mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-25 19:15:34 +00:00
ipn/ipnlocal: empty allowed exit nodes syspolicy should be treated as allow all
Updates tailscale/corp#19681 If the syspolicy returns an empty list of allowed exit nodes, this should be treated as "allow all" rather than "allow none" Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
This commit is contained in:
parent
01847e0123
commit
5be738b118
@ -6456,7 +6456,7 @@ func suggestExitNode(report *netcheck.Report, netMap *netmap.NetworkMap, r *rand
|
|||||||
var allowedCandidates set.Set[string]
|
var allowedCandidates set.Set[string]
|
||||||
if allowed, err := syspolicy.GetStringArray(syspolicy.AllowedSuggestedExitNodes, nil); err != nil {
|
if allowed, err := syspolicy.GetStringArray(syspolicy.AllowedSuggestedExitNodes, nil); err != nil {
|
||||||
return res, fmt.Errorf("unable to read %s policy: %w", syspolicy.AllowedSuggestedExitNodes, err)
|
return res, fmt.Errorf("unable to read %s policy: %w", syspolicy.AllowedSuggestedExitNodes, err)
|
||||||
} else if allowed != nil {
|
} else if allowed != nil && len(allowed) > 0 {
|
||||||
allowedCandidates = set.SetOf(allowed)
|
allowedCandidates = set.SetOf(allowed)
|
||||||
}
|
}
|
||||||
candidates := make([]tailcfg.NodeView, 0, len(netMap.Peers))
|
candidates := make([]tailcfg.NodeView, 0, len(netMap.Peers))
|
||||||
|
Loading…
Reference in New Issue
Block a user