Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117
fleet/orbit/pkg/execuser/execuser_linux.go
Scott Gress 0966e9e99c
Fix orbit process launch issues that can hit /proc/keys limits (#32309) 
for #32112

# Details

This PR reverts some earlier work using `runuser` and `runcon` intended
to allow Orbit to launch Fleet Desktop in the logged-in user's SELinux
context. This didn't work for out-of-the-box SELinux enforcement setups,
with a side-effect of each failed attempt to launch the desktop app
creating a new kernel keyring that doesn't get cleaned up until Orbit
quits (or GC runs, although I didn't see that happen in testing). While
using `runuser` has some possible benefits over using `sudo` to launch
processes, it also (when using `-l` to start a login shell) creates a
new keyring. This is not an issue if the command to launch the process
succeeds, but if it fails and retries over and over, we start amassing
keyrings.

It is the opinion of several other engineers (and now myself as well)
that the real solution to various Fleet Desktop launching issues is to
launch the desktop app as a user service using `systemctl --user` so
that it automatically inherits the user's environment, context, etc.

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [X] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

# Testing
- [X] QA'd all new/changed functionality manually
  - [ ] ~Ubuntu with SELinux on~ this is a very uncommon setup
  - [x] Ubuntu with SELinux off
- [X] Fedora with SELinux on - double checked that `getenforce` returned
`Enforcing` this time
  - [X] Fedora with SELinux off
  - [ ] ~Debian with SELinux on~ this is a very uncommon setup
  - [X] Debian with SELinux off
- [x] `runWithOutput` still works (tested with `go run
./tools/dialog/main.go --dialog=zenity` on all platforms)
- [ ] ~`runWithStdin` still works~ (this isn't currently used by Linux)

## fleetd/orbit/Fleet Desktop

- [X] Verified compatibility with the latest released version of Fleet
(see [Must
rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md))
- [X] If the change applies to only one platform, confirmed that
`runtime.GOOS` is used as needed to isolate changes
- [X] Verified that fleetd runs on macOS, Linux and Windows
- [ ] Verified auto-update works from the released version of component
to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
2025-08-28 09:20:32 -05:00

250 lines
7.3 KiB
Go
Raw Blame History

package execuser
import (
"bufio"
"bytes"
"errors"
"fmt"
"io"
"os"
"os/exec"
"path/filepath"
"regexp"
"sort"
"strconv"
"strings"
userpkg "github.com/fleetdm/fleet/v4/orbit/pkg/user"
"github.com/rs/zerolog/log"
)
// base command to setup an exec.Cmd using `runuser`
func baserun(path string, opts eopts) (cmd *exec.Cmd, err error) {
args, env, err := getConfigForCommand(path)
if err != nil {
return nil, fmt.Errorf("get args: %w", err)
}
env = append(env,
// Append the packaged libayatana-appindicator3 libraries path to LD_LIBRARY_PATH.
//
// Fleet Desktop doesn't use libayatana-appindicator3 since 1.18.3, but we need to
// keep this to support older versions of Fleet Desktop.
fmt.Sprintf("LD_LIBRARY_PATH=%s:%s", filepath.Dir(path), os.ExpandEnv("$LD_LIBRARY_PATH")),
)
for _, nv := range opts.env {
env = append(env, fmt.Sprintf("%s=%s", nv[0], nv[1]))
}
// Hold any command line arguments to pass to the command.
cmdArgs := make([]string, 0, len(opts.args)*2)
if len(opts.args) > 0 {
for _, arg := range opts.args {
cmdArgs = append(cmdArgs, arg[0])
if arg[1] != "" {
cmdArgs = append(cmdArgs, arg[1])
}
}
}
// Run `env` to setup the environment.
args = append(args, "env")
args = append(args, env...)
// Pass the command and its arguments.
args = append(args, path)
args = append(args, cmdArgs...)
// Use sudo to run the command as the login user.
args = append([]string{"sudo"}, args...)
// If a timeout is set, prefix the command with "timeout".
if opts.timeout > 0 {
args = append([]string{"timeout", fmt.Sprintf("%ds", int(opts.timeout.Seconds()))}, args...)
}
cmd = exec.Command(args[0], args[1:]...) // #nosec G204
return
}
// run a command, passing its output to stdout and stderr.
func run(path string, opts eopts) (lastLogs string, err error) {
cmd, err := baserun(path, opts)
if err != nil {
return "", err
}
cmd.Stderr = os.Stderr
cmd.Stdout = os.Stdout
log.Info().Str("cmd", cmd.String()).Msg("running command")
if err := cmd.Start(); err != nil {
return "", fmt.Errorf("open path %q: %w", path, err)
}
return "", nil
}
// run a command and return its output and exit code.
func runWithOutput(path string, opts eopts) (output []byte, exitCode int, err error) {
cmd, err := baserun(path, opts)
if err != nil {
return nil, -1, err
}
output, err = cmd.Output()
if err != nil {
if exitErr, ok := err.(*exec.ExitError); ok {
exitCode = exitErr.ExitCode()
return output, exitCode, fmt.Errorf("%q exited with code %d: %w", path, exitCode, err)
}
return output, -1, fmt.Errorf("%q error: %w", path, err)
}
return output, exitCode, nil
}
// run a command that requires stdin input, returning a pipe to write to stdin.
func runWithStdin(path string, opts eopts) (io.WriteCloser, error) {
cmd, err := baserun(path, opts)
if err != nil {
return nil, err
}
stdin, err := cmd.StdinPipe()
if err != nil {
return nil, fmt.Errorf("stdin pipe: %w", err)
}
if err := cmd.Start(); err != nil {
return nil, fmt.Errorf("open path %q: %w", path, err)
}
return stdin, nil
}
func getConfigForCommand(path string) (args []string, env []string, err error) {
user, err := userpkg.GetLoginUser()
if err != nil {
return nil, nil, fmt.Errorf("get user: %w", err)
}
log.Info().Str("user", user.Name).Int64("id", user.ID).Msg("attempting to get user session type and display")
// Get user's display session type (x11 vs. wayland).
uid := strconv.FormatInt(user.ID, 10)
userDisplaySessionType, err := userpkg.GetUserDisplaySessionType(uid)
if userDisplaySessionType == userpkg.GuiSessionTypeTty {
return nil, nil, fmt.Errorf("user %q (%d) is not running a GUI session", user.Name, user.ID)
}
if err != nil {
// Wayland is the default for most distributions, thus we assume
// wayland if we couldn't determine the session type.
log.Error().Err(err).Msg("assuming wayland session")
userDisplaySessionType = userpkg.GuiSessionTypeWayland
}
var display string
if userDisplaySessionType == userpkg.GuiSessionTypeX11 {
x11Display, err := getUserX11Display(user.Name)
if err != nil {
log.Error().Err(err).Msg("failed to get X11 display, using default :0")
// TODO(lucas): Revisit when working on multi-user/multi-session support.
// Default to display ':0' if user display could not be found.
// This assumes there's only one desktop session and belongs to the
// user returned in `getLoginUID'.
display = ":0"
} else {
display = x11Display
}
} else {
waylandDisplay, err := getUserWaylandDisplay(uid)
if err != nil {
log.Error().Err(err).Msg("failed to get wayland display, using default wayland-0")
// TODO(lucas): Revisit when working on multi-user/multi-session support.
// Default to display 'wayland-0' if user display could not be found.
// This assumes there's only one desktop session and belongs to the
// user returned in `getLoginUID'.
display = "wayland-0"
} else {
display = waylandDisplay
}
}
log.Info().
Str("path", path).
Str("user", user.Name).
Int64("id", user.ID).
Str("display", display).
Str("session_type", userDisplaySessionType.String()).
Msg("running sudo")
args = []string{"-n", "-i", "-u", user.Name, "-H"}
env = make([]string, 0)
if userDisplaySessionType == userpkg.GuiSessionTypeWayland {
env = append(env, "WAYLAND_DISPLAY="+display)
// For xdg-open to work on a Wayland session we still need to set the DISPLAY variable.
x11Display := ":" + strings.TrimPrefix(display, "wayland-")
env = append(env, "DISPLAY="+x11Display)
} else {
env = append(env, "DISPLAY="+display)
}
env = append(env,
// DBUS_SESSION_BUS_ADDRESS sets the location of the user login session bus.
// Required by the libayatana-appindicator3 library to display a tray icon
// on the desktop session.
//
// This is required for Ubuntu 18, and not required for Ubuntu 21/22
// (because it's already part of the user).
fmt.Sprintf("DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%d/bus", user.ID),
)
return args, env, nil
}
var whoLineRegexp = regexp.MustCompile(`(\w+)\s+(:\d+)\s+`)
// getUserWaylandDisplay returns the value to set on WAYLAND_DISPLAY for the given user.
func getUserWaylandDisplay(uid string) (string, error) {
matches, err := filepath.Glob("/run/user/" + uid + "/wayland-*")
if err != nil {
return "", fmt.Errorf("list wayland socket files: %w", err)
}
sort.Slice(matches, func(i, j int) bool {
return matches[i] < matches[j]
})
for _, match := range matches {
if strings.HasSuffix(match, ".lock") {
continue
}
return filepath.Base(match), nil
}
return "", errors.New("wayland socket not found")
}
// getUserX11Display returns the value to set on DISPLAY for the given user.
func getUserX11Display(user string) (string, error) {
cmd := exec.Command("who")
var stdout bytes.Buffer
cmd.Stdout = &stdout
if err := cmd.Run(); err != nil {
return "", fmt.Errorf("run 'who' to get user display: %w", err)
}
return parseWhoOutputForDisplay(&stdout, user)
}
func parseWhoOutputForDisplay(output io.Reader, user string) (string, error) {
scanner := bufio.NewScanner(output)
for scanner.Scan() {
line := scanner.Text()
matches := whoLineRegexp.FindStringSubmatch(line)
if len(matches) > 1 && matches[1] == user {
return matches[2], nil
}
}
if err := scanner.Err(); err != nil {
return "", fmt.Errorf("scanner error: %w", err)
}
return "", errors.New("display not found on who output")
}
Reference in a new issue View git blame Copy permalink