66b2e9fd07
Some checks are pending
checklocks / checklocks (push) Waiting to run
CodeQL / Analyze (go) (push) Waiting to run
Dockerfile build / deploy (push) Waiting to run
CI / race-root-integration (1/4) (push) Waiting to run
CI / race-root-integration (2/4) (push) Waiting to run
CI / race-root-integration (3/4) (push) Waiting to run
CI / race-root-integration (4/4) (push) Waiting to run
CI / test (-coverprofile=/tmp/coverage.out, amd64) (push) Waiting to run
CI / test (-race, amd64, 1/3) (push) Waiting to run
CI / test (-race, amd64, 2/3) (push) Waiting to run
CI / test (-race, amd64, 3/3) (push) Waiting to run
CI / test (386) (push) Waiting to run
CI / windows (push) Waiting to run
CI / privileged (push) Waiting to run
CI / vm (push) Waiting to run
CI / race-build (push) Waiting to run
CI / cross (386, linux) (push) Waiting to run
CI / cross (amd64, darwin) (push) Waiting to run
CI / cross (amd64, freebsd) (push) Waiting to run
CI / cross (amd64, openbsd) (push) Waiting to run
CI / cross (amd64, windows) (push) Waiting to run
CI / cross (arm, 5, linux) (push) Waiting to run
CI / cross (arm, 7, linux) (push) Waiting to run
CI / cross (arm64, darwin) (push) Waiting to run
CI / cross (arm64, linux) (push) Waiting to run
CI / cross (arm64, windows) (push) Waiting to run
CI / cross (loong64, linux) (push) Waiting to run
CI / ios (push) Waiting to run
CI / crossmin (amd64, illumos) (push) Waiting to run
CI / crossmin (amd64, plan9) (push) Waiting to run
CI / crossmin (amd64, solaris) (push) Waiting to run
CI / crossmin (ppc64, aix) (push) Waiting to run
CI / android (push) Waiting to run
CI / wasm (push) Waiting to run
CI / tailscale_go (push) Waiting to run
CI / fuzz (push) Waiting to run
CI / depaware (push) Waiting to run
CI / go_generate (push) Waiting to run
CI / go_mod_tidy (push) Waiting to run
CI / licenses (push) Waiting to run
CI / staticcheck (386, windows) (push) Waiting to run
CI / staticcheck (amd64, darwin) (push) Waiting to run
CI / staticcheck (amd64, linux) (push) Waiting to run
CI / staticcheck (amd64, windows) (push) Waiting to run
CI / notify_slack (push) Blocked by required conditions
CI / check_mergeability (push) Blocked by required conditions
Fixes #14372 Signed-off-by: Derek Kaser <11674153+dkaser@users.noreply.github.com>
68 lines
2.1 KiB
Go
68 lines
2.1 KiB
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
// Package featureknob provides a facility to control whether features
|
|
// can run based on either an envknob or running OS / distro.
|
|
package featureknob
|
|
|
|
import (
|
|
"errors"
|
|
"runtime"
|
|
|
|
"tailscale.com/envknob"
|
|
"tailscale.com/hostinfo"
|
|
"tailscale.com/version"
|
|
"tailscale.com/version/distro"
|
|
)
|
|
|
|
// CanRunTailscaleSSH reports whether serving a Tailscale SSH server is
|
|
// supported for the current os/distro.
|
|
func CanRunTailscaleSSH() error {
|
|
switch runtime.GOOS {
|
|
case "linux":
|
|
if distro.Get() == distro.Synology && !envknob.UseWIPCode() {
|
|
return errors.New("The Tailscale SSH server does not run on Synology.")
|
|
}
|
|
if distro.Get() == distro.QNAP && !envknob.UseWIPCode() {
|
|
return errors.New("The Tailscale SSH server does not run on QNAP.")
|
|
}
|
|
|
|
// Setting SSH on Home Assistant causes trouble on startup
|
|
// (since the flag is not being passed to `tailscale up`).
|
|
// Although Tailscale SSH does work here,
|
|
// it's not terribly useful since it's running in a separate container.
|
|
if hostinfo.GetEnvType() == hostinfo.HomeAssistantAddOn {
|
|
return errors.New("The Tailscale SSH server does not run on HomeAssistant.")
|
|
}
|
|
// otherwise okay
|
|
case "darwin":
|
|
// okay only in tailscaled mode for now.
|
|
if version.IsSandboxedMacOS() {
|
|
return errors.New("The Tailscale SSH server does not run in sandboxed Tailscale GUI builds.")
|
|
}
|
|
case "freebsd", "openbsd":
|
|
default:
|
|
return errors.New("The Tailscale SSH server is not supported on " + runtime.GOOS)
|
|
}
|
|
if !envknob.CanSSHD() {
|
|
return errors.New("The Tailscale SSH server has been administratively disabled.")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// CanUseExitNode reports whether using an exit node is supported for the
|
|
// current os/distro.
|
|
func CanUseExitNode() error {
|
|
switch dist := distro.Get(); dist {
|
|
case distro.Synology, // see https://github.com/tailscale/tailscale/issues/1995
|
|
distro.QNAP:
|
|
return errors.New("Tailscale exit nodes cannot be used on " + string(dist))
|
|
}
|
|
|
|
if hostinfo.GetEnvType() == hostinfo.HomeAssistantAddOn {
|
|
return errors.New("Tailscale exit nodes cannot be used on HomeAssistant.")
|
|
}
|
|
|
|
return nil
|
|
}
|