Set permission bits on unix socket, so it's group read/writable

2024-07-16 17:30:36 +02:00 · 2024-07-16 17:30:36 +02:00 · e657061482
commit e657061482
parent 3980dc6083
2 changed files with 12 additions and 1 deletions
--- a/go/cmd/entrypoint/daemon.go
+++ b/go/cmd/entrypoint/daemon.go
@ -49,6 +49,10 @@ var subCmdDaemon = subCmd{

 		logger := subCmdCtx.logger.WithMaxLevel(logLevel.Int())

+		// TODO check that daemon is either running as root, or that the
+		// required linux capabilities are set.
+		// TODO check that the tun module is loaded (for nebula).
+
 		daemonConfig, err := daemon.LoadConfig(envAppDirPath, *daemonConfigPath)
 		if err != nil {
 			return fmt.Errorf("loading daemon config: %w", err)
--- a/go/cmd/entrypoint/daemon_util.go
+++ b/go/cmd/entrypoint/daemon_util.go
@ -8,6 +8,7 @@ import (
 	"isle/daemon/jsonrpc2"
 	"net"
 	"net/http"
+	"os"

 	"dev.mediocregopher.com/mediocre-go-lib.git/mctx"
 	"dev.mediocregopher.com/mediocre-go-lib.git/mlog"
@ -24,7 +25,13 @@ func newHTTPServer(
 	l, err := net.Listen("unix", socketPath)
 	if err != nil {
 		return nil, fmt.Errorf(
-			"failed to listen on socket %q: %w", socketPath, err,
+			"listening on socket %q: %w", socketPath, err,
+		)
+	}
+
+	if err := os.Chmod(socketPath, 0660); err != nil {
+		return nil, fmt.Errorf(
+			"setting permissions of %q to 0660: %w", socketPath, err,
 		)
 	}