zebra: upon associating netns with vrf, prileges are raised

In order to create the netns context, the zebra parser at startup needs to have its privileges raised. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
author: Philippe Guibert <philippe.guibert@6wind.com> 2018-03-13 14:51:31 +0100
committer: Philippe Guibert <philippe.guibert@6wind.com> 2018-03-13 16:32:58 +0100
commit: 1c9d288e496d0fc20baeadd2e792e927a6f50312 (patch)
tree: a9acfa9bbbbcd5ac53bdd4d13707081f65a358a5 /zebra/zebra_netns_notify.c
parent: Merge pull request #1806 from vivek-cumulus/evpn-ipv6-tenant-routing (diff)
download: frr-1c9d288e496d0fc20baeadd2e792e927a6f50312.tar.xz
frr-1c9d288e496d0fc20baeadd2e792e927a6f50312.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/zebra/zebra_netns_notify.c b/zebra/zebra_netns_notify.c
index 4f55be45b..98b36dd10 100644
--- a/zebra/zebra_netns_notify.c
+++ b/zebra/zebra_netns_notify.c
@@ -92,7 +92,11 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name)
 		zlog_warn("NS notify : failed to create VRF %s", name);
 		return;
 	}
+	if (zserv_privs.change(ZPRIVS_RAISE))
+		zlog_err("Can't raise privileges");
 	ret = vrf_netns_handler_create(NULL, vrf, netnspath, ns_id);
+	if (zserv_privs.change(ZPRIVS_LOWER))
+		zlog_err("Can't lower privileges");
 	if (ret != CMD_SUCCESS) {
 		zlog_warn("NS notify : failed to create NS %s", netnspath);
 		return;
author	Philippe Guibert <philippe.guibert@6wind.com>	2018-03-13 14:51:31 +0100
committer	Philippe Guibert <philippe.guibert@6wind.com>	2018-03-13 16:32:58 +0100
commit	1c9d288e496d0fc20baeadd2e792e927a6f50312 (patch)
tree	a9acfa9bbbbcd5ac53bdd4d13707081f65a358a5 /zebra/zebra_netns_notify.c
parent	Merge pull request #1806 from vivek-cumulus/evpn-ipv6-tenant-routing (diff)
download	frr-1c9d288e496d0fc20baeadd2e792e927a6f50312.tar.xz frr-1c9d288e496d0fc20baeadd2e792e927a6f50312.zip