon Sep 17 00:00:00 2001 From: Dave Barach Date: Tue, 31 May 2016 14:05:46 -0400 Subject: VPP-83 Allow non-privileged clients to use the vpp binary API. Use the command line argument "api-segment { uid gid }" to configure shared memory segment file ownership. Defaults to uid = gid = 0. Shared-memory segments are explicitly set to 0770 mode, aka "rwxrwx---". Change-Id: Ic5d596b68139add61e7de6ace035c57dfd030111 Signed-off-by: Dave Barach --- vpp/api/api.c | 13 +++++++++---- vpp/api/gmon.c | 10 +++++++++- 2 files changed, 18 insertions(+), 5 deletions(-) (limited to 'vpp') diff --git a/vpp/api/api.c b/vpp/api/api.c index 7aa898c6e30..0d27d582bca 100644 --- a/vpp/api/api.c +++ b/vpp/api/api.c @@ -6087,9 +6087,10 @@ vpe_api_init (vlib_main_t *vm) VLIB_INIT_FUNCTION(vpe_api_init); static clib_error_t * -chroot_config (vlib_main_t * vm, unformat_input_t * input) +api_segment_config (vlib_main_t * vm, unformat_input_t * input) { u8 * chroot_path; + int uid, gid; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { @@ -6098,13 +6099,17 @@ chroot_config (vlib_main_t * vm, unformat_input_t * input) vec_add1 (chroot_path, 0); vl_set_memory_root_path ((char *)chroot_path); } + else if (unformat (input, "uid %d", &uid)) + vl_set_memory_uid (uid); + else if (unformat (input, "gid %d", &gid)) + vl_set_memory_gid (gid); else - return clib_error_return (0, "unknown input `%U'", - format_unformat_error, input); + return clib_error_return (0, "unknown input `%U'", + format_unformat_error, input); } return 0; } -VLIB_EARLY_CONFIG_FUNCTION (chroot_config, "chroot"); +VLIB_EARLY_CONFIG_FUNCTION (api_segment_config, "api-segment"); void * get_unformat_vnet_sw_interface (void) { diff --git a/vpp/api/gmon.c b/vpp/api/gmon.c index 8ab890fceb4..9d37155f005 100644 --- a/vpp/api/gmon.c +++ b/vpp/api/gmon.c @@ -165,6 +165,13 @@ gmon_init (vlib_main_t *vm) api_main_t * am = &api_main; pid_t *swp = 0; f64 *v = 0; + clib_error_t * error; + + if ((error = vlib_call_init_function(vm, vpe_api_init))) + return(error); + + /* Make sure that /global-vm is owned as directed */ + svm_region_init_chroot_uid_gid (am->root_path, am->api_uid, am->api_gid); gm->vlib_main = vm; gm->svmdb_client = svmdb_map_chroot(am->root_path); @@ -223,7 +230,8 @@ static clib_error_t *gmon_exit (vlib_main_t *vm) *gm->vpef_pid_ptr = 0; *gm->input_rate_ptr = 0.0; *gm->sig_error_rate_ptr = 0.0; - svmdb_unmap (gm->svmdb_client); + svm_region_unmap ((void *) gm->svmdb_client->db_rp); + vec_free(gm->svmdb_client); } return 0; } -- cgit 1.2.3-korg