github.com/cilium/cilium@v1.16.2/pkg/api/socket.go

github.com/cilium/cilium@v1.16.2/pkg/api/socket.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package api
     5  
     6  import (
     7  	"fmt"
     8  	"os"
     9  	"os/user"
    10  	"strconv"
    11  
    12  	"github.com/sirupsen/logrus"
    13  
    14  	"github.com/cilium/cilium/pkg/logging"
    15  	"github.com/cilium/cilium/pkg/logging/logfields"
    16  )
    17  
    18  var log = logging.DefaultLogger.WithField(logfields.LogSubsys, "api")
    19  
    20  // getGroupIDByName returns the group ID for the given grpName.
    21  func getGroupIDByName(grpName string) (int, error) {
    22  	group, err := user.LookupGroup(grpName)
    23  	if err != nil {
    24  		return -1, err
    25  	}
    26  	return strconv.Atoi(group.Gid)
    27  }
    28  
    29  // SetDefaultPermissions sets the given socket's group to `CiliumGroupName` and
    30  // mode to `SocketFileMode`.
    31  func SetDefaultPermissions(socketPath string) error {
    32  	gid, err := getGroupIDByName(CiliumGroupName)
    33  	if err != nil {
    34  		log.WithError(err).WithFields(logrus.Fields{
    35  			logfields.Path: socketPath,
    36  			"group":        CiliumGroupName,
    37  		}).Debug("Group not found")
    38  	} else {
    39  		if err := os.Chown(socketPath, 0, gid); err != nil {
    40  			return fmt.Errorf("failed while setting up %s's group ID"+
    41  				" in %q: %s", CiliumGroupName, socketPath, err)
    42  		}
    43  	}
    44  	if err := os.Chmod(socketPath, SocketFileMode); err != nil {
    45  		return fmt.Errorf("failed while setting up file permissions in %q: %w",
    46  			socketPath, err)
    47  	}
    48  	return nil
    49  }