From e65706148258666e74c67be6aecac301049901f1 Mon Sep 17 00:00:00 2001
From: Brian Picciano <me@mediocregopher.com>
Date: Tue, 16 Jul 2024 17:30:36 +0200
Subject: [PATCH] Set permission bits on unix socket, so it's group
 read/writable

---
 go/cmd/entrypoint/daemon.go      | 4 ++++
 go/cmd/entrypoint/daemon_util.go | 9 ++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/go/cmd/entrypoint/daemon.go b/go/cmd/entrypoint/daemon.go
index f924fec..e72ab56 100644
--- a/go/cmd/entrypoint/daemon.go
+++ b/go/cmd/entrypoint/daemon.go
@@ -49,6 +49,10 @@ var subCmdDaemon = subCmd{
 
 		logger := subCmdCtx.logger.WithMaxLevel(logLevel.Int())
 
+		// TODO check that daemon is either running as root, or that the
+		// required linux capabilities are set.
+		// TODO check that the tun module is loaded (for nebula).
+
 		daemonConfig, err := daemon.LoadConfig(envAppDirPath, *daemonConfigPath)
 		if err != nil {
 			return fmt.Errorf("loading daemon config: %w", err)
diff --git a/go/cmd/entrypoint/daemon_util.go b/go/cmd/entrypoint/daemon_util.go
index c74e1f2..776b41d 100644
--- a/go/cmd/entrypoint/daemon_util.go
+++ b/go/cmd/entrypoint/daemon_util.go
@@ -8,6 +8,7 @@ import (
 	"isle/daemon/jsonrpc2"
 	"net"
 	"net/http"
+	"os"
 
 	"dev.mediocregopher.com/mediocre-go-lib.git/mctx"
 	"dev.mediocregopher.com/mediocre-go-lib.git/mlog"
@@ -24,7 +25,13 @@ func newHTTPServer(
 	l, err := net.Listen("unix", socketPath)
 	if err != nil {
 		return nil, fmt.Errorf(
-			"failed to listen on socket %q: %w", socketPath, err,
+			"listening on socket %q: %w", socketPath, err,
+		)
+	}
+
+	if err := os.Chmod(socketPath, 0660); err != nil {
+		return nil, fmt.Errorf(
+			"setting permissions of %q to 0660: %w", socketPath, err,
 		)
 	}