net/netns: don't return an error if we're not root and running the tailscale binary

tailscale netcheck was broken otherwise. We can fix this a better way later; I'm just fixing a regression in some way because I'm trying to work on netcheck at the moment.
2020-05-29 21:58:31 -07:00 · 2020-05-29 21:58:31 -07:00 · 1407540b52
parent 5114df415e
commit 1407540b52
1 changed files with 9 additions and 0 deletions
--- a/net/netns/netns_linux.go
+++ b/net/netns/netns_linux.go
@ -8,6 +8,8 @@ package netns

 import (
 	"fmt"
+	"os"
+	"path/filepath"
 	"syscall"

 	"golang.org/x/sys/unix"
@ -36,6 +38,13 @@ func control(network, address string, c syscall.RawConn) error {
 	err := c.Control(func(fd uintptr) {
 		controlErr = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_MARK, tailscaleBypassMark)
 	})
+	// Before returning some fatal error, see if we're just a regular user
+	// running cmd/tailscale (presumably netcheck) and ignore the error if so.
+	if (err != nil || controlErr != nil) && os.Getuid() != 0 {
+		if v, _ := os.Executable(); filepath.Base(v) == "tailscale" {
+			return nil
+		}
+	}
 	if err != nil {
 		return fmt.Errorf("setting socket mark: %w", err)
 	}