agent/proxy: AllowRoot to disable executing managed proxies when root

This commit is contained in:
Mitchell Hashimoto 2018-06-12 15:07:21 +02:00 committed by Jack Pearkes
parent 5ae32837f7
commit ed98d65c2b
5 changed files with 73 additions and 0 deletions

View File

@ -364,6 +364,7 @@ func (a *Agent) Start() error {
// done here after the local state above is loaded in so we can have
// a more accurate initial state view.
a.proxyManager = proxy.NewManager()
a.proxyManager.AllowRoot = a.config.ConnectProxyAllowManagedRoot
a.proxyManager.State = a.State
a.proxyManager.Logger = a.logger
if a.config.DataDir != "" {

View File

@ -85,6 +85,12 @@ type Manager struct {
CoalescePeriod time.Duration
QuiescentPeriod time.Duration
// AllowRoot configures whether proxies can be executed as root (EUID == 0).
// If this is false then the manager will run and proxies can be added
// and removed but none will be started an errors will be logged
// to the logger.
AllowRoot bool
// lock is held while reading/writing any internal state of the manager.
// cond is a condition variable on lock that is broadcasted for runState
// changes.
@ -323,6 +329,12 @@ func (m *Manager) sync() {
m.lock.Lock()
defer m.lock.Unlock()
// If we don't allow root and we're root, then log a high sev message.
if !m.AllowRoot && isRoot() {
m.Logger.Println("[WARN] agent/proxy: running as root, will not start managed proxies")
return
}
// Get the current set of proxies
state := m.State.Proxies()

View File

@ -347,6 +347,41 @@ func TestManagerRun_snapshotRestore(t *testing.T) {
})
}
// Manager should not run any proxies if we're running as root. Tests
// stub the value.
func TestManagerRun_rootDisallow(t *testing.T) {
// Pretend we are root
defer testSetRootValue(true)()
state := local.TestState(t)
m, closer := testManager(t)
defer closer()
m.State = state
defer m.Kill()
// Add the proxy before we start the manager to verify initial sync
td, closer := testTempDir(t)
defer closer()
path := filepath.Join(td, "file")
testStateProxy(t, state, "web", helperProcess("restart", path))
// Start the manager
go m.Run()
// Sleep a bit just to verify
time.Sleep(100 * time.Millisecond)
// We should see the path appear shortly
retry.Run(t, func(r *retry.R) {
_, err := os.Stat(path)
if err != nil {
return
}
r.Fatalf("path exists")
})
}
func testManager(t *testing.T) (*Manager, func()) {
m := NewManager()

View File

@ -48,6 +48,7 @@ func helperProcess(s ...string) *exec.Cmd {
cmd := exec.Command(os.Args[0], cs...)
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
println(fmt.Sprintf("YO WHAT %#v", cmd.Args))
return cmd
}

24
agent/proxy/root.go Normal file
View File

@ -0,0 +1,24 @@
package proxy
import (
"os"
)
// isRoot returns true if the process is executing as root.
func isRoot() bool {
if testRootValue != nil {
return *testRootValue
}
return os.Geteuid() == 0
}
// testSetRootValue is a test helper for setting the root value.
func testSetRootValue(v bool) func() {
testRootValue = &v
return func() { testRootValue = nil }
}
// testRootValue should be set to a non-nil value to return it as a stub
// from isRoot. This should only be used in tests.
var testRootValue *bool