Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/pkg
History
Bash Bandicoot 4fcbb57d23
Fix orbit crash loop on incorrect file permissions (#40887) 
## Summary

- `checkPermFile` in `pkg/secure/secure.go` now self-heals incorrect
file permissions via `os.Chmod` instead of returning a fatal error
- Fixes orbit crash-looping indefinitely when
`/opt/orbit/updates-metadata.json` has mode 755 instead of the expected
600

## Problem

Orbit refuses to start when `updates-metadata.json` has wrong
permissions (e.g. 755 instead of 600), entering an infinite restart loop
(`systemd` restart counter observed at 3447+). The manual workaround is
`chmod 600 /opt/orbit/updates-metadata.json`, but the root cause — an
external process changing file permissions — is intermittent and hard to
track.

The `checkPermFile` function in `pkg/secure/secure.go` was designed as a
security check, but its behavior of fatally erroring on any permission
mismatch causes a denial-of-service on the legitimate user. For
comparison, `checkPermPath` (the directory equivalent) already tolerates
permissions that are less permissive than expected.

## Fix

When `checkPermFile` detects a permission mismatch, it now attempts
`os.Chmod` to correct the permissions before proceeding. It only returns
an error if the chmod itself fails (e.g. insufficient privileges). This
preserves the security intent — files end up with correct permissions —
while making orbit resilient to external permission drift.

## Test plan

- [ ] `go test ./pkg/secure/ -v -run TestOpenFile` — verifies
self-healing behavior
- [ ] `go test ./pkg/secure/ -v -run TestMkdirAll` — unchanged, verifies
directory checks still work
- [ ] Manual: create `/opt/orbit/updates-metadata.json` with mode 755,
start orbit, confirm it self-heals and starts normally

---------

Co-authored-by: Bash Bandicoot <bash-bandicoot@users.noreply.github.com>
2026-03-06 17:41:31 -03:00
..
automatic_policy Don't pass the default deb auto-install policy if install status is e.g. uninstalled (#32005) 2025-08-18 17:37:06 -05:00
buildpkg Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
certificate Add SCEP endpoint for host identity. (#30589) 2025-07-11 11:44:07 -03:00
download Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
file Scope package identifier validation to template substitution (#41028) 2026-03-05 13:37:57 -05:00
filepath_windows Allow custom osquery database on fleetd (#16554) 2024-02-05 09:41:06 -03:00
fleetdbase Only allow FLEET_DEV_* env vars when --dev is passed, allow overriding configs one at a time in dev (#38652) 2026-01-27 14:32:56 -06:00
fleethttp Added OTEL instrumentation to Fleet's internal HTTP client. (#40568) 2026-02-26 12:49:52 -06:00
fleethttpsig Updated httpsig-go library to 1.2.0 and removed vendored version. (#32426) 2025-08-28 14:28:30 -05:00
mdm Final slog migration PR: test infrastructure + tools + remaining standalone files (#40727) 2026-02-28 05:52:21 -06:00
nettest fix RunWithNetRetry (#8590) 2022-11-07 16:31:10 +01:00
open Escape ampersands in URL when opening browser in windows (#35146) 2025-11-04 09:20:31 -06:00
optjson NDES SCEP proxy backend (#22542) 2024-10-09 13:47:27 -05:00
race Fix flaky timing test (#23333) 2024-10-29 14:13:17 -03:00
rawjson Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
retry End-user authentication for Window/Linux setup experience: agent (#34847) 2025-11-03 16:41:57 -06:00
scripts Fix windows installer stuck in pending state forever (#22592) 2024-10-02 16:18:37 -04:00
secure Fix orbit crash loop on incorrect file permissions (#40887) 2026-03-06 17:41:31 -03:00
spec Add aliases for macos fields (#40959) 2026-03-05 18:08:54 -06:00
str Add ability to enable/disable logs by topic (#40126) 2026-02-20 17:22:50 -06:00
testutils Activity bounded context: /api/latest/fleet/activities (1 of 2) (#38115) 2026-01-19 09:07:14 -05:00
README.md Add CentOS parsing+post-processing to reduce false positives in vulnerability processing (#4037) 2022-02-14 15:13:44 -03:00

README.md

pkg directory

This top-level pkg directory contains packages that may be shared between all fleet backend components.