ssh/tailssh: make Tailscale SSH work on gokrazy

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
pull/7800/head
Brad Fitzpatrick 2 years ago committed by Brad Fitzpatrick
parent 3d29da105c
commit 2c0bda6e2e

@ -3220,6 +3220,10 @@ func (b *LocalBackend) TailscaleVarRoot() string {
switch runtime.GOOS { switch runtime.GOOS {
case "ios", "android", "darwin": case "ios", "android", "darwin":
return paths.AppSharedDir.Load() return paths.AppSharedDir.Load()
case "linux":
if distro.Get() == distro.Gokrazy {
return "/perm/tailscaled"
}
} }
return "" return ""
} }

@ -691,6 +691,9 @@ func (ss *sshSession) startWithStdPipes() (err error) {
func loginShell(u *user.User) string { func loginShell(u *user.User) string {
switch runtime.GOOS { switch runtime.GOOS {
case "linux": case "linux":
if distro.Get() == distro.Gokrazy {
return "/tmp/serial-busybox/ash"
}
out, _ := exec.Command("getent", "passwd", u.Uid).Output() out, _ := exec.Command("getent", "passwd", u.Uid).Output()
// out is "root:x:0:0:root:/root:/bin/bash" // out is "root:x:0:0:root:/root:/bin/bash"
f := strings.SplitN(string(out), ":", 10) f := strings.SplitN(string(out), ":", 10)

@ -42,6 +42,7 @@ import (
"tailscale.com/types/netmap" "tailscale.com/types/netmap"
"tailscale.com/util/clientmetric" "tailscale.com/util/clientmetric"
"tailscale.com/util/mak" "tailscale.com/util/mak"
"tailscale.com/version/distro"
) )
var ( var (
@ -388,6 +389,15 @@ func (c *conn) doPolicyAuth(ctx ssh.Context, pubKey ssh.PublicKey) error {
if a.Accept { if a.Accept {
c.finalAction = a c.finalAction = a
} }
if runtime.GOOS == "linux" && distro.Get() == distro.Gokrazy {
// Gokrazy is a single-user appliance with ~no userspace.
// There aren't users to look up (no /etc/passwd, etc)
// so rather than fail below, just hardcode root.
// TODO(bradfitz): fix os/user upstream instead?
c.userGroupIDs = []string{"0"}
c.localUser = &user.User{Uid: "0", Gid: "0", Username: "root"}
return nil
}
lu, err := user.Lookup(localUser) lu, err := user.Lookup(localUser)
if err != nil { if err != nil {
c.logf("failed to look up %v: %v", localUser, err) c.logf("failed to look up %v: %v", localUser, err)
@ -396,6 +406,7 @@ func (c *conn) doPolicyAuth(ctx ssh.Context, pubKey ssh.PublicKey) error {
} }
gids, err := lu.GroupIds() gids, err := lu.GroupIds()
if err != nil { if err != nil {
c.logf("failed to look up local user's group IDs: %v", err)
return err return err
} }
c.userGroupIDs = gids c.userGroupIDs = gids

Loading…
Cancel
Save