You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Brad Fitzpatrick 5611f290eb ipn, ipnserver: only require sudo on Linux for mutable CLI actions
This partially reverts d6e9fb1df0, which modified the permissions
on the tailscaled Unix socket and thus required "sudo tailscale" even
for "tailscale status".

Instead, open the permissions back up (on Linux only) but have the
server look at the peer creds and only permit read-only actions unless
you're root.

In the future we'll also have a group that can do mutable actions.

On OpenBSD and FreeBSD, the permissions on the socket remain locked
down to 0600 from d6e9fb1df0.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
.github Cache go modules. 4 years ago
atomicfile atomicfile: don't Chmod on windows 4 years ago
cmd cmd/tailscale/cli: tweak the status name column a bit 4 years ago
control/controlclient all: convert from []wgcfg.Endpoint to string 4 years ago
derp net/dnscache: work on IPv6-only hosts (again) 4 years ago
disco wgengine/magicsock: run test DERP in mode where only disco packets allowed 4 years ago
internal all: convert from []wgcfg.Endpoint to string 4 years ago
ipn ipn, ipnserver: only require sudo on Linux for mutable CLI actions 4 years ago
log log/filelogger: move our Windows disk file writing+rotation package here 4 years ago
logpolicy cmd/tailscaled, logpolicy, logtail: support log levels 4 years ago
logtail Revert "Add logtail tests (#1114)" (#1116) 4 years ago
metrics metrics: add LabelMap.GetFloat 4 years ago
net netcheck: use reflect in sortRegions test. 4 years ago
paths paths, cmd/tailscaled: on Windows, don't try to migrate from legacy relay.conf 4 years ago
portlist portlist: add a test for SameInodes 4 years ago
safesocket ipn, ipnserver: only require sudo on Linux for mutable CLI actions 4 years ago
scripts Allow 2021 in LICENSE header. 4 years ago
smallzstd smallzstd: new package that constructs zstd small encoders/decoders. 4 years ago
syncs Fix receiver in order to be consistent: syncs.WaitGroupChan 4 years ago
tailcfg tailcfg, control/controlclient: make MapResponse.CollectServices an opt.Bool 4 years ago
tempfork/pprof go.mod: upgrade staticcheck to 0.1.0 4 years ago
tsconst net/netns: add windows support. 4 years ago
tstest ipn: close logger at the end of TestLocalLogLines 4 years ago
tstime tstime: add Parse3339B, for byte slices 4 years ago
tsweb tsweb: export VarzHandler 4 years ago
types wgengine/magicsock: stop depending on UpdateDst in legacy codepaths. 4 years ago
util cmd/tailscale: change formatting of "tailscale status" 4 years ago
version version: new version for a new year 4 years ago
wgengine wgengine/netstack: use tailscale IPs instead of a hardcoded one (#1131) 4 years ago
.gitattributes .gitattributes: add a smudge filter for go.mod. 5 years ago
.gitignore add nix-shell boilerplate (#1028) 4 years ago
AUTHORS Move Linux client & common packages into a public repo. 5 years ago
CODE_OF_CONDUCT.md Add a code of conduct. 5 years ago
Dockerfile Dockerfile: add big warning banner 4 years ago
LICENSE Move Linux client & common packages into a public repo. 5 years ago
Makefile Makefile: remove tsshd from depaware 4 years ago
PATENTS Move Linux client & common packages into a public repo. 5 years ago
README.md README: names of contributors, link to them instead 4 years ago
SECURITY.md Add a SECURITY.md for vulnerability reports. 5 years ago
VERSION.txt VERSION.txt: this is now 1.3.x. 4 years ago
api.md API.md: add documentation for deleting a device 4 years ago
build_dist.sh build_dist: fix after version refactor. 4 years ago
go.mod all: convert from []wgcfg.Endpoint to string 4 years ago
go.sum go.sum: update 4 years ago
shell.nix add nix-shell boilerplate (#1028) 4 years ago

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs primarily on Linux; it also works to varying degrees on FreeBSD, OpenBSD, Darwin, and Windows.

The Android app is at https://github.com/tailscale/tailscale-android

Using

We serve packages for a variety of distros at https://pkgs.tailscale.com .

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers that are not open source.

Building

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.15) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

WireGuard is a registered trademark of Jason A. Donenfeld.