mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
ba3746f9fa
Resolves #41863 - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. ## Testing - [x] QA'd all new/changed functionality manually Tests performed on the following OSs: - Windows (arm64) - macOS (Apple silicon) - Linux (arm64) - Linux (amd64) Features tested on the OSs above: - "My device". - Restart fleetd. - Kill fleet desktop, should re-start. - Killing stale osqueryd processes on orbit startup. - Checking if osquery is up and running, exit and start. - Checking if Fleet Desktop is already running before launching it. - orbit auto update - Gracefully shutting down Fleet Desktop before restarting it --- ## fleetd/orbit/Fleet Desktop - [X] Verified compatibility with the latest released version of Fleet (see [Must rule](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/workflows/fleetd-development-and-release-strategy.md)) - [x] If the change applies to only one platform, confirmed that `runtime.GOOS` is used as needed to isolate changes - [x] Verified that fleetd runs on macOS, Linux and Windows - [x] Verified auto-update works from the released version of component to the new version (see [tools/tuf/test](../tools/tuf/test/README.md))
121 lines
3.2 KiB
Go
121 lines
3.2 KiB
Go
//go:build !windows
|
|
// +build !windows
|
|
|
|
package platform
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/fleetdm/fleet/v4/orbit/pkg/constant"
|
|
gopsutil_process "github.com/shirou/gopsutil/v4/process"
|
|
)
|
|
|
|
// ChmodRestrictFile sets the appropriate permissions on a file so it can not be read by everyone
|
|
// On POSIX this is a normal chmod call.
|
|
func ChmodRestrictFile(path string) error {
|
|
if err := os.Chmod(path, constant.DefaultFileMode); err != nil {
|
|
return fmt.Errorf("chmod restrict file: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ChmodExecutableDirectory sets the appropriate permissions on an executable
|
|
// file. On POSIX this is a normal chmod call.
|
|
func ChmodExecutableDirectory(path string) error {
|
|
if err := os.Chmod(path, constant.DefaultDirMode); err != nil {
|
|
return fmt.Errorf("chmod executable directory: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ChmodExecutable sets the appropriate permissions on the parent directory of
|
|
// an executable file. On POSIX this is a regular chmod call.
|
|
func ChmodExecutable(path string) error {
|
|
if err := os.Chmod(path, constant.DefaultExecutableMode); err != nil {
|
|
return fmt.Errorf("chmod executable: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SignalProcessBeforeTerminate just force terminate the target process
|
|
// Signaling the child process before termination is not supported on non-windows OSes
|
|
func SignalProcessBeforeTerminate(processName string) error {
|
|
if processName == "" {
|
|
return errors.New("processName should not be empty")
|
|
}
|
|
|
|
if err := killProcessByName(constant.DesktopAppExecName); err != nil && !errors.Is(err, ErrProcessNotFound) {
|
|
return fmt.Errorf("There was an error kill target process %s: %w", processName, err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// GetProcessesByName gets all running processes by its name.
|
|
// Returns ErrProcessNotFound if the process was not found running.
|
|
func GetProcessesByName(name string) ([]*gopsutil_process.Process, error) {
|
|
if name == "" {
|
|
return nil, errors.New("process name should not be empty")
|
|
}
|
|
|
|
processes, err := gopsutil_process.Processes()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var foundProcesses []*gopsutil_process.Process
|
|
for _, process := range processes {
|
|
processName, err := process.Name()
|
|
if err != nil {
|
|
// No need to print errors here as this method might file for system processes
|
|
continue
|
|
}
|
|
|
|
if strings.HasPrefix(processName, name) {
|
|
foundProcesses = append(foundProcesses, process)
|
|
break
|
|
}
|
|
}
|
|
|
|
if len(foundProcesses) == 0 {
|
|
return nil, ErrProcessNotFound
|
|
}
|
|
|
|
return foundProcesses, nil
|
|
}
|
|
|
|
func GetSMBiosUUID() (string, UUIDSource, error) {
|
|
return "", UUIDSourceInvalid, errors.New("not implemented.")
|
|
}
|
|
|
|
// RunUpdateQuirks is a no-op on non-windows platforms
|
|
func PreUpdateQuirks() {
|
|
}
|
|
|
|
// IsInvalidReparsePoint is a no-op on non-windows platforms
|
|
func IsInvalidReparsePoint(err error) bool {
|
|
return false
|
|
}
|
|
|
|
// killProcessByName kills a single process by its name.
|
|
func killProcessByName(name string) error {
|
|
if name == "" {
|
|
return errors.New("process name should not be empty")
|
|
}
|
|
|
|
foundProcesses, err := GetProcessesByName(name)
|
|
if err != nil {
|
|
return fmt.Errorf("get process: %w", err)
|
|
}
|
|
|
|
for _, foundProcess := range foundProcesses {
|
|
if err := foundProcess.Kill(); err != nil {
|
|
return fmt.Errorf("kill process %d: %w", foundProcess.Pid, err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|