diff --git a/agent.go b/agent.go index 4196721..a52b9d4 100644 --- a/agent.go +++ b/agent.go @@ -255,7 +255,7 @@ func Run(ctx context.Context, configFilePath string, hostDNSServer DNSServer, if config.DisableSudoAndContainers { err := sudo.disableSudoAndContainers(tempDir) if err != nil { - WriteAnnotation(fmt.Sprintf("%s Unable to disable sudo and docker %v", StepSecurityAnnotationPrefix, err)) + WriteLog(fmt.Sprintf("%s Unable to disable sudo and docker %v", StepSecurityAnnotationPrefix, err)) } else { WriteLog("disabled sudo and docker") } @@ -397,10 +397,6 @@ func RevertChanges(iptables *Firewall, nflog AgentNflogger, if err != nil { WriteLog(fmt.Sprintf("Error in reverting sudo changes %v", err)) } - err = sudo.revertDisableSudoAndContainers() - if err != nil { - WriteLog(fmt.Sprintf("Error in reverting sudo and containers changes %v", err)) - } WriteLog("Reverted changes") } diff --git a/sudo.go b/sudo.go index 7a4b446..5a4c226 100644 --- a/sudo.go +++ b/sudo.go @@ -5,7 +5,6 @@ import ( "fmt" "os" "os/exec" - "os/user" "path" "strings" ) @@ -88,52 +87,6 @@ func (s *Sudo) removeSocketPermissions() { } } -// revertDisableSudoAndContainers reverts the changes made by disableSudoAndContainers -func (s *Sudo) revertDisableSudoAndContainers() error { - // Step 1: Restore the sudoers file from backup - s.revertDisableSudo() - - // Step 2: Restore socket permissions - s.restoreSocketPermissions() - - // Step 3: Add user back to docker group - if err := s.addUserToDockerGroup(); err != nil { - return fmt.Errorf("error adding user back to docker group: %v", err) - } - - return nil -} - -// restoreSocketPermissions restores permissions to Docker and containerd sockets -func (s *Sudo) restoreSocketPermissions() { - // Check if docker socket exists before restoring - if _, err := os.Stat("/var/run/docker.sock"); err == nil { - cmd := exec.Command("sudo", "chmod", "660", "/var/run/docker.sock") - cmd.Run() - } - - // Check if containerd socket exists before restoring - if _, err := os.Stat("/run/containerd/containerd.sock"); err == nil { - cmd := exec.Command("sudo", "chmod", "660", "/run/containerd/containerd.sock") - cmd.Run() - } -} - -// addUserToDockerGroup adds the current user back to the docker group -func (s *Sudo) addUserToDockerGroup() error { - currentUser, err := user.Current() - if err != nil { - return fmt.Errorf("error getting current user: %v", err) - } - - cmd := exec.Command("sudo", "gpasswd", "-a", currentUser.Username, "docker") - output, err := cmd.CombinedOutput() - if err != nil { - return fmt.Errorf("error adding user back to docker group: %v, output: %s", err, output) - } - return nil -} - func run(cmd string, args ...string) { WriteLog(fmt.Sprintf("Running: %s %v", cmd, args)) c := exec.Command(cmd, args...) @@ -166,6 +119,7 @@ func run(cmd string, args ...string) { } func (s *Sudo) uninstallDocker() error { + WriteLog("Uninstalling docker") run("sudo", "apt-get", "purge", "-y", "docker-ce", "docker-ce-cli", "containerd.io") return nil