From 84ab040f028d737e8ab335e6d481e2e206d71b12 Mon Sep 17 00:00:00 2001 From: Will Norris Date: Tue, 9 Jan 2024 16:39:39 -0800 Subject: [PATCH] safesocket: detect macsys from within tailscaled Use the helper method from the version package to detect that we are running the macsys network extension. This method does the same check for the HOME environment variable (which works fine in most cases) as well as the name of the executable (which is needed for the web client). Updates tailscale/corp#16393 Signed-off-by: Will Norris --- safesocket/safesocket_darwin.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/safesocket/safesocket_darwin.go b/safesocket/safesocket_darwin.go index 36fc7c438..12aa7f3eb 100644 --- a/safesocket/safesocket_darwin.go +++ b/safesocket/safesocket_darwin.go @@ -16,6 +16,8 @@ "strings" "sync" "time" + + "tailscale.com/version" ) func init() { @@ -72,7 +74,7 @@ func localTCPPortAndTokenDarwin() (port int, token string, err error) { if dir := os.Getenv("TS_MACOS_CLI_SHARED_DIR"); dir != "" { // First see if we're running as the non-AppStore "macsys" variant. - if strings.Contains(os.Getenv("HOME"), "/Containers/io.tailscale.ipn.macsys/") { + if version.IsMacSysExt() { if port, token, err := localTCPPortAndTokenMacsys(); err == nil { return port, token, nil }