TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 04:55:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

safesocket: log warning when running sandboxed Mac binary as root

Browse Source 
It won't work, provide a clue in the error output.

Fixes #3063

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
This commit is contained in:
Mihai Parparita 2022-04-28 16:22:19 -07:00 committed by GitHub
parent 6f5b91c94c
commit cfe68d0a86
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
safesocket/safesocket_darwin.go
View File

@ -15,6 +15,7 @@
"path/filepath" "path/filepath"
"strconv" "strconv"
"strings" "strings"
"sync"
) )
func init() { func init() {
@ -49,6 +50,8 @@ func localTCPPortAndTokenMacsys() (port int, token string, err error) {
return port, auth, nil return port, auth, nil
} }
var warnAboutRootOnce sync.Once
func localTCPPortAndTokenDarwin() (port int, token string, err error) { func localTCPPortAndTokenDarwin() (port int, token string, err error) {
// There are two ways this binary can be run: as the Mac App Store sandboxed binary, // There are two ways this binary can be run: as the Mac App Store sandboxed binary,
// or a normal binary that somebody built or download and are being run from outside // or a normal binary that somebody built or download and are being run from outside
@ -83,6 +86,14 @@ func localTCPPortAndTokenDarwin() (port int, token string, err error) {
} }
} }
} }
if os.Geteuid() == 0 {
// Log a warning as the clue to the user, in case the error
// message is swallowed. Only do this once since we may retry
// multiple times to connect, and don't want to spam.
warnAboutRootOnce.Do(func() {
fmt.Fprintf(os.Stderr, "Warning: The CLI is running as root from within a sandboxed binary. It cannot reach the local tailscaled, please try again as a regular user.\n")
})
}
return 0, "", fmt.Errorf("failed to find sandboxed sameuserproof-* file in TS_MACOS_CLI_SHARED_DIR %q", dir) return 0, "", fmt.Errorf("failed to find sandboxed sameuserproof-* file in TS_MACOS_CLI_SHARED_DIR %q", dir)
} }