Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make wireguard connect work without sudo #2193

Merged
merged 3 commits into from
May 13, 2020
Merged

Make wireguard connect work without sudo #2193

merged 3 commits into from
May 13, 2020

Conversation

tadaskay
Copy link
Contributor

@tadaskay tadaskay commented May 8, 2020
edited by anjmao
Loading

  1. Move node-supervisor code to node.
  2. Add WireGuard remote client package for communication with supervisor.
  3. Add ci build step to package supervisor for darwin.

@tadaskay tadaskay changed the title Make wireguard connect work without sudo (WIP, refactoring needed, da… Make wireguard connect work without sudo (WIP) May 8, 2020
@zolia
Copy link
Contributor

zolia commented May 11, 2020

What still concerns me is how we will secure such unix socket. Outside applications would be able to access these security lifted facilities pretty much effortlessly.

One possible way is to create a socketpair and send one socket end to peer using method like this:
https://blog.cloudflare.com/know-your-scm_rights/

Still this does not solve secure initial exchange problem. Somehow supervisor should be willing to communicate with authenticated node only.

Any ideas how to do that in most simple manner?

@anjmao anjmao force-pushed the no-root branch 5 times, most recently from 52c4357 to 5853617 Compare May 12, 2020 09:32
@anjmao anjmao changed the title Make wireguard connect work without sudo (WIP) Make wireguard connect work without sudo May 12, 2020
@anjmao anjmao marked this pull request as ready for review May 12, 2020 09:33
soffokl
soffokl approved these changes May 13, 2020
View reviewed changes
.gitlab-ci.yml Outdated Show resolved Hide resolved
bin/package_supervisor Outdated Show resolved Hide resolved
services/wireguard/endpoint/remoteclient/tun.go Outdated Show resolved Hide resolved
supervisor/config/config.go Outdated Show resolved Hide resolved
supervisor/daemon/myst_darwin.go Outdated Show resolved Hide resolved
supervisor/daemon/transport/transport_darwin.go Show resolved Hide resolved
supervisor/daemon/wireguard/monitor.go Outdated Show resolved Hide resolved
@anjmao anjmao merged commit 49ebeaa into master May 13, 2020
@anjmao anjmao deleted the no-root branch May 13, 2020 09:03
soffokl pushed a commit that referenced this pull request May 14, 2020
@anjmao @soffokl
Merge pull request #2193 from mysteriumnetwork/no-root
7face35 
Make wireguard connect work without sudo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@soffokl soffokl soffokl approved these changes

@anjmao anjmao anjmao approved these changes

@vkuznecovas vkuznecovas Awaiting requested review from vkuznecovas

@Waldz Waldz Awaiting requested review from Waldz Waldz is a code owner

@zolia zolia Awaiting requested review from zolia

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tadaskay @zolia @anjmao @soffokl