zebra: upon associating netns with vrf, prileges are raised

In order to create the netns context, the zebra parser at startup needs
to have its privileges raised.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>

diff --git a/zebra/zebra_netns_notify.c b/zebra/zebra_netns_notify.c
index 4f55be45b699a108e3b104a0e78dcdb9d36a192c..98b36dd10f72440e25eafda1723ebb8fbc9b0258 100644 (file)
--- a/zebra/zebra_netns_notify.c
+++ b/zebra/zebra_netns_notify.c
@@ -92,7 +92,11 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name)
                zlog_warn("NS notify : failed to create VRF %s", name);
                return;
        }
+       if (zserv_privs.change(ZPRIVS_RAISE))
+               zlog_err("Can't raise privileges");
        ret = vrf_netns_handler_create(NULL, vrf, netnspath, ns_id);
+       if (zserv_privs.change(ZPRIVS_LOWER))
+               zlog_err("Can't lower privileges");
        if (ret != CMD_SUCCESS) {
                zlog_warn("NS notify : failed to create NS %s", netnspath);
                return;