Skip to content

feat: add --net-admin option to install script #9953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 3, 2023
Merged

feat: add --net-admin option to install script #9953

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 37 additions & 5 deletions install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@
set -eu

# Coder's automatic install script.
# See https://github.com/coder/coder#installing-coder
# See https://github.com/coder/coder#install
#
# To run:
# curl -L https://coder.com/install.sh | sh

usage() {
arg0="$0"
Expand Down Expand Up @@ -61,6 +64,11 @@ Usage:
just want it on your base system aswell.
This supports most systems, however if you are unsure yours is supported you can check
the link above.
--net-admin
Adds \`CAP_NET_ADMIN\` to the installed binary. This allows Coder to
increase network speeds, but has security implications.
See: https://man7.org/linux/man-pages/man7/capabilities.7.html
This only works on Linux based systems.


The detection method works as follows:
Expand Down Expand Up @@ -230,7 +238,8 @@ main() {
RSH_ARGS \
EDGE \
RSH \
WITH_TERRAFORM
WITH_TERRAFORM \
CAP_NET_ADMIN

ALL_FLAGS=""

Expand Down Expand Up @@ -290,6 +299,9 @@ main() {
--with-terraform)
WITH_TERRAFORM=1
;;
--net-admin)
CAP_NET_ADMIN=1
;;
--)
shift
# We remove the -- added above.
Expand Down Expand Up @@ -362,7 +374,7 @@ main() {
fi

# Start by installing Terraform, if requested
if [ "${WITH_TERRAFORM-}" = 1 ]; then
if [ "${WITH_TERRAFORM-}" ]; then
with_terraform
fi

Expand Down Expand Up @@ -398,6 +410,26 @@ main() {
install_standalone
;;
esac

if [ "${CAP_NET_ADMIN:-}" ]; then
cap_net_admin
fi
}

cap_net_admin() {
if ! command_exists setcap && command_exists capsh; then
echo "Package 'libcap' not found. See install instructions for your distro: https://command-not-found.com/setcap"
return
fi

# Make sure we'e allowed to add CAP_NET_ADMIN.
if sudo_sh_c capsh --has-p=CAP_NET_ADMIN; then
sudo_sh_c setcap CAP_NET_ADMIN=+ep "$(command -v coder)" || true

# Unable to escalate perms, notify the user.
else
echo "Unable to setcap agent binary. Ensure the root user has CAP_NET_ADMIN permissions."
fi
}

parse_arg() {
Expand Down Expand Up @@ -697,10 +729,10 @@ sh_c() {
sudo_sh_c() {
if [ "$(id -u)" = 0 ]; then
sh_c "$@"
elif command_exists doas; then
sh_c "doas $*"
elif command_exists sudo; then
sh_c "sudo $*"
elif command_exists doas; then
sh_c "doas $*"
elif command_exists su; then
sh_c "su - -c '$*'"
else
Expand Down