From: Philippe Guibert <philippe.guibert@6wind.com>
Date: Tue, 13 Mar 2018 13:51:31 +0000 (+0100)
Subject: zebra: upon associating netns with vrf, prileges are raised
X-Git-Tag: frr-5.0-dev~163^2~1
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=1c9d288e496d0fc20baeadd2e792e927a6f50312;p=matthieu%2Ffrr.git

zebra: upon associating netns with vrf, prileges are raised

In order to create the netns context, the zebra parser at startup needs
to have its privileges raised.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
---

diff --git a/zebra/zebra_netns_notify.c b/zebra/zebra_netns_notify.c
index 4f55be45b6..98b36dd10f 100644
--- a/zebra/zebra_netns_notify.c
+++ b/zebra/zebra_netns_notify.c
@@ -92,7 +92,11 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name)
 		zlog_warn("NS notify : failed to create VRF %s", name);
 		return;
 	}
+	if (zserv_privs.change(ZPRIVS_RAISE))
+		zlog_err("Can't raise privileges");
 	ret = vrf_netns_handler_create(NULL, vrf, netnspath, ns_id);
+	if (zserv_privs.change(ZPRIVS_LOWER))
+		zlog_err("Can't lower privileges");
 	if (ret != CMD_SUCCESS) {
 		zlog_warn("NS notify : failed to create NS %s", netnspath);
 		return;