From e6c1975af8497f50f484d0dc019e6fa9c97a84c8 Mon Sep 17 00:00:00 2001
From: Renato Westphal <renato@opensourcerouting.org>
Date: Sat, 12 Aug 2017 16:02:42 -0300
Subject: [PATCH] zebra: don't raise privileges when creating unix zserv socket

Raising privileges is only necessary when binding to a TCP/UDP privileged
port (< 1024).

This solves a problem where the zserv.api socket was being created with
root ownership, preventing the client daemons to connect to zebra.

Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
---
 zebra/zserv.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/zebra/zserv.c b/zebra/zserv.c
index 5ee6c6d1f3..5a62cc3e81 100644
--- a/zebra/zserv.c
+++ b/zebra/zserv.c
@@ -2645,7 +2645,7 @@ void zebra_zserv_socket_init(char *path)
 			unlink(suna->sun_path);
 	}
 
-	if (zserv_privs.change(ZPRIVS_RAISE))
+	if (sa.ss_family != AF_UNIX && zserv_privs.change(ZPRIVS_RAISE))
 		zlog_err("Can't raise privileges");
 
 	ret = bind(sock, (struct sockaddr *)&sa, sa_len);
@@ -2657,7 +2657,7 @@ void zebra_zserv_socket_init(char *path)
 		close(sock);
 		return;
 	}
-	if (zserv_privs.change(ZPRIVS_LOWER))
+	if (sa.ss_family != AF_UNIX && zserv_privs.change(ZPRIVS_LOWER))
 		zlog_err("Can't lower privileges");
 
 	ret = listen(sock, 5);
-- 
2.39.5