Add uname parsing fallback path to KernelVersion() #823
Commits on Oct 21, 2022
-
Add uname parsing fallback path to KernelVersion()
It turns out if filecaps are assigned to a binary, it affects the processes "dumpability" (see `PR_SET_DUMPABLE` section in `man prctl`). When a process isn't globally dumpable, `/proc/self/auxv` is owned by `root:root`. Put together, what this means is that if an executable uses this library and is assigned filecaps but run as a normal user, this library errors out when reading from `/proc/self/auxv`. You can confirm this existing behavior by running this on master: $ cd internal $ go test -c $ sudo setcap cap_net_admin,cap_sys_admin+p internal.test $ ./internal.test --- FAIL: TestCurrentKernelVersion (0.00s) version_test.go:53: opening auxv: open /proc/self/auxv: permission denied FAIL This commit makes `KernelVersion()` more reliable by adding a best-effort uname parsing codepath. More details about the filecaps interaction is available here: https://dxuuu.xyz/filecaps.html .
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.