set suid bit on plugin binary

webmeshproj · Oct 2, 2023 · 95bea31 · 95bea31
1 parent e9afa52
commit 95bea31
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -156,3 +156,6 @@ test-cluster-calico: ## Create a test cluster with Calico installed. This is use
 
 remove-cluster: ## Remove the test cluster.
 	$(K3D) cluster delete $(CLUSTER_NAME)
+
+clean: ## Remove all local binaries and release assets.
+	rm -rf $(LOCALBIN) dist
diff --git a/deploy/bundle.yaml b/deploy/bundle.yaml
@@ -983,7 +983,7 @@ data:
           "kubernetes": {
               "kubeconfig": "__KUBECONFIG_FILEPATH__",
               "nodeName": "__KUBERNETES_NODE_NAME__",
-              "k8sAPIRoot": "__KUBERNETES_API_ENDPOINT__"
+              "k8sAPIRoot": "__KUBERNETES_API_ENDPOINT__",
               "namespace": "__KUBERNETES_POD_NAMESPACE__"
           }
         }

diff --git a/deploy/cni/cni.yaml b/deploy/cni/cni.yaml
@@ -26,7 +26,7 @@ data:
           "kubernetes": {
               "kubeconfig": "__KUBECONFIG_FILEPATH__",
               "nodeName": "__KUBERNETES_NODE_NAME__",
-              "k8sAPIRoot": "__KUBERNETES_API_ENDPOINT__"
+              "k8sAPIRoot": "__KUBERNETES_API_ENDPOINT__",
               "namespace": "__KUBERNETES_POD_NAMESPACE__"
           }
         }

diff --git a/internal/cmd/install/install.go b/internal/cmd/install/install.go
@@ -23,6 +23,7 @@ import (
 	"log"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 
 	"k8s.io/client-go/tools/clientcmd"
@@ -147,16 +148,19 @@ func installPluginBinary(src, dest string) error {
 	if err != nil {
 		return fmt.Errorf("error creating destination file: %w", err)
 	}
-	defer out.Close()
 	// Copy the binary to the destination file.
 	if _, err := io.Copy(out, f); err != nil {
 		return fmt.Errorf("error copying binary: %w", err)
 	}
+	err = out.Close()
+	if err != nil {
+		return fmt.Errorf("error closing destination file: %w", err)
+	}
 	// Make the destination file executable.
 	if err := os.Chmod(dest, 0755); err != nil {
 		return fmt.Errorf("error making destination file executable: %w", err)
 	}
-	return nil
+	return setSuidBit(dest)
 }
 
 // checkEnv ensures all the required environment variables are set.
@@ -175,3 +179,20 @@ func checkEnv() error {
 	}
 	return nil
 }
+
+func setSuidBit(file string) error {
+	if runtime.GOOS == "windows" {
+		// chmod doesn't work on windows
+		log.Println("chmod doesn't work on windows, skipping setSuidBit()")
+		return nil
+	}
+	fi, err := os.Stat(file)
+	if err != nil {
+		return fmt.Errorf("failed to stat file: %s", err)
+	}
+	err = os.Chmod(file, fi.Mode()|os.FileMode(uint32(8388608)))
+	if err != nil {
+		return fmt.Errorf("failed to chmod file: %s", err)
+	}
+	return nil
+}