RuhNetConsulting
/
rtpengine
mirror of https://github.com/sipwise/rtpengine
1
1
Fork 0
Code Issues 0 Projects 0 Releases 822 Wiki Activity
Browse Source

Merge branch 'non_root_control' of git://github.com/camilleoudot/rtpengine

pull/194/head
Richard Fuchs 10 years ago
parent
9223ed3469 6f6a70392d
commit
bfe0bdc1a6
3 changed files with 51 additions and 2 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +18
    -2
      el/rtpengine.init
  2. +4
    -0
      el/rtpengine.sysconfig
  3. +29
    -0
      kernel-module/xt_RTPENGINE.c

+ 18
- 2
el/rtpengine.init View File

@ -180,7 +180,18 @@ start() {
then then
echo "Loading module for in-kernel packet forwarding" echo "Loading module for in-kernel packet forwarding"
rmmod xt_RTPENGINE 2> /dev/null rmmod xt_RTPENGINE 2> /dev/null
modprobe xt_RTPENGINE
if [[ -n "$RE_USER" ]]
then
if [[ -n "$RE_GROUP" ]]
then
proc_gid=$(grep ^$RE_GROUP: /etc/group | cut -f3 -d:)
else
proc_gid=$(id $RE_USER -g)
fi
modprobe xt_RTPENGINE proc_uid=$(id $RE_USER -u) proc_gid=$proc_gid
else
modprobe xt_RTPENGINE
fi
temp=`firewall-cmd --state 2>/dev/null` temp=`firewall-cmd --state 2>/dev/null`
if [[ $? == 0 ]] if [[ $? == 0 ]]
then then
@ -212,7 +223,12 @@ CUR_TABLE=$TABLE
EOF EOF
fi fi
echo -n $"Starting $prog: " echo -n $"Starting $prog: "
daemon --pidfile=${pidfile} $rtpengine $OPTS
if [[ -n "$RE_USER" ]]
then
daemon --user $RE_USER --pidfile=${pidfile} $rtpengine $OPTS
else
daemon --pidfile=${pidfile} $rtpengine $OPTS
fi
RETVAL=$? RETVAL=$?
echo echo
[ $RETVAL = 0 ] && touch ${lockfile} [ $RETVAL = 0 ] && touch ${lockfile}


+ 4
- 0
el/rtpengine.sysconfig View File

@ -40,3 +40,7 @@ LISTEN_UDP=127.0.0.1:2222 # IP address and port combination for UDP
#REDIS=127.0.0.1:6379 #REDIS=127.0.0.1:6379
#REDIS_DB=0 #REDIS_DB=0
#B2B_URL=http://127.0.0.1:8080/xmlrpc #B2B_URL=http://127.0.0.1:8080/xmlrpc
#RE_USER=rtpengine # Run rtpengine as this specific user
#RE_GROUP=rtpengine # allow this group to control rtpengine in kernel mode

+ 29
- 0
kernel-module/xt_RTPENGINE.c View File

@ -82,6 +82,16 @@ struct rtp_parsed;
struct re_crypto_context; struct re_crypto_context;
kuid_t proc_kuid;
uint proc_uid = 0;
module_param(proc_uid, uint, 0);
MODULE_PARM_DESC(proc_uid, "rtpengine procfs tree user id");
kgid_t proc_kgid;
uint proc_gid = 0;
module_param(proc_gid, uint, 0);
MODULE_PARM_DESC(proc_gid, "rtpengine procfs tree group id");
static struct proc_dir_entry *my_proc_root; static struct proc_dir_entry *my_proc_root;
@ -396,26 +406,36 @@ static int table_create_proc(struct rtpengine_table *t, u_int32_t id) {
if (!t->proc) if (!t->proc)
return -1; return -1;
proc_set_user(t->proc, proc_kuid, proc_kgid);
t->status = proc_create_data("status", S_IFREG | S_IRUGO, t->proc, &proc_status_ops, t->status = proc_create_data("status", S_IFREG | S_IRUGO, t->proc, &proc_status_ops,
(void *) (unsigned long) id); (void *) (unsigned long) id);
if (!t->status) if (!t->status)
return -1; return -1;
proc_set_user(t->status, proc_kuid, proc_kgid);
t->control = proc_create_data("control", S_IFREG | S_IWUSR | S_IWGRP, t->proc, t->control = proc_create_data("control", S_IFREG | S_IWUSR | S_IWGRP, t->proc,
&proc_control_ops, (void *) (unsigned long) id); &proc_control_ops, (void *) (unsigned long) id);
if (!t->control) if (!t->control)
return -1; return -1;
proc_set_user(t->control, proc_kuid, proc_kgid);
t->list = proc_create_data("list", S_IFREG | S_IRUGO, t->proc, t->list = proc_create_data("list", S_IFREG | S_IRUGO, t->proc,
&proc_list_ops, (void *) (unsigned long) id); &proc_list_ops, (void *) (unsigned long) id);
if (!t->list) if (!t->list)
return -1; return -1;
proc_set_user(t->list, proc_kuid, proc_kgid);
t->blist = proc_create_data("blist", S_IFREG | S_IRUGO, t->proc, t->blist = proc_create_data("blist", S_IFREG | S_IRUGO, t->proc,
&proc_blist_ops, (void *) (unsigned long) id); &proc_blist_ops, (void *) (unsigned long) id);
if (!t->blist) if (!t->blist)
return -1; return -1;
proc_set_user(t->blist, proc_kuid, proc_kgid);
return 0; return 0;
} }
@ -2539,6 +2559,9 @@ static int __init init(void) {
const char *err; const char *err;
printk(KERN_NOTICE "Registering xt_RTPENGINE module - version %s\n", RTPENGINE_VERSION); printk(KERN_NOTICE "Registering xt_RTPENGINE module - version %s\n", RTPENGINE_VERSION);
printk(KERN_DEBUG "using uid %u, gid %d\n", proc_uid, proc_gid);
proc_kuid = KUIDT_INIT(proc_uid);
proc_kgid = KGIDT_INIT(proc_gid);
rwlock_init(&table_lock); rwlock_init(&table_lock);
@ -2547,6 +2570,8 @@ static int __init init(void) {
my_proc_root = proc_mkdir("rtpengine", NULL); my_proc_root = proc_mkdir("rtpengine", NULL);
if (!my_proc_root) if (!my_proc_root)
goto fail; goto fail;
proc_set_user(my_proc_root, proc_kuid, proc_kgid);
/* my_proc_root->owner = THIS_MODULE; */ /* my_proc_root->owner = THIS_MODULE; */
proc_control = proc_create("control", S_IFREG | S_IWUSR | S_IWGRP, my_proc_root, proc_control = proc_create("control", S_IFREG | S_IWUSR | S_IWGRP, my_proc_root,
@ -2554,10 +2579,14 @@ static int __init init(void) {
if (!proc_control) if (!proc_control)
goto fail; goto fail;
proc_set_user(proc_control, proc_kuid, proc_kgid);
proc_list = proc_create("list", S_IFREG | S_IRUGO, my_proc_root, &proc_main_list_ops); proc_list = proc_create("list", S_IFREG | S_IRUGO, my_proc_root, &proc_main_list_ops);
if (!proc_list) if (!proc_list)
goto fail; goto fail;
proc_set_user(proc_list, proc_kuid, proc_kgid);
err = "could not register xtables target"; err = "could not register xtables target";
ret = xt_register_targets(xt_rtpengine_regs, ARRAY_SIZE(xt_rtpengine_regs)); ret = xt_register_targets(xt_rtpengine_regs, ARRAY_SIZE(xt_rtpengine_regs));
if (ret) if (ret)


Write Preview
Loading…
Cancel
Save