ipn/ipnlocal,clientupdate: allow auto-updates in contaienrs (#12391)

We assume most containers are immutable and don't expect tailscale running in them to auto-update. But there's no reason to prohibit it outright. Ignore the tailnet-wide default auto-update setting in containers, but allow local users to turn on auto-updates via the CLI. RELNOTE=Auto-updates are allowed in containers, but ignore the tailnet-wide default. Fixes #12292 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2025-08-11 13:18:53 +00:00 · 2024-06-06 16:31:52 -07:00
parent b65221999c
commit 7a7e314096
3 changed files with 41 additions and 15 deletions
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -2575,6 +2575,12 @@ func (b *LocalBackend) onTailnetDefaultAutoUpdate(au bool) {
 		// user. Tailnet default should not affect us, even if it changes.
 		return
 	}
+	if au && b.hostinfo != nil && b.hostinfo.Container.EqualBool(true) {
+		// This is a containerized node, which is usually meant to be
+		// immutable. Do not enable auto-updates if the tailnet does. But users
+		// can still manually enable auto-updates on this node.
+		return
+	}
 	b.logf("using tailnet default auto-update setting: %v", au)
 	prefsClone := prefs.AsStruct()
 	prefsClone.AutoUpdate.Apply = opt.NewBool(au)
--- a/ipn/ipnlocal/local_test.go
+++ b/ipn/ipnlocal/local_test.go
@@ -30,6 +30,7 @@ import (
 	"tailscale.com/drive"
 	"tailscale.com/drive/driveimpl"
 	"tailscale.com/health"
+	"tailscale.com/hostinfo"
 	"tailscale.com/ipn"
 	"tailscale.com/ipn/store/mem"
 	"tailscale.com/net/netcheck"
@@ -2296,6 +2297,7 @@ func TestPreferencePolicyInfo(t *testing.T) {
 func TestOnTailnetDefaultAutoUpdate(t *testing.T) {
 	tests := []struct {
 		before, after  opt.Bool
+		container      opt.Bool
 		tailnetDefault bool
 	}{
 		{
@@ -2328,10 +2330,30 @@ func TestOnTailnetDefaultAutoUpdate(t *testing.T) {
 			tailnetDefault: false,
 			after:          opt.NewBool(true),
 		},
+		{
+			before:         opt.Bool(""),
+			container:      opt.NewBool(true),
+			tailnetDefault: true,
+			after:          opt.Bool(""),
+		},
+		{
+			before:         opt.NewBool(false),
+			container:      opt.NewBool(true),
+			tailnetDefault: true,
+			after:          opt.NewBool(false),
+		},
+		{
+			before:         opt.NewBool(true),
+			container:      opt.NewBool(true),
+			tailnetDefault: false,
+			after:          opt.NewBool(true),
+		},
 	}
 	for _, tt := range tests {
 		t.Run(fmt.Sprintf("before=%s,after=%s", tt.before, tt.after), func(t *testing.T) {
 			b := newTestBackend(t)
+			b.hostinfo = hostinfo.New()
+			b.hostinfo.Container = tt.container
 			p := ipn.NewPrefs()
 			p.AutoUpdate.Apply = tt.before
 			if err := b.pm.setPrefsLocked(p.View()); err != nil {