Set permission bits on unix socket, so it's group read/writable

go/cmd/entrypoint/daemon.go

@@ -49,6 +49,10 @@ var subCmdDaemon = subCmd{
 
 		logger := subCmdCtx.logger.WithMaxLevel(logLevel.Int())
 
+		// TODO check that daemon is either running as root, or that the
+		// required linux capabilities are set.
+		// TODO check that the tun module is loaded (for nebula).
+
 		daemonConfig, err := daemon.LoadConfig(envAppDirPath, *daemonConfigPath)
 		if err != nil {
 			return fmt.Errorf("loading daemon config: %w", err)

go/cmd/entrypoint/daemon_util.go

@@ -8,6 +8,7 @@ import (
 	"isle/daemon/jsonrpc2"
 	"net"
 	"net/http"
+	"os"
 
 	"dev.mediocregopher.com/mediocre-go-lib.git/mctx"
 	"dev.mediocregopher.com/mediocre-go-lib.git/mlog"
@@ -24,7 +25,13 @@ func newHTTPServer(
 	l, err := net.Listen("unix", socketPath)
 	if err != nil {
 		return nil, fmt.Errorf(
-			"failed to listen on socket %q: %w", socketPath, err,
+			"listening on socket %q: %w", socketPath, err,
+		)
+	}
+
+	if err := os.Chmod(socketPath, 0660); err != nil {
+		return nil, fmt.Errorf(
+			"setting permissions of %q to 0660: %w", socketPath, err,
 		)
 	}