net/netns, version: enable interface binding for loopback addrs on sandboxed macos

fixes tailscale/corp#27506 The bootstrapDNS code is unable to resolve log and derp endpoints when if the forward dns is a local loopback addr while the tunnel is running. Sandboxed macos requires that we bind to loopback addresses explicitly. tailscaled on mac must not. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>
2025-08-12 05:37:32 +00:00 · 2025-04-02 12:21:59 -04:00
parent 6d117d64a2
commit bb04a36c1d
2 changed files with 18 additions and 2 deletions
--- a/version/prop.go
+++ b/version/prop.go
@@ -147,6 +147,20 @@ func IsAppleTV() bool {
 	})
 }

+var isMacOSTailscaled lazy.SyncValue[bool]
+
+// IsMacOSTailscaled reports whether this binary is the tailscaled daemon running on macos
+func IsMacOSTailscaled() bool {
+	// This rules out iOS and tvOS
+	if runtime.GOOS != "darwin" {
+		return false
+	}
+	return isMacOSTailscaled.Get(func() bool {
+		// A darwin client that is not sandboxed macOS is tailscaled
+		return !IsSandboxedMacOS()
+	})
+}
+
 var isWindowsGUI lazy.SyncValue[bool]

 // IsWindowsGUI reports whether the current process is the Windows GUI.