cmd/containerboot: wait for consistent state on shutdown - tailscale - The easiest, most secure way to use WireGuard and 2FA

diff options

author	Tom Proctor <tomhjp@users.noreply.github.com>	2024-12-05 12:40:45 +0000
committer	Tom Proctor <tomhjp@users.noreply.github.com>	2024-12-05 12:40:45 +0000
commit	1363be38ce2f15c229c5ac4b643524d9a29edfb3 (patch)
tree	967c5f82a7e850f0cb15996e12d4b0120283ce19 /control/controlhttp/controlhttpserver/controlhttpserver.go
parent	df94a1487076f744742d5b5c3a234d628bfd2bb5 (diff)
download	tailscale-1363be38ce2f15c229c5ac4b643524d9a29edfb3.tar.xz tailscale-1363be38ce2f15c229c5ac4b643524d9a29edfb3.zip

cmd/containerboot: wait for consistent state on shutdown

tailscaled's ipn package writes a collection of keys to state after authenticating to control, but one at a time. If containerboot happens to send a SIGTERM signal to tailscaled in the middle of writing those keys, it may shut down with an inconsistent state Secret and never recover. While we can't durably fix this with our current single-use auth keys (no atomic operation to auth + write state), we can reduce the window for this race condition by checking for partial state before sending SIGTERM to tailscaled. Best effort only. Updates #14080 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>

Diffstat (limited to 'control/controlhttp/controlhttpserver/controlhttpserver.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: