From 1c9d288e496d0fc20baeadd2e792e927a6f50312 Mon Sep 17 00:00:00 2001
From: Philippe Guibert <philippe.guibert@6wind.com>
Date: Tue, 13 Mar 2018 14:51:31 +0100
Subject: [PATCH] zebra: upon associating netns with vrf, prileges are raised

In order to create the netns context, the zebra parser at startup needs
to have its privileges raised.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
---
 zebra/zebra_netns_notify.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/zebra/zebra_netns_notify.c b/zebra/zebra_netns_notify.c
index 4f55be45b6..98b36dd10f 100644
--- a/zebra/zebra_netns_notify.c
+++ b/zebra/zebra_netns_notify.c
@@ -92,7 +92,11 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name)
 		zlog_warn("NS notify : failed to create VRF %s", name);
 		return;
 	}
+	if (zserv_privs.change(ZPRIVS_RAISE))
+		zlog_err("Can't raise privileges");
 	ret = vrf_netns_handler_create(NULL, vrf, netnspath, ns_id);
+	if (zserv_privs.change(ZPRIVS_LOWER))
+		zlog_err("Can't lower privileges");
 	if (ret != CMD_SUCCESS) {
 		zlog_warn("NS notify : failed to create NS %s", netnspath);
 		return;
-- 
2.39.5