*: frr_elevate_privs -> frr_with_privs

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
2025-08-14 14:17:20 +00:00 · 2019-08-13 15:47:23 +02:00 · 2019-08-13 15:47:23 +02:00 · 0cf6db21ec
commit 0cf6db21ec
parent ba28659f1c
41 changed files with 96 additions and 103 deletions
--- a/.clang-format
+++ b/.clang-format
@ -29,7 +29,7 @@ ForEachMacros:
  - frr_each_safe
  - frr_each_from
  - frr_with_mutex
-  - frr_elevate_privs
+  - frr_with_privs
  - LIST_FOREACH
  - LIST_FOREACH_SAFE
  - SLIST_FOREACH
--- a/bfdd/bfd_packet.c
+++ b/bfdd/bfd_packet.c
@ -894,7 +894,7 @@ int bp_udp_shop(vrf_id_t vrf_id)
 {
 	int sd;
-	frr_elevate_privs(&bglobal.bfdd_privs) {
+	frr_with_privs(&bglobal.bfdd_privs) {
 		sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
 	}
 	if (sd == -1)
@ -909,7 +909,7 @@ int bp_udp_mhop(vrf_id_t vrf_id)
 {
 	int sd;
-	frr_elevate_privs(&bglobal.bfdd_privs) {
+	frr_with_privs(&bglobal.bfdd_privs) {
 		sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
 	}
 	if (sd == -1)
@ -934,7 +934,7 @@ int bp_peer_socket(const struct bfd_session *bs)
 	    && bs->key.vrfname[0])
 		device_to_bind = (const char *)bs->key.vrfname;
-	frr_elevate_privs(&bglobal.bfdd_privs) {
+	frr_with_privs(&bglobal.bfdd_privs) {
 		sd = vrf_socket(AF_INET, SOCK_DGRAM, PF_UNSPEC,
 				bs->vrf->vrf_id, device_to_bind);
 	}
@ -1001,7 +1001,7 @@ int bp_peer_socketv6(const struct bfd_session *bs)
 	    && bs->key.vrfname[0])
 		device_to_bind = (const char *)bs->key.vrfname;
-	frr_elevate_privs(&bglobal.bfdd_privs) {
+	frr_with_privs(&bglobal.bfdd_privs) {
 		sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC,
 				bs->vrf->vrf_id, device_to_bind);
 	}
@ -1121,7 +1121,7 @@ int bp_udp6_shop(vrf_id_t vrf_id)
 {
 	int sd;
-	frr_elevate_privs(&bglobal.bfdd_privs) {
+	frr_with_privs(&bglobal.bfdd_privs) {
 		sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
 	}
 	if (sd == -1)
@ -1137,7 +1137,7 @@ int bp_udp6_mhop(vrf_id_t vrf_id)
 {
 	int sd;
-	frr_elevate_privs(&bglobal.bfdd_privs) {
+	frr_with_privs(&bglobal.bfdd_privs) {
 		sd = vrf_socket(AF_INET6, SOCK_DGRAM, PF_UNSPEC, vrf_id, NULL);
 	}
 	if (sd == -1)
@ -1153,7 +1153,7 @@ int bp_echo_socket(vrf_id_t vrf_id)
 {
 	int s;
-	frr_elevate_privs(&bglobal.bfdd_privs) {
+	frr_with_privs(&bglobal.bfdd_privs) {
 		s = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL);
 	}
 	if (s == -1)
@ -1169,7 +1169,7 @@ int bp_echov6_socket(vrf_id_t vrf_id)
 {
 	int s;
-	frr_elevate_privs(&bglobal.bfdd_privs) {
+	frr_with_privs(&bglobal.bfdd_privs) {
 		s = vrf_socket(AF_INET6, SOCK_DGRAM, 0, vrf_id, NULL);
 	}
 	if (s == -1)
--- a/bgpd/bgp_network.c
+++ b/bgpd/bgp_network.c
@ -122,7 +122,7 @@ static int bgp_md5_set_connect(int socket, union sockunion *su,
 	int ret = -1;
 #if HAVE_DECL_TCP_MD5SIG
-	frr_elevate_privs(&bgpd_privs) {
+	frr_with_privs(&bgpd_privs) {
 		ret = bgp_md5_set_socket(socket, su, prefixlen, password);
 	}
 #endif /* HAVE_TCP_MD5SIG */
@ -140,8 +140,7 @@ static int bgp_md5_set_password(struct peer *peer, const char *password)
 	 * Set or unset the password on the listen socket(s). Outbound
 	 * connections are taken care of in bgp_connect() below.
 	 */
-	frr_elevate_privs(&bgpd_privs)
+	frr_with_privs(&bgpd_privs) {
 	{
 		for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
 			if (listener->su.sa.sa_family
 			    == peer->su.sa.sa_family) {
@ -167,8 +166,7 @@ int bgp_md5_set_prefix(struct prefix *p, const char *password)
 	struct bgp_listener *listener;
 	/* Set or unset the password on the listen socket(s). */
-	frr_elevate_privs(&bgpd_privs)
+	frr_with_privs(&bgpd_privs) {
 	{
 		for (ALL_LIST_ELEMENTS_RO(bm->listen_sockets, node, listener))
 			if (listener->su.sa.sa_family == p->family) {
 				prefix2sockunion(p, &su);
@ -610,7 +608,7 @@ int bgp_connect(struct peer *peer)
 		zlog_debug("Peer address not learnt: Returning from connect");
 		return 0;
 	}
-	frr_elevate_privs(&bgpd_privs) {
+	frr_with_privs(&bgpd_privs) {
 	/* Make socket for the peer. */
 		peer->fd = vrf_sockunion_socket(&peer->su, peer->bgp->vrf_id,
 						bgp_get_bound_name(peer));
@ -630,7 +628,7 @@ int bgp_connect(struct peer *peer)
 	sockopt_reuseport(peer->fd);
 #ifdef IPTOS_PREC_INTERNETCONTROL
-	frr_elevate_privs(&bgpd_privs) {
+	frr_with_privs(&bgpd_privs) {
 		if (sockunion_family(&peer->su) == AF_INET)
 			setsockopt_ipv4_tos(peer->fd,
 					    IPTOS_PREC_INTERNETCONTROL);
@ -708,7 +706,7 @@ static int bgp_listener(int sock, struct sockaddr *sa, socklen_t salen,
 	sockopt_reuseaddr(sock);
 	sockopt_reuseport(sock);
-	frr_elevate_privs(&bgpd_privs) {
+	frr_with_privs(&bgpd_privs) {
 #ifdef IPTOS_PREC_INTERNETCONTROL
 		if (sa->sa_family == AF_INET)
@ -767,7 +765,7 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
 	snprintf(port_str, sizeof(port_str), "%d", port);
 	port_str[sizeof(port_str) - 1] = '\0';
-	frr_elevate_privs(&bgpd_privs) {
+	frr_with_privs(&bgpd_privs) {
 		ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
 				      bgp->vrf_id);
 	}
@ -788,7 +786,7 @@ int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
 		if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
 			continue;
-		frr_elevate_privs(&bgpd_privs) {
+		frr_with_privs(&bgpd_privs) {
 			sock = vrf_socket(ainfo->ai_family,
 					  ainfo->ai_socktype,
 					  ainfo->ai_protocol, bgp->vrf_id,
--- a/eigrpd/eigrp_network.c
+++ b/eigrpd/eigrp_network.c
@ -61,7 +61,7 @@ int eigrp_sock_init(struct vrf *vrf)
 	int hincl = 1;
 #endif
-	frr_elevate_privs(&eigrpd_privs) {
+	frr_with_privs(&eigrpd_privs) {
 		eigrp_sock = vrf_socket(
 			AF_INET, SOCK_RAW, IPPROTO_EIGRPIGP, vrf->vrf_id,
 			vrf->vrf_id != VRF_DEFAULT ? vrf->name : NULL);
--- a/isisd/isis_bpf.c
+++ b/isisd/isis_bpf.c
@ -187,7 +187,7 @@ int isis_sock_init(struct isis_circuit *circuit)
 {
 	int retval = ISIS_OK;
-	frr_elevate_privs(&isisd_privs) {
+	frr_with_privs(&isisd_privs) {
 		retval = open_bpf_dev(circuit);
--- a/isisd/isis_dlpi.c
+++ b/isisd/isis_dlpi.c
@ -467,7 +467,7 @@ int isis_sock_init(struct isis_circuit *circuit)
 {
 	int retval = ISIS_OK;
-	frr_elevate_privs(&isisd_privs) {
+	frr_with_privs(&isisd_privs) {
 		retval = open_dlpi_dev(circuit);
--- a/isisd/isis_pfpacket.c
+++ b/isisd/isis_pfpacket.c
@ -183,7 +183,7 @@ int isis_sock_init(struct isis_circuit *circuit)
 {
 	int retval = ISIS_OK;
-	frr_elevate_privs(&isisd_privs) {
+	frr_with_privs(&isisd_privs) {
 		retval = open_packet_socket(circuit);
--- a/ldpd/socket.c
+++ b/ldpd/socket.c
@ -79,7 +79,7 @@ ldp_create_socket(int af, enum socket_type type)
 		sock_set_bindany(fd, 1);
 		break;
 	}
-	frr_elevate_privs(&ldpd_privs) {
+	frr_with_privs(&ldpd_privs) {
 		if (sock_set_reuse(fd, 1) == -1) {
 			close(fd);
 			return (-1);
@ -254,7 +254,7 @@ int
 sock_set_bindany(int fd, int enable)
 {
 #ifdef HAVE_SO_BINDANY
-	frr_elevate_privs(&ldpd_privs) {
+	frr_with_privs(&ldpd_privs) {
 		if (setsockopt(fd, SOL_SOCKET, SO_BINDANY, &enable,
 			       sizeof(int)) < 0) {
 			log_warn("%s: error setting SO_BINDANY", __func__);
@ -269,7 +269,7 @@ sock_set_bindany(int fd, int enable)
 	}
 	return (0);
 #elif defined(IP_BINDANY)
-	frr_elevate_privs(&ldpd_privs) {
+	frr_with_privs(&ldpd_privs) {
 		if (setsockopt(fd, IPPROTO_IP, IP_BINDANY, &enable, sizeof(int))
 		    < 0) {
 			log_warn("%s: error setting IP_BINDANY", __func__);
@ -304,7 +304,7 @@ sock_set_md5sig(int fd, int af, union ldpd_addr *addr, const char *password)
 #if HAVE_DECL_TCP_MD5SIG
 	addr2sa(af, addr, 0, &su);
-	frr_elevate_privs(&ldpe_privs) {
+	frr_with_privs(&ldpe_privs) {
 		ret = sockopt_tcp_signature(fd, &su, password);
 		save_errno = errno;
 	}
--- a/lib/privs.h
+++ b/lib/privs.h
@ -109,16 +109,16 @@ extern void zprivs_get_ids(struct zprivs_ids_t *);
 /*
 * Wrapper around zprivs, to be used as:
- *   frr_elevate_privs(&privs) {
+ *   frr_with_privs(&privs) {
 *     ... code ...
 *     if (error)
 *       break;         -- break can be used to get out of the block
 *     ... code ...
 *   }
 *
- * The argument to frr_elevate_privs() can be NULL to leave privileges as-is
+ * The argument to frr_with_privs() can be NULL to leave privileges as-is
 * (mostly useful for conditional privilege-raising, i.e.:)
- *   frr_elevate_privs(cond ? &privs : NULL) {}
+ *   frr_with_privs(cond ? &privs : NULL) {}
 *
 * NB: The code block is always executed, regardless of whether privileges
 * could be raised or not, or whether NULL was given or not.  This is fully
@ -138,7 +138,7 @@ extern struct zebra_privs_t *_zprivs_raise(struct zebra_privs_t *privs,
 					   const char *funcname);
 extern void _zprivs_lower(struct zebra_privs_t **privs);
-#define frr_elevate_privs(privs)                                               \
+#define frr_with_privs(privs)                                               \
 	for (struct zebra_privs_t *_once = NULL,                               \
 				  *_privs __attribute__(                       \
 					  (unused, cleanup(_zprivs_lower))) =  \
--- a/lib/vrf.c
+++ b/lib/vrf.c
@ -755,7 +755,7 @@ DEFUN_NOSH (vrf_netns,
 	if (!pathname)
 		return CMD_WARNING_CONFIG_FAILED;
-	frr_elevate_privs(vrf_daemon_privs) {
+	frr_with_privs(vrf_daemon_privs) {
 		ret = vrf_netns_handler_create(vty, vrf, pathname,
 					       NS_UNKNOWN, NS_UNKNOWN);
 	}
--- a/ospf6d/ospf6_network.c
+++ b/ospf6d/ospf6_network.c
@ -85,7 +85,7 @@ void ospf6_serv_close(void)
 /* Make ospf6d's server socket. */
 int ospf6_serv_sock(void)
 {
-	frr_elevate_privs(&ospf6d_privs) {
+	frr_with_privs(&ospf6d_privs) {
 		ospf6_sock = socket(AF_INET6, SOCK_RAW, IPPROTO_OSPFIGP);
 		if (ospf6_sock < 0) {
--- a/ospfd/ospf_network.c
+++ b/ospfd/ospf_network.c
@ -190,7 +190,7 @@ int ospf_sock_init(struct ospf *ospf)
 		/* silently return since VRF is not ready */
 		return -1;
 	}
-	frr_elevate_privs(&ospfd_privs) {
+	frr_with_privs(&ospfd_privs) {
 		ospf_sock = vrf_socket(AF_INET, SOCK_RAW, IPPROTO_OSPFIGP,
 				       ospf->vrf_id, ospf->name);
 		if (ospf_sock < 0) {
--- a/ospfd/ospfd.c
+++ b/ospfd/ospfd.c
@ -2097,7 +2097,7 @@ static int ospf_vrf_enable(struct vrf *vrf)
 				old_vrf_id);
 		if (old_vrf_id != ospf->vrf_id) {
-			frr_elevate_privs(&ospfd_privs) {
+			frr_with_privs(&ospfd_privs) {
 				/* stop zebra redist to us for old vrf */
 				zclient_send_dereg_requests(zclient,
 							    old_vrf_id);
--- a/pimd/pim_mroute.c
+++ b/pimd/pim_mroute.c
@ -57,7 +57,7 @@ static int pim_mroute_set(struct pim_instance *pim, int enable)
 	 * We need to create the VRF table for the pim mroute_socket
 	 */
 	if (pim->vrf_id != VRF_DEFAULT) {
-		frr_elevate_privs(&pimd_privs) {
+		frr_with_privs(&pimd_privs) {
 			data = pim->vrf->data.l.table_id;
 			err = setsockopt(pim->mroute_socket, IPPROTO_IP,
@ -75,7 +75,7 @@ static int pim_mroute_set(struct pim_instance *pim, int enable)
 		}
 	}
-	frr_elevate_privs(&pimd_privs) {
+	frr_with_privs(&pimd_privs) {
 		opt = enable ? MRT_INIT : MRT_DONE;
 		/*
 		 * *BSD *cares* about what value we pass down
@ -735,7 +735,7 @@ int pim_mroute_socket_enable(struct pim_instance *pim)
 {
 	int fd;
-	frr_elevate_privs(&pimd_privs) {
+	frr_with_privs(&pimd_privs) {
 		fd = socket(AF_INET, SOCK_RAW, IPPROTO_IGMP);
--- a/pimd/pim_msdp_socket.c
+++ b/pimd/pim_msdp_socket.c
@ -175,7 +175,7 @@ int pim_msdp_sock_listen(struct pim_instance *pim)
 		}
 	}
-	frr_elevate_privs(&pimd_privs) {
+	frr_with_privs(&pimd_privs) {
 		/* bind to well known TCP port */
 		rc = bind(sock, (struct sockaddr *)&sin, socklen);
 	}
--- a/pimd/pim_sock.c
+++ b/pimd/pim_sock.c
@ -46,7 +46,7 @@ int pim_socket_raw(int protocol)
 {
 	int fd;
-	frr_elevate_privs(&pimd_privs) {
+	frr_with_privs(&pimd_privs) {
 		fd = socket(AF_INET, SOCK_RAW, protocol);
@ -65,7 +65,7 @@ void pim_socket_ip_hdr(int fd)
 {
 	const int on = 1;
-	frr_elevate_privs(&pimd_privs) {
+	frr_with_privs(&pimd_privs) {
 		if (setsockopt(fd, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on)))
 			zlog_err("%s: Could not turn on IP_HDRINCL option: %s",
@ -83,7 +83,7 @@ int pim_socket_bind(int fd, struct interface *ifp)
 	int ret = 0;
 #ifdef SO_BINDTODEVICE
-	frr_elevate_privs(&pimd_privs) {
+	frr_with_privs(&pimd_privs) {
 		ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, ifp->name,
 				 strlen(ifp->name));
--- a/ripd/ripd.c
+++ b/ripd/ripd.c
@ -1395,7 +1395,7 @@ int rip_create_socket(struct vrf *vrf)
 	/* Make datagram socket. */
 	if (vrf->vrf_id != VRF_DEFAULT)
 		vrf_dev = vrf->name;
-	frr_elevate_privs(&ripd_privs) {
+	frr_with_privs(&ripd_privs) {
 		sock = vrf_socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP, vrf->vrf_id,
 				  vrf_dev);
 		if (sock < 0) {
@ -1415,7 +1415,7 @@ int rip_create_socket(struct vrf *vrf)
 #endif
 	setsockopt_so_recvbuf(sock, RIP_UDP_RCV_BUF);
-	frr_elevate_privs(&ripd_privs) {
+	frr_with_privs(&ripd_privs) {
 		if ((ret = bind(sock, (struct sockaddr *)&addr, sizeof(addr)))
 		    < 0) {
 			zlog_err("%s: Can't bind socket %d to %s port %d: %s",
--- a/ripngd/ripng_interface.c
+++ b/ripngd/ripng_interface.c
@ -75,7 +75,7 @@ static int ripng_multicast_join(struct interface *ifp, int sock)
 		 * While this is bogus, privs are available and easy to use
 		 * for this call as a workaround.
 		 */
-		frr_elevate_privs(&ripngd_privs) {
+		frr_with_privs(&ripngd_privs) {
 			ret = setsockopt(sock, IPPROTO_IPV6, IPV6_JOIN_GROUP,
 					 (char *)&mreq, sizeof(mreq));
--- a/ripngd/ripngd.c
+++ b/ripngd/ripngd.c
@ -120,8 +120,7 @@ int ripng_make_socket(struct vrf *vrf)
 	/* Make datagram socket. */
 	if (vrf->vrf_id != VRF_DEFAULT)
 		vrf_dev = vrf->name;
-	frr_elevate_privs(&ripngd_privs)
+	frr_with_privs(&ripngd_privs) {
 	{
 		sock = vrf_socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP,
 				  vrf->vrf_id, vrf_dev);
 		if (sock < 0) {
@ -160,7 +159,7 @@ int ripng_make_socket(struct vrf *vrf)
 #endif /* SIN6_LEN */
 	ripaddr.sin6_port = htons(RIPNG_PORT_DEFAULT);
-	frr_elevate_privs(&ripngd_privs) {
+	frr_with_privs(&ripngd_privs) {
 		ret = bind(sock, (struct sockaddr *)&ripaddr, sizeof(ripaddr));
 		if (ret < 0) {
 			zlog_err("Can't bind ripng socket: %s.",
--- a/tests/lib/test_privs.c
+++ b/tests/lib/test_privs.c
@ -113,7 +113,7 @@ int main(int argc, char **argv)
 	((test_privs.current_state() == ZPRIVS_RAISED) ? "Raised" : "Lowered")
 	printf("%s\n", PRIV_STATE());
-	frr_elevate_privs(&test_privs) {
+	frr_with_privs(&test_privs) {
 		printf("%s\n", PRIV_STATE());
 	}
@ -125,7 +125,7 @@ int main(int argc, char **argv)
 	/* but these should continue to work... */
 	printf("%s\n", PRIV_STATE());
-	frr_elevate_privs(&test_privs) {
+	frr_with_privs(&test_privs) {
 		printf("%s\n", PRIV_STATE());
 	}
--- a/tools/coccinelle/zprivs.cocci
+++ b/tools/coccinelle/zprivs.cocci
@ -2,12 +2,12 @@
 identifier change;
 identifier end;
 expression E, f, g;
-iterator name frr_elevate_privs;
+iterator name frr_with_privs;
@@
 - if (E.change(ZPRIVS_RAISE))
 -   f;
-+ frr_elevate_privs(&E) {
+ frr_with_privs(&E) {
  <+...
 -   goto end;
 +   break;
@ -20,7 +20,7 @@ iterator name frr_elevate_privs;
@@
 identifier change, errno, safe_strerror, exit;
 expression E, f1, f2, f3, ret, fn;
-iterator name frr_elevate_privs;
+iterator name frr_with_privs;
@@
  if (E.change(ZPRIVS_RAISE))
@ -44,7 +44,7 @@ iterator name frr_elevate_privs;
@@
 identifier change;
 expression E, f1, f2, f3, ret;
-iterator name frr_elevate_privs;
+iterator name frr_with_privs;
@@
  if (E.change(ZPRIVS_RAISE))
@ -64,12 +64,12 @@ iterator name frr_elevate_privs;
@@
 identifier change;
 expression E, f, g;
-iterator name frr_elevate_privs;
+iterator name frr_with_privs;
@@
 - if (E.change(ZPRIVS_RAISE))
 -   f;
-+ frr_elevate_privs(&E) {
+ frr_with_privs(&E) {
  ...
 - if (E.change(ZPRIVS_LOWER))
 -   g;
--- a/vrrpd/vrrp.c
+++ b/vrrpd/vrrp.c
@ -1065,8 +1065,7 @@ static int vrrp_socket(struct vrrp_router *r)
 	int ret;
 	bool failed = false;
-	frr_elevate_privs(&vrrp_privs)
+	frr_with_privs(&vrrp_privs) {
 	{
 		r->sock_rx = socket(r->family, SOCK_RAW, IPPROTO_VRRP);
 		r->sock_tx = socket(r->family, SOCK_RAW, IPPROTO_VRRP);
 	}
@ -1102,8 +1101,7 @@ static int vrrp_socket(struct vrrp_router *r)
 		setsockopt_ipv4_multicast_loop(r->sock_tx, 0);
 		/* Bind Rx socket to exact interface */
-		frr_elevate_privs(&vrrp_privs)
+		frr_with_privs(&vrrp_privs) {
 		{
 			ret = setsockopt(r->sock_rx, SOL_SOCKET,
 					 SO_BINDTODEVICE, r->vr->ifp->name,
 					 strlen(r->vr->ifp->name));
@ -1213,8 +1211,7 @@ static int vrrp_socket(struct vrrp_router *r)
 		setsockopt_ipv6_multicast_loop(r->sock_tx, 0);
 		/* Bind Rx socket to exact interface */
-		frr_elevate_privs(&vrrp_privs)
+		frr_with_privs(&vrrp_privs) {
 		{
 			ret = setsockopt(r->sock_rx, SOL_SOCKET,
 					 SO_BINDTODEVICE, r->vr->ifp->name,
 					 strlen(r->vr->ifp->name));
--- a/vrrpd/vrrp_arp.c
+++ b/vrrpd/vrrp_arp.c
@ -188,7 +188,7 @@ void vrrp_garp_init(void)
 	/* Create the socket descriptor */
 	/* FIXME: why ETH_P_RARP? */
 	errno = 0;
-	frr_elevate_privs(&vrrp_privs) {
+	frr_with_privs(&vrrp_privs) {
 		garp_fd = socket(PF_PACKET, SOCK_RAW | SOCK_CLOEXEC,
 				 htons(ETH_P_RARP));
 	}
--- a/vrrpd/vrrp_ndisc.c
+++ b/vrrpd/vrrp_ndisc.c
@ -214,8 +214,7 @@ int vrrp_ndisc_una_send_all(struct vrrp_router *r)
 void vrrp_ndisc_init(void)
 {
-	frr_elevate_privs(&vrrp_privs)
+	frr_with_privs(&vrrp_privs) {
 	{
 		ndisc_fd = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_IPV6));
 	}
--- a/zebra/if_ioctl_solaris.c
+++ b/zebra/if_ioctl_solaris.c
@ -60,7 +60,7 @@ static int interface_list_ioctl(int af)
 	size_t needed, lastneeded = 0;
 	char *buf = NULL;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = socket(af, SOCK_DGRAM, 0);
 	}
@ -72,7 +72,7 @@ static int interface_list_ioctl(int af)
 	}
 calculate_lifc_len:
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		lifn.lifn_family = af;
 		lifn.lifn_flags = LIFC_NOXMIT;
 		/* we want NOXMIT interfaces too */
@ -107,7 +107,7 @@ calculate_lifc_len:
 	lifconf.lifc_len = needed;
 	lifconf.lifc_buf = buf;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		ret = ioctl(sock, SIOCGLIFCONF, &lifconf);
 	}
--- a/zebra/if_netlink.c
+++ b/zebra/if_netlink.c
@ -385,7 +385,7 @@ static int get_iflink_speed(struct interface *interface)
 	ifdata.ifr_data = (caddr_t)&ecmd;
 	/* use ioctl to get IP address of an interface */
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sd = vrf_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP,
 				interface->vrf_id,
 				NULL);
--- a/zebra/ioctl.c
+++ b/zebra/ioctl.c
@ -57,7 +57,7 @@ int if_ioctl(unsigned long request, caddr_t buffer)
 	int ret;
 	int err = 0;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = socket(AF_INET, SOCK_DGRAM, 0);
 		if (sock < 0) {
 			zlog_err("Cannot create UDP socket: %s",
@ -83,7 +83,7 @@ int vrf_if_ioctl(unsigned long request, caddr_t buffer, vrf_id_t vrf_id)
 	int ret;
 	int err = 0;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL);
 		if (sock < 0) {
 			zlog_err("Cannot create UDP socket: %s",
@ -110,7 +110,7 @@ static int if_ioctl_ipv6(unsigned long request, caddr_t buffer)
 	int ret;
 	int err = 0;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = socket(AF_INET6, SOCK_DGRAM, 0);
 		if (sock < 0) {
 			zlog_err("Cannot create IPv6 datagram socket: %s",
--- a/zebra/ioctl_solaris.c
+++ b/zebra/ioctl_solaris.c
@ -66,7 +66,7 @@ int if_ioctl(unsigned long request, caddr_t buffer)
 	int ret;
 	int err;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = socket(AF_INET, SOCK_DGRAM, 0);
 		if (sock < 0) {
@ -96,7 +96,7 @@ int if_ioctl_ipv6(unsigned long request, caddr_t buffer)
 	int ret;
 	int err;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = socket(AF_INET6, SOCK_DGRAM, 0);
 		if (sock < 0) {
--- a/zebra/ipforward_proc.c
+++ b/zebra/ipforward_proc.c
@ -76,7 +76,7 @@ int ipforward_on(void)
 {
 	FILE *fp;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		fp = fopen(proc_ipv4_forwarding, "w");
@ -97,7 +97,7 @@ int ipforward_off(void)
 {
 	FILE *fp;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		fp = fopen(proc_ipv4_forwarding, "w");
@ -143,7 +143,7 @@ int ipforward_ipv6_on(void)
 {
 	FILE *fp;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		fp = fopen(proc_ipv6_forwarding, "w");
@ -165,7 +165,7 @@ int ipforward_ipv6_off(void)
 {
 	FILE *fp;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		fp = fopen(proc_ipv6_forwarding, "w");
--- a/zebra/ipforward_solaris.c
+++ b/zebra/ipforward_solaris.c
@ -83,7 +83,7 @@ static int solaris_nd(const int cmd, const char *parameter, const int value)
 	strioctl.ic_len = ND_BUFFER_SIZE;
 	strioctl.ic_dp = nd_buf;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		if ((fd = open(device, O_RDWR)) < 0) {
 			flog_err_sys(EC_LIB_SYSTEM_CALL,
 				     "failed to open device %s - %s", device,
--- a/zebra/ipforward_sysctl.c
+++ b/zebra/ipforward_sysctl.c
@ -56,7 +56,7 @@ int ipforward_on(void)
 	int ipforwarding = 1;
 	len = sizeof ipforwarding;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) {
 			flog_err_sys(EC_LIB_SYSTEM_CALL,
 				     "Can't set ipforwarding on");
@ -72,7 +72,7 @@ int ipforward_off(void)
 	int ipforwarding = 0;
 	len = sizeof ipforwarding;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		if (sysctl(mib, MIB_SIZ, NULL, NULL, &ipforwarding, len) < 0) {
 			flog_err_sys(EC_LIB_SYSTEM_CALL,
 				     "Can't set ipforwarding on");
@ -97,7 +97,7 @@ int ipforward_ipv6(void)
 	int ip6forwarding = 0;
 	len = sizeof ip6forwarding;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		if (sysctl(mib_ipv6, MIB_SIZ, &ip6forwarding, &len, 0, 0) < 0) {
 			flog_err_sys(EC_LIB_SYSTEM_CALL,
 				     "can't get ip6forwarding value");
@ -113,7 +113,7 @@ int ipforward_ipv6_on(void)
 	int ip6forwarding = 1;
 	len = sizeof ip6forwarding;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len)
 		    < 0) {
 			flog_err_sys(EC_LIB_SYSTEM_CALL,
@ -130,7 +130,7 @@ int ipforward_ipv6_off(void)
 	int ip6forwarding = 0;
 	len = sizeof ip6forwarding;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		if (sysctl(mib_ipv6, MIB_SIZ, NULL, NULL, &ip6forwarding, len)
 		    < 0) {
 			flog_err_sys(EC_LIB_SYSTEM_CALL,
--- a/zebra/irdp_main.c
+++ b/zebra/irdp_main.c
@ -82,7 +82,7 @@ int irdp_sock_init(void)
 	int save_errno;
 	int sock;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
 		save_errno = errno;
--- a/zebra/kernel_netlink.c
+++ b/zebra/kernel_netlink.c
@ -183,7 +183,7 @@ static int netlink_recvbuf(struct nlsock *nl, uint32_t newsize)
 	}
 	/* Try force option (linux >= 2.6.14) and fall back to normal set */
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		ret = setsockopt(nl->sock, SOL_SOCKET, SO_RCVBUFFORCE,
 				 &nl_rcvbufsize,
 				 sizeof(nl_rcvbufsize));
@ -220,7 +220,7 @@ static int netlink_socket(struct nlsock *nl, unsigned long groups,
 	int sock;
 	int namelen;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = ns_socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE, ns_id);
 		if (sock < 0) {
 			zlog_err("Can't open %s socket: %s", nl->name,
@ -352,7 +352,7 @@ static void netlink_write_incoming(const char *buf, const unsigned int size,
 	FILE *f;
 	snprintf(fname, MAXPATHLEN, "%s/%s_%u", frr_vtydir, "netlink", counter);
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		f = fopen(fname, "w");
 	}
 	if (f) {
@ -373,7 +373,7 @@ static long netlink_read_file(char *buf, const char *fname)
 	FILE *f;
 	long file_bytes = -1;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		f = fopen(fname, "r");
 	}
 	if (f) {
@ -989,7 +989,7 @@ int netlink_talk_info(int (*filter)(struct nlmsghdr *, ns_id_t, int startup),
 			n->nlmsg_flags);
 	/* Send message to netlink interface. */
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		status = sendmsg(nl->sock, &msg, 0);
 		save_errno = errno;
 	}
@ -1056,7 +1056,7 @@ int netlink_request(struct nlsock *nl, struct nlmsghdr *n)
 	snl.nl_family = AF_NETLINK;
 	/* Raise capabilities and send message, then lower capabilities. */
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		ret = sendto(nl->sock, (void *)n, n->nlmsg_len, 0,
 			     (struct sockaddr *)&snl, sizeof snl);
 	}
--- a/zebra/kernel_socket.c
+++ b/zebra/kernel_socket.c
@ -1426,7 +1426,7 @@ static int kernel_read(struct thread *thread)
 /* Make routing socket. */
 static void routing_socket(struct zebra_ns *zns)
 {
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		routing_sock = ns_socket(AF_ROUTE, SOCK_RAW, 0, zns->ns_id);
 		dplane_routing_sock =
--- a/zebra/rt_socket.c
+++ b/zebra/rt_socket.c
@ -314,7 +314,7 @@ enum zebra_dplane_result kernel_route_update(struct zebra_dplane_ctx *ctx)
 	type = dplane_ctx_get_type(ctx);
 	old_type = dplane_ctx_get_old_type(ctx);
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		if (dplane_ctx_get_op(ctx) == DPLANE_OP_ROUTE_DELETE) {
 			if (!RSYSTEM_ROUTE(type))
--- a/zebra/rtadv.c
+++ b/zebra/rtadv.c
@ -760,7 +760,7 @@ static int rtadv_make_socket(ns_id_t ns_id)
 	int ret = 0;
 	struct icmp6_filter filter;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		sock = ns_socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6, ns_id);
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@ -2507,7 +2507,7 @@ static void zserv_write_incoming(struct stream *orig, uint16_t command)
 	snprintf(fname, MAXPATHLEN, "%s/%u", frr_vtydir, command);
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		fd = open(fname, O_CREAT | O_WRONLY | O_EXCL, 0644);
 	}
 	stream_flush(copy, fd);
--- a/zebra/zebra_mpls_openbsd.c
+++ b/zebra/zebra_mpls_openbsd.c
@ -119,7 +119,7 @@ static int kernel_send_rtmsg_v4(int action, mpls_label_t in_label,
 			hdr.rtm_mpls = MPLS_OP_SWAP;
 	}
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		ret = writev(kr_state.fd, iov, iovcnt);
 	}
@ -226,7 +226,7 @@ static int kernel_send_rtmsg_v6(int action, mpls_label_t in_label,
 			hdr.rtm_mpls = MPLS_OP_SWAP;
 	}
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		ret = writev(kr_state.fd, iov, iovcnt);
 	}
--- a/zebra/zebra_netns_notify.c
+++ b/zebra/zebra_netns_notify.c
@ -77,7 +77,7 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name)
 	if (netnspath == NULL)
 		return;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		ns_id = zebra_ns_id_get(netnspath);
 	}
 	if (ns_id == NS_UNKNOWN)
@ -97,7 +97,7 @@ static void zebra_ns_notify_create_context_from_entry_name(const char *name)
 		ns_map_nsid_with_external(ns_id, false);
 		return;
 	}
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		ret = vrf_netns_handler_create(NULL, vrf, netnspath,
 					       ns_id_external, ns_id);
 	}
@ -202,14 +202,14 @@ static int zebra_ns_ready_read(struct thread *t)
 	netnspath = zns_info->netnspath;
 	if (--zns_info->retries == 0)
 		stop_retry = 1;
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		err = ns_switch_to_netns(netnspath);
 	}
 	if (err < 0)
 		return zebra_ns_continue_read(zns_info, stop_retry);
 	/* go back to default ns */
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		err = ns_switchback_to_initial();
 	}
 	if (err < 0)
--- a/zebra/zebra_ns.c
+++ b/zebra/zebra_ns.c
@ -180,7 +180,7 @@ int zebra_ns_init(const char *optional_default_name)
 	dzns = zebra_ns_alloc();
-	frr_elevate_privs(&zserv_privs) {
+	frr_with_privs(&zserv_privs) {
 		ns_id = zebra_ns_id_get_default();
 	}
 	ns_id_external = ns_map_nsid_with_external(ns_id, true);
--- a/zebra/zserv.c
+++ b/zebra/zserv.c
@ -782,7 +782,7 @@ void zserv_start(char *path)
 	setsockopt_so_recvbuf(zsock, 1048576);
 	setsockopt_so_sendbuf(zsock, 1048576);
-	frr_elevate_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) {
+	frr_with_privs((sa.ss_family != AF_UNIX) ? &zserv_privs : NULL) {
 		ret = bind(zsock, (struct sockaddr *)&sa, sa_len);
 	}
 	if (ret < 0) {