Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VNet: Make sure daemon client has adequate permissions for passed
TELEPORT_HOME
#44751VNet: Make sure daemon client has adequate permissions for passed
TELEPORT_HOME
#44751Changes from 5 commits
d5eedbb
ae5ef05
0caea36
9346c4a
1b2bb10
17ffbc0
20dde29
a3ed3d0
97275f3
eb26005
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I had to look up the
%#v
format string, I think here%+v
is probably slightly better because its prints field names without the type namesThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be cleaner to implement
String
on theClientCred
type (and then remember to wrap it inlogutils.StringerAttr
) or maybe even just implementLogValue
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LogValue
is pretty cool, TIL. It ends up being logged like this. Admittedly,slog.GroupValue
seems to look better with JSON formatters but I'll take this.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nothing prevents this from being called in parallel. Should we have a package-level mutex (or maybe just a package level atomic bool) that prevents more than one goroutine from running while we do these privilege shenanigans?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll add an atomic bool and make sure that this method returns an error if compare and swap fails. If someone runs into that error during development, they'll have to consciously think about what the behavior of this function should be, instead of simply waiting for a mutex (which could be a valid option, but I don't think we should make this decision now).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it make sense to do anything but panic if the OS prevents us from restoring the egid/euid that we had before? The whole process is basically unusable at that point right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, true. I've never had a legitimate reason to use
panic
in any program that I've written, so I was hesitant to use it. But an error is technically recoverable, while here we just shouldn't continue execution at all.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
trace.aggregate
composes really poorly with itself, I'd find some other way to keep track of the multierror before returning if we really care about that.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solved by removing
trace.NewAggregate
altogether in favor of usingpanic
.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I recommend moving this to the top of the function, before the Setegid/Seteuid calls/defers. Then we'll actually print "Temporarily dropping root privileges." before the attempt, and "Restored root privileges." after successfully doing that