diff options
| author | Renato Westphal <renato@opensourcerouting.org> | 2017-08-12 16:02:42 -0300 |
|---|---|---|
| committer | Renato Westphal <renato@opensourcerouting.org> | 2017-08-12 16:13:58 -0300 |
| commit | e6c1975af8497f50f484d0dc019e6fa9c97a84c8 (patch) | |
| tree | 3f982b18a645b7babb097411c1a0a7c72825cfff | |
| parent | e1768e0a6e2cecc15ab9fe122e607942d07a46c8 (diff) | |
zebra: don't raise privileges when creating unix zserv socket
Raising privileges is only necessary when binding to a TCP/UDP privileged
port (< 1024).
This solves a problem where the zserv.api socket was being created with
root ownership, preventing the client daemons to connect to zebra.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
| -rw-r--r-- | zebra/zserv.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/zebra/zserv.c b/zebra/zserv.c index 5ee6c6d1f3..5a62cc3e81 100644 --- a/zebra/zserv.c +++ b/zebra/zserv.c @@ -2645,7 +2645,7 @@ void zebra_zserv_socket_init(char *path) unlink(suna->sun_path); } - if (zserv_privs.change(ZPRIVS_RAISE)) + if (sa.ss_family != AF_UNIX && zserv_privs.change(ZPRIVS_RAISE)) zlog_err("Can't raise privileges"); ret = bind(sock, (struct sockaddr *)&sa, sa_len); @@ -2657,7 +2657,7 @@ void zebra_zserv_socket_init(char *path) close(sock); return; } - if (zserv_privs.change(ZPRIVS_LOWER)) + if (sa.ss_family != AF_UNIX && zserv_privs.change(ZPRIVS_LOWER)) zlog_err("Can't lower privileges"); ret = listen(sock, 5); |