Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 1 addition & 5 deletions agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,7 @@ func Run(ctx context.Context, configFilePath string, hostDNSServer DNSServer,
if config.DisableSudoAndContainers {
err := sudo.disableSudoAndContainers(tempDir)
if err != nil {
WriteAnnotation(fmt.Sprintf("%s Unable to disable sudo and docker %v", StepSecurityAnnotationPrefix, err))
WriteLog(fmt.Sprintf("%s Unable to disable sudo and docker %v", StepSecurityAnnotationPrefix, err))
} else {
WriteLog("disabled sudo and docker")
}
Expand Down Expand Up @@ -397,10 +397,6 @@ func RevertChanges(iptables *Firewall, nflog AgentNflogger,
if err != nil {
WriteLog(fmt.Sprintf("Error in reverting sudo changes %v", err))
}
err = sudo.revertDisableSudoAndContainers()
if err != nil {
WriteLog(fmt.Sprintf("Error in reverting sudo and containers changes %v", err))
}
WriteLog("Reverted changes")
}

Expand Down
48 changes: 1 addition & 47 deletions sudo.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"fmt"
"os"
"os/exec"
"os/user"
"path"
"strings"
)
Expand Down Expand Up @@ -88,52 +87,6 @@ func (s *Sudo) removeSocketPermissions() {
}
}

// revertDisableSudoAndContainers reverts the changes made by disableSudoAndContainers
func (s *Sudo) revertDisableSudoAndContainers() error {
// Step 1: Restore the sudoers file from backup
s.revertDisableSudo()

// Step 2: Restore socket permissions
s.restoreSocketPermissions()

// Step 3: Add user back to docker group
if err := s.addUserToDockerGroup(); err != nil {
return fmt.Errorf("error adding user back to docker group: %v", err)
}

return nil
}

// restoreSocketPermissions restores permissions to Docker and containerd sockets
func (s *Sudo) restoreSocketPermissions() {
// Check if docker socket exists before restoring
if _, err := os.Stat("/var/run/docker.sock"); err == nil {
cmd := exec.Command("sudo", "chmod", "660", "/var/run/docker.sock")
cmd.Run()
}

// Check if containerd socket exists before restoring
if _, err := os.Stat("/run/containerd/containerd.sock"); err == nil {
cmd := exec.Command("sudo", "chmod", "660", "/run/containerd/containerd.sock")
cmd.Run()
}
}

// addUserToDockerGroup adds the current user back to the docker group
func (s *Sudo) addUserToDockerGroup() error {
currentUser, err := user.Current()
if err != nil {
return fmt.Errorf("error getting current user: %v", err)
}

cmd := exec.Command("sudo", "gpasswd", "-a", currentUser.Username, "docker")
output, err := cmd.CombinedOutput()
if err != nil {
return fmt.Errorf("error adding user back to docker group: %v, output: %s", err, output)
}
return nil
}

func run(cmd string, args ...string) {
WriteLog(fmt.Sprintf("Running: %s %v", cmd, args))
c := exec.Command(cmd, args...)
Expand Down Expand Up @@ -166,6 +119,7 @@ func run(cmd string, args ...string) {
}

func (s *Sudo) uninstallDocker() error {
WriteLog("Uninstalling docker")
run("sudo", "apt-get", "purge", "-y",
"docker-ce", "docker-ce-cli", "containerd.io")
return nil
Expand Down