cmd/systray: set ipn.NotifyNoPrivateKeys, permit non-operator use

Otherwise you get "Access denied: watch IPN bus access denied, must set ipn.NotifyNoPrivateKeys when not running as admin/root or operator". This lets a non-operator at least start the app and see the status, even if they can't change everything. (the web UI is unaffected by operator) A future change can add a LocalAPI call to check permissions and guide people through adding a user as an operator (perhaps the web client can do that?) Updates tailscale#1708 Change-Id: I699e035a251b4ebe14385102d5e7a2993424c4b7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
nshalman · Aug 23, 2024 · b091264 · b091264
1 parent 3c66ee3
commit b091264
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/cmd/systray/systray.go b/cmd/systray/systray.go
@@ -180,7 +180,7 @@ func (menu *Menu) eventLoop(ctx context.Context) {
 // watchIPNBus subscribes to the tailscale event bus and sends state updates to chState.
 // This method does not return.
 func watchIPNBus(ctx context.Context) {
-	watcher, err := localClient.WatchIPNBus(ctx, ipn.NotifyInitialState)
+	watcher, err := localClient.WatchIPNBus(ctx, ipn.NotifyInitialState|ipn.NotifyNoPrivateKeys)
 	if err != nil {
 		log.Printf("watching ipn bus: %v", err)
 	}