From 09982e1918f27c740320a4879bbafdd9f379733a Mon Sep 17 00:00:00 2001 From: Nick Khyl Date: Tue, 18 Feb 2025 15:52:10 -0600 Subject: [PATCH] ipn/ipnlocal: reset always-on override and apply policy settings on start We already reset the always-on override flag when switching profiles and in a few other cases. In this PR, we update (*LocalBackend).Start() to reset it as well. This is necessary to support scenarios where Start() is called explicitly, such as when the GUI starts or when tailscale up is used with additional flags and passes prefs via ipn.Options in a call to Start() rather than via EditPrefs. Additionally, we update it to apply policy settings to the current prefs, which is necessary for properly overriding prefs specified in ipn.Options. Updates #14823 Signed-off-by: Nick Khyl --- ipn/ipnlocal/local.go | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index 43d82c900..bd5f595be 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -2341,12 +2341,20 @@ func (b *LocalBackend) Start(opts ipn.Options) error { }); err != nil { b.logf("failed to save UpdatePrefs state: %v", err) } - b.setAtomicValuesFromPrefsLocked(pv) - } else { - b.setAtomicValuesFromPrefsLocked(b.pm.CurrentPrefs()) } + // Reset the always-on override whenever Start is called. + b.resetAlwaysOnOverrideLocked() + // And also apply syspolicy settings to the current profile. + // This is important in two cases: when opts.UpdatePrefs is not nil, + // and when Always Mode is enabled and we need to set WantRunning to true. + if newp := b.pm.CurrentPrefs().AsStruct(); applySysPolicy(newp, b.lastSuggestedExitNode, b.overrideAlwaysOn) { + setExitNodeID(newp, b.netMap) + b.pm.setPrefsNoPermCheck(newp.View()) + } prefs := b.pm.CurrentPrefs() + b.setAtomicValuesFromPrefsLocked(prefs) + wantRunning := prefs.WantRunning() if wantRunning { if err := b.initMachineKeyLocked(); err != nil {