github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 06:21:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: use sudo for tailscale configuration commands

Browse Source 
To avoid permission denied errors when modifying Tailscale configuration (serve/funnel),
we now prepend `sudo -n` to these commands. This ensures that if the user has appropriate
sudo privileges (specifically passwordless for these commands or generally), the operation
succeeds. If sudo fails (e.g. requires password non-interactively), it will throw an error
which is caught and logged as a warning, preserving existing behavior but attempting to escalate privileges first.

- Updated `ensureFunnel` to use `sudo -n` for the enabling step.
- Updated `enableTailscaleServe`, `disableTailscaleServe`, `enableTailscaleFunnel`, `disableTailscaleFunnel` to use `sudo -n`.
- Added tests in `src/infra/tailscale.test.ts` to verify `sudo` usage.
This commit is contained in:
google-labs-jules[bot]
2026-01-23 22:59:12 +00:00
committed by Peter Steinberger
parent 511a0c22b7
commit 66f353fe7a
2 changed files with 86 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/infra/tailscale.ts
View File

@@ -237,7 +237,7 @@ export async function ensureFunnel(
}
logVerbose(`Enabling funnel on port ${port}`);
const { stdout } = await exec(tailscaleBin, ["funnel", "--yes", "--bg", `${port}`], {
const { stdout } = await exec("sudo", ["-n", tailscaleBin, "funnel", "--yes", "--bg", `${port}`], {
maxBuffer: 200_000,
timeoutMs: 15_000,
});
@@ -288,7 +288,7 @@ export async function ensureFunnel(
export async function enableTailscaleServe(port: number, exec: typeof runExec = runExec) {
const tailscaleBin = await getTailscaleBinary();
await exec(tailscaleBin, ["serve", "--bg", "--yes", `${port}`], {
await exec("sudo", ["-n", tailscaleBin, "serve", "--bg", "--yes", `${port}`], {
maxBuffer: 200_000,
timeoutMs: 15_000,
});
@@ -296,7 +296,7 @@ export async function enableTailscaleServe(port: number, exec: typeof runExec =
export async function disableTailscaleServe(exec: typeof runExec = runExec) {
const tailscaleBin = await getTailscaleBinary();
await exec(tailscaleBin, ["serve", "reset"], {
await exec("sudo", ["-n", tailscaleBin, "serve", "reset"], {
maxBuffer: 200_000,
timeoutMs: 15_000,
});
@@ -304,7 +304,7 @@ export async function disableTailscaleServe(exec: typeof runExec = runExec) {
export async function enableTailscaleFunnel(port: number, exec: typeof runExec = runExec) {
const tailscaleBin = await getTailscaleBinary();
await exec(tailscaleBin, ["funnel", "--bg", "--yes", `${port}`], {
await exec("sudo", ["-n", tailscaleBin, "funnel", "--bg", "--yes", `${port}`], {
maxBuffer: 200_000,
timeoutMs: 15_000,
});
@@ -312,7 +312,7 @@ export async function enableTailscaleFunnel(port: number, exec: typeof runExec =
export async function disableTailscaleFunnel(exec: typeof runExec = runExec) {
const tailscaleBin = await getTailscaleBinary();
await exec(tailscaleBin, ["funnel", "reset"], {
await exec("sudo", ["-n", tailscaleBin, "funnel", "reset"], {
maxBuffer: 200_000,
timeoutMs: 15_000,
});