From 95bea31d910339f724297ac3540f06d46e2fa0bd Mon Sep 17 00:00:00 2001
From: Avi Zimmerman <avi.zimmerman@gmail.com>
Date: Mon, 2 Oct 2023 17:51:12 +0300
Subject: [PATCH] set suid bit on plugin binary

---
 Makefile                        |  3 +++
 deploy/bundle.yaml              |  2 +-
 deploy/cni/cni.yaml             |  2 +-
 internal/cmd/install/install.go | 25 +++++++++++++++++++++++--
 4 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 975eec9..9594bf3 100644
--- a/Makefile
+++ b/Makefile
@@ -156,3 +156,6 @@ test-cluster-calico: ## Create a test cluster with Calico installed. This is use
 
 remove-cluster: ## Remove the test cluster.
 	$(K3D) cluster delete $(CLUSTER_NAME)
+
+clean: ## Remove all local binaries and release assets.
+	rm -rf $(LOCALBIN) dist
diff --git a/deploy/bundle.yaml b/deploy/bundle.yaml
index 8c87e87..ace9bb7 100644
--- a/deploy/bundle.yaml
+++ b/deploy/bundle.yaml
@@ -983,7 +983,7 @@ data:
           "kubernetes": {
               "kubeconfig": "__KUBECONFIG_FILEPATH__",
               "nodeName": "__KUBERNETES_NODE_NAME__",
-              "k8sAPIRoot": "__KUBERNETES_API_ENDPOINT__"
+              "k8sAPIRoot": "__KUBERNETES_API_ENDPOINT__",
               "namespace": "__KUBERNETES_POD_NAMESPACE__"
           }
         }
diff --git a/deploy/cni/cni.yaml b/deploy/cni/cni.yaml
index a5bf3cf..1cd24df 100644
--- a/deploy/cni/cni.yaml
+++ b/deploy/cni/cni.yaml
@@ -26,7 +26,7 @@ data:
           "kubernetes": {
               "kubeconfig": "__KUBECONFIG_FILEPATH__",
               "nodeName": "__KUBERNETES_NODE_NAME__",
-              "k8sAPIRoot": "__KUBERNETES_API_ENDPOINT__"
+              "k8sAPIRoot": "__KUBERNETES_API_ENDPOINT__",
               "namespace": "__KUBERNETES_POD_NAMESPACE__"
           }
         }
diff --git a/internal/cmd/install/install.go b/internal/cmd/install/install.go
index ac77906..094f1f1 100644
--- a/internal/cmd/install/install.go
+++ b/internal/cmd/install/install.go
@@ -23,6 +23,7 @@ import (
 	"log"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 
 	"k8s.io/client-go/tools/clientcmd"
@@ -147,16 +148,19 @@ func installPluginBinary(src, dest string) error {
 	if err != nil {
 		return fmt.Errorf("error creating destination file: %w", err)
 	}
-	defer out.Close()
 	// Copy the binary to the destination file.
 	if _, err := io.Copy(out, f); err != nil {
 		return fmt.Errorf("error copying binary: %w", err)
 	}
+	err = out.Close()
+	if err != nil {
+		return fmt.Errorf("error closing destination file: %w", err)
+	}
 	// Make the destination file executable.
 	if err := os.Chmod(dest, 0755); err != nil {
 		return fmt.Errorf("error making destination file executable: %w", err)
 	}
-	return nil
+	return setSuidBit(dest)
 }
 
 // checkEnv ensures all the required environment variables are set.
@@ -175,3 +179,20 @@ func checkEnv() error {
 	}
 	return nil
 }
+
+func setSuidBit(file string) error {
+	if runtime.GOOS == "windows" {
+		// chmod doesn't work on windows
+		log.Println("chmod doesn't work on windows, skipping setSuidBit()")
+		return nil
+	}
+	fi, err := os.Stat(file)
+	if err != nil {
+		return fmt.Errorf("failed to stat file: %s", err)
+	}
+	err = os.Chmod(file, fi.Mode()|os.FileMode(uint32(8388608)))
+	if err != nil {
+		return fmt.Errorf("failed to chmod file: %s", err)
+	}
+	return nil
+}