Merge branch 'non_root_control' of git://github.com/camilleoudot/rtpengine

el/rtpengine.init

@@ -180,7 +180,18 @@ start() {
 	then
 		echo "Loading module for in-kernel packet forwarding"
 		rmmod xt_RTPENGINE 2> /dev/null
-		modprobe xt_RTPENGINE
+		if [[ -n "$RE_USER" ]]
+		then
+			if [[ -n "$RE_GROUP" ]]
+			then
+				proc_gid=$(grep ^$RE_GROUP: /etc/group | cut -f3 -d:)
+			else
+				proc_gid=$(id $RE_USER -g)
+			fi
+			modprobe xt_RTPENGINE proc_uid=$(id $RE_USER -u) proc_gid=$proc_gid
+		else
+			modprobe xt_RTPENGINE
+		fi
 		temp=`firewall-cmd --state 2>/dev/null`
 		if [[ $? == 0 ]]
 		then
@@ -212,7 +223,12 @@ CUR_TABLE=$TABLE
 EOF
 	fi
         echo -n $"Starting $prog: "
-        daemon --pidfile=${pidfile} $rtpengine $OPTS
+	if [[ -n "$RE_USER" ]]
+	then
+		daemon --user $RE_USER --pidfile=${pidfile} $rtpengine $OPTS
+	else
+		daemon --pidfile=${pidfile} $rtpengine $OPTS
+	fi
         RETVAL=$?
         echo
         [ $RETVAL = 0 ] && touch ${lockfile}

el/rtpengine.sysconfig

@@ -40,3 +40,7 @@ LISTEN_UDP=127.0.0.1:2222	# IP address and port combination for UDP
 #REDIS=127.0.0.1:6379
 #REDIS_DB=0
 #B2B_URL=http://127.0.0.1:8080/xmlrpc
+
+#RE_USER=rtpengine	# Run rtpengine as this specific user
+
+#RE_GROUP=rtpengine	# allow this group to control rtpengine in kernel mode

kernel-module/xt_RTPENGINE.c

@@ -82,6 +82,16 @@ struct rtp_parsed;
 struct re_crypto_context;
 
 
+kuid_t proc_kuid;
+uint proc_uid = 0;
+module_param(proc_uid, uint, 0);
+MODULE_PARM_DESC(proc_uid, "rtpengine procfs tree user id");
+
+
+kgid_t proc_kgid;
+uint proc_gid = 0;
+module_param(proc_gid, uint, 0);
+MODULE_PARM_DESC(proc_gid, "rtpengine procfs tree group id");
 
 
 static struct proc_dir_entry *my_proc_root;
@@ -396,26 +406,36 @@ static int table_create_proc(struct rtpengine_table *t, u_int32_t id) {
 	if (!t->proc)
 		return -1;
 
+	proc_set_user(t->proc, proc_kuid, proc_kgid);
+
 	t->status = proc_create_data("status", S_IFREG | S_IRUGO, t->proc, &proc_status_ops,
 		(void *) (unsigned long) id);
 	if (!t->status)
 		return -1;
 
+	proc_set_user(t->status, proc_kuid, proc_kgid);
+
 	t->control = proc_create_data("control", S_IFREG | S_IWUSR | S_IWGRP, t->proc,
 			&proc_control_ops, (void *) (unsigned long) id);
 	if (!t->control)
 		return -1;
 
+	proc_set_user(t->control, proc_kuid, proc_kgid);
+
 	t->list = proc_create_data("list", S_IFREG | S_IRUGO, t->proc,
 			&proc_list_ops, (void *) (unsigned long) id);
 	if (!t->list)
 		return -1;
 
+	proc_set_user(t->list, proc_kuid, proc_kgid);
+
 	t->blist = proc_create_data("blist", S_IFREG | S_IRUGO, t->proc,
 			&proc_blist_ops, (void *) (unsigned long) id);
 	if (!t->blist)
 		return -1;
 
+	proc_set_user(t->blist, proc_kuid, proc_kgid);
+
 	return 0;
 }
 
@@ -2539,6 +2559,9 @@ static int __init init(void) {
 	const char *err;
 
 	printk(KERN_NOTICE "Registering xt_RTPENGINE module - version %s\n", RTPENGINE_VERSION);
+	printk(KERN_DEBUG "using uid %u, gid %d\n", proc_uid, proc_gid);
+	proc_kuid = KUIDT_INIT(proc_uid);
+	proc_kgid = KGIDT_INIT(proc_gid);
 
 	rwlock_init(&table_lock);
 
@@ -2547,6 +2570,8 @@ static int __init init(void) {
 	my_proc_root = proc_mkdir("rtpengine", NULL);
 	if (!my_proc_root)
 		goto fail;
+
+	proc_set_user(my_proc_root, proc_kuid, proc_kgid);
 	/* my_proc_root->owner = THIS_MODULE; */
 
 	proc_control = proc_create("control", S_IFREG | S_IWUSR | S_IWGRP, my_proc_root,
@@ -2554,10 +2579,14 @@ static int __init init(void) {
 	if (!proc_control)
 		goto fail;
 
+	proc_set_user(proc_control, proc_kuid, proc_kgid);
+
 	proc_list = proc_create("list", S_IFREG | S_IRUGO, my_proc_root, &proc_main_list_ops);
 	if (!proc_list)
 		goto fail;
 
+	proc_set_user(proc_list, proc_kuid, proc_kgid);
+
 	err = "could not register xtables target";
 	ret = xt_register_targets(xt_rtpengine_regs, ARRAY_SIZE(xt_rtpengine_regs));
 	if (ret)