diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt index e8144c606..bc95ae89c 100644 --- a/cmd/tailscaled/depaware.txt +++ b/cmd/tailscaled/depaware.txt @@ -165,8 +165,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de inet.af/netaddr from inet.af/wf+ inet.af/peercred from tailscale.com/ipn/ipnserver W 💣 inet.af/wf from tailscale.com/wf - L 💣 kernel.org/pub/linux/libs/security/libcap/cap from tailscale.com/util/kmod - L kernel.org/pub/linux/libs/security/libcap/psx from kernel.org/pub/linux/libs/security/libcap/cap L nhooyr.io/websocket from tailscale.com/derp/derphttp+ L nhooyr.io/websocket/internal/errd from nhooyr.io/websocket L nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket diff --git a/go.mod b/go.mod index 96eb83e07..3fa95696a 100644 --- a/go.mod +++ b/go.mod @@ -63,7 +63,6 @@ require ( inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 inet.af/peercred v0.0.0-20210906144145-0893ea02156a inet.af/wf v0.0.0-20211204062712-86aaea0a7310 - kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 nhooyr.io/websocket v1.8.7 pault.ag/go/modprobe v0.1.2 ) @@ -262,7 +261,6 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect howett.net/plist v1.0.0 // indirect - kernel.org/pub/linux/libs/security/libcap/psx v1.2.64 // indirect mvdan.cc/gofumpt v0.2.0 // indirect mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect diff --git a/go.sum b/go.sum index aeccb0bf7..f96ba5e8e 100644 --- a/go.sum +++ b/go.sum @@ -1828,10 +1828,6 @@ inet.af/peercred v0.0.0-20210906144145-0893ea02156a h1:qdkS8Q5/i10xU2ArJMKYhVa1D inet.af/peercred v0.0.0-20210906144145-0893ea02156a/go.mod h1:FjawnflS/udxX+SvpsMgZfdqx2aykOlkISeAsADi5IU= inet.af/wf v0.0.0-20211204062712-86aaea0a7310 h1:0jKHTf+W75kYRyg5bto1UT+r18QmAz2u/5pAs/fx4zo= inet.af/wf v0.0.0-20211204062712-86aaea0a7310/go.mod h1:ViGMZRA6+RA318D7GCncrjv5gHUrPYrNDejjU12tikA= -kernel.org/pub/linux/libs/security/libcap/cap v1.2.64 h1:E1U4GNGSXEdzQUT+mop0iYawCNXDUU46Y8nfodb+ZY0= -kernel.org/pub/linux/libs/security/libcap/cap v1.2.64/go.mod h1:gtBlgvjXflnxHng9/3bXyXG3XmBYKDt35zu+lNmB+IA= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.64 h1:zlw/KoDjEObyddpFcvLiuu8frEvyEwVNc62WZQBp68w= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.64/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= mvdan.cc/gofumpt v0.0.0-20200802201014-ab5a8192947d/go.mod h1:bzrjFmaD6+xqohD3KYP0H2FEuxknnBmyyOxdhLdaIws= mvdan.cc/gofumpt v0.0.0-20201129102820-5c11c50e9475/go.mod h1:E4LOcu9JQEtnYXtB1Y51drqh2Qr2Ngk9J3YrRCwcbd0= mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48= diff --git a/util/kmod/kmod.go b/util/kmod/kmod.go index 728357bc1..6247456a4 100644 --- a/util/kmod/kmod.go +++ b/util/kmod/kmod.go @@ -26,7 +26,6 @@ import ( "go4.org/mem" "golang.org/x/sys/unix" - "kernel.org/pub/linux/libs/security/libcap/cap" "pault.ag/go/modprobe" "tailscale.com/util/lineread" "tailscale.com/util/multierr" @@ -65,16 +64,12 @@ func hasKernelModule(name string) (bool, error) { // result of true implies that it may be worth trying to install a module, not // that doing so will work. func canInstallModule() (bool, error) { - caps, err := cap.GetPID(0) // 0 = current process - if err == nil { - // errors from GetFlag are either due to the receiver being - // uninitialized, or the kernel gave junk results, both of which aren't - // very meaningful out of context to a user, so this error is mostly - // ignored. - b, err := caps.GetFlag(cap.Effective, cap.SYS_MODULE) - if err == nil { - return b, nil - } + var capData unix.CapUserData + if unix.Capget(&unix.CapUserHeader{ + Version: 0x20080522, // V3 added in Linux 2.6.26 + Pid: 0, // current + }, &capData) == nil { + return capData.Effective&unix.CAP_SYS_MODULE != 0, nil } // could not determine a well known result from capabilities, make an