You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/hostinfo
Maisem Ali 2ae670eb71 ssh/tailssh: work around lack of scontext in SELinux
Trying to SSH when SELinux is enforced results in errors like:

```
➜  ~ ssh ec2-user@<ip>
Last login: Thu Jun  1 22:51:44 from <ip2>
ec2-user: no shell: Permission denied
Connection to <ip> closed.
```

while the `/var/log/audit/audit.log` has
```
type=AVC msg=audit(1685661291.067:465): avc:  denied  { transition } for  pid=5296 comm="login" path="/usr/bin/bash" dev="nvme0n1p1" ino=2564 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0
```

The right fix here would be to somehow install the appropriate context when
tailscale is installed on host, but until we figure out a way to do that
stop using the `login` cmd in these situations.

Updates #4908

Signed-off-by: Maisem Ali <maisem@tailscale.com>
1 year ago
..
hostinfo.go ssh/tailssh: work around lack of scontext in SELinux 1 year ago
hostinfo_darwin.go all: update copyright and license headers 2 years ago
hostinfo_freebsd.go all: update copyright and license headers 2 years ago
hostinfo_linux.go various: add detection and Taildrop for Unraid 2 years ago
hostinfo_linux_test.go all: update copyright and license headers 2 years ago
hostinfo_test.go all: update copyright and license headers 2 years ago
hostinfo_uname.go all: update copyright and license headers 2 years ago
hostinfo_windows.go all: update copyright and license headers 2 years ago