diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c index 1c73fb9407..955ed2ab5e 100644 --- a/bgpd/bgpd.c +++ b/bgpd/bgpd.c @@ -2955,9 +2955,12 @@ bgp_create (as_t *as, const char *name, enum bgp_instance_type inst_type) bgp->as = *as; #if ENABLE_BGP_VNC - bgp->rfapi = bgp_rfapi_new(bgp); - assert(bgp->rfapi); - assert(bgp->rfapi_cfg); + if (inst_type != BGP_INSTANCE_TYPE_VRF) + { + bgp->rfapi = bgp_rfapi_new(bgp); + assert(bgp->rfapi); + assert(bgp->rfapi_cfg); + } #endif /* ENABLE_BGP_VNC */ if (name) diff --git a/bgpd/rfapi/bgp_rfapi_cfg.c b/bgpd/rfapi/bgp_rfapi_cfg.c index 5ddccc906f..4f46565900 100644 --- a/bgpd/rfapi/bgp_rfapi_cfg.c +++ b/bgpd/rfapi/bgp_rfapi_cfg.c @@ -4281,6 +4281,8 @@ bgp_rfapi_cfg_write (struct vty *vty, struct bgp *bgp) int write = 0; afi_t afi; int type; + if (bgp->rfapi == NULL || hc == NULL) + return write; vty_out (vty, "!%s", VTY_NEWLINE); for (ALL_LIST_ELEMENTS (hc->nve_groups_sequential, node, nnode, rfg)) diff --git a/debian/frr.postinst b/debian/frr.postinst index 43d3ffa9e0..9020d7bf7a 100644 --- a/debian/frr.postinst +++ b/debian/frr.postinst @@ -15,7 +15,6 @@ frrvtygid=`egrep "^frrvty:" $GROUPFILE | awk -F ":" '{ print $3 }'` chown -R ${frruid}:${frrgid} /etc/frr touch /etc/frr/vtysh.conf chgrp ${frrvtygid} /etc/frr/vtysh* -chmod 440 /etc/sudoers.d/frr_sudoers chmod 644 /etc/frr/* ENVIRONMENTFILE=/etc/environment diff --git a/tools/etc/sudoers.d/frr_sudoers b/tools/etc/sudoers.d/frr_sudoers deleted file mode 100644 index 4a42fb24f4..0000000000 --- a/tools/etc/sudoers.d/frr_sudoers +++ /dev/null @@ -1,15 +0,0 @@ -Defaults env_keep += VTYSH_PAGER - -# Allow user in group frr to run vtysh show commands -# without a password by uncommenting the "%frr" line below. - -# Subshell commands need to be disallowed, including -# preventing the user passing command line args like 'start-shell' -# Since vtysh allows minimum non-conflicting prefix'es, that means -# anything beginning with the string "st" in any arg. That's a bit -# restrictive. -# Instead, use NOEXEC, to prevent any exec'ed commands. - -Cmnd_Alias VTY_SHOW = /usr/bin/vtysh -c show * -# %frr ALL = (root) NOPASSWD:NOEXEC: VTY_SHOW -