Commitdf92df4

authored

fix(agent): filter outGOTRACEBACK=none (#16924)

With the switch to Go 1.24.1, our dogfood workspaces started setting`GOTRACEBACK=none` in the environment, resulting in missing stacktracesfor users.This is due to the capability changes we do when`USE_CAP_NET_ADMIN=true`.https://github.com/coder/coder/blob/564b387262e5b768c503e5317242d9ab576395d6/provisionersdk/scripts/bootstrap_linux.sh#L60-L76This most likely triggers a change in securitybits which sets`_AT_SECURE` for the process.https://github.com/golang/go/blob/a1ddbdd3ef8b739aab53f20d6ed0a61c3474cf12/src/runtime/os_linux.go#L297-L327Which in turn triggers secure mode:https://github.com/golang/go/blob/a1ddbdd3ef8b739aab53f20d6ed0a61c3474cf12/src/runtime/security_unix.goThis should not affect workspaces as template authors can still set theenvironment on the agent resource.Seehttps://pkg.go.dev/runtime#hdr-Security

1 parentf01ee96 commitdf92df4Copy full SHA for df92df4

File tree

+24

-2

lines changed

+24

-2

lines changed

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,8 @@ import (`
`17`	`17`	`"golang.org/x/sys/unix"`
`18`	`18`	`"golang.org/x/xerrors"`
`19`	`19`	`"kernel.org/pub/linux/libs/security/libcap/cap"`
	`20`	`+`
	`21`	`+"github.com/coder/coder/v2/agent/usershell"`
`20`	`22`	`)`
`21`	`23`
`22`	`24`	`// CLI runs the agent-exec command. It should only be called by the cli package.`
`@@ -114,7 +116,8 @@ func CLI() error {`
`114`	`116`
`115`	`117`	`// Remove environment variables specific to the agentexec command. This is`
`116`	`118`	`// especially important for environments that are attempting to develop Coder in Coder.`
`117`		`-env:=os.Environ()`
	`119`	`+ei:= usershell.SystemEnvInfo{}`
	`120`	`+env:=ei.Environ()`
`118`	`121`	`env=slices.DeleteFunc(env,func(estring)bool {`
`119`	`122`	`returnstrings.HasPrefix(e,EnvProcPrioMgmt)\|\|`
`120`	`123`	`strings.HasPrefix(e,EnvProcOOMScore)\|\|`

Lines changed: 11 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,17 @@ func (SystemEnvInfo) User() (*user.User, error) {`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`func (SystemEnvInfo)Environ() []string {`
`53`		`-returnos.Environ()`
	`53`	`+varenv []string`
	`54`	`+for_,e:=rangeos.Environ() {`
	`55`	`+// Ignore GOTRACEBACK=none, as it disables stack traces, it can`
	`56`	`+// be set on the agent due to changes in capabilities.`
	`57`	`+// https://pkg.go.dev/runtime#hdr-Security.`
	`58`	`+ife=="GOTRACEBACK=none" {`
	`59`	`+continue`
	`60`	`+}`
	`61`	`+env=append(env,e)`
	`62`	`+}`
	`63`	`+returnenv`
`54`	`64`	`}`
`55`	`65`
`56`	`66`	`func (SystemEnvInfo)HomeDir() (string,error) {`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -43,4 +43,13 @@ func TestGet(t *testing.T) {`
`43`	`43`	`require.NotEmpty(t,shell)`
`44`	`44`	`})`
`45`	`45`	`})`
	`46`	`+`
	`47`	`+t.Run("Remove GOTRACEBACK=none",func(t*testing.T) {`
	`48`	`+t.Setenv("GOTRACEBACK","none")`
	`49`	`+ei:= usershell.SystemEnvInfo{}`
	`50`	`+env:=ei.Environ()`
	`51`	`+for_,e:=rangeenv {`
	`52`	`+require.NotEqual(t,"GOTRACEBACK=none",e)`
	`53`	`+}`
	`54`	`+})`
`46`	`55`	`}`

Comments

(0)