Allow collect to chroot itself (#1658)

* Enable chroot * typo * platform specific chroot functions * Add friendly chroot warning if running without elevated permissions
2026-02-14 10:19:54 +00:00 · 2024-10-22 17:06:07 +01:00
parent 0fb0a07e55
commit c968fca125
4 changed files with 56 additions and 0 deletions
--- a/cmd/collect/cli/chroot_darwin.go
+++ b/cmd/collect/cli/chroot_darwin.go
@@ -0,0 +1,21 @@
+package cli
+
+import (
+	"errors"
+	"syscall"
+
+	"github.com/replicatedhq/troubleshoot/internal/util"
+)
+
+func checkAndSetChroot(newroot string) error {
+	if newroot == "" {
+		return nil
+	}
+	if !util.IsRunningAsRoot() {
+		return errors.New("Can only chroot when run as root")
+	}
+	if err := syscall.Chroot(newroot); err != nil {
+		return err
+	}
+	return nil
+}
--- a/cmd/collect/cli/chroot_linux.go
+++ b/cmd/collect/cli/chroot_linux.go
@@ -0,0 +1,21 @@
+package cli
+
+import (
+	"errors"
+	"syscall"
+
+	"github.com/replicatedhq/troubleshoot/internal/util"
+)
+
+func checkAndSetChroot(newroot string) error {
+	if newroot == "" {
+		return nil
+	}
+	if !util.IsRunningAsRoot() {
+		return errors.New("Can only chroot when run as root")
+	}
+	if err := syscall.Chroot(newroot); err != nil {
+		return err
+	}
+	return nil
+}
--- a/cmd/collect/cli/chroot_windows.go
+++ b/cmd/collect/cli/chroot_windows.go
@@ -0,0 +1,9 @@
+package cli
+
+import (
+	"errors"
+)
+
+func checkAndSetChroot(newroot string) error {
+	return errors.New("chroot is only implimented in linux/darwin")
+}
--- a/cmd/collect/cli/root.go
+++ b/cmd/collect/cli/root.go
@@ -32,6 +32,10 @@ func RootCmd() *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			v := viper.GetViper()

+			if err := checkAndSetChroot(v.GetString("chroot")); err != nil {
+				return err
+			}
+
 			return runCollect(v, args[0])
 		},
 		PostRun: func(cmd *cobra.Command, args []string) {
@@ -53,6 +57,7 @@ func RootCmd() *cobra.Command {
 	cmd.Flags().String("selector", "", "selector (label query) to filter remote collection nodes on.")
 	cmd.Flags().Bool("collect-without-permissions", false, "always generate a support bundle, even if it some require additional permissions")
 	cmd.Flags().Bool("debug", false, "enable debug logging")
+	cmd.Flags().String("chroot", "", "Chroot to path")

 	// hidden in favor of the `insecure-skip-tls-verify` flag
 	cmd.Flags().Bool("allow-insecure-connections", false, "when set, do not verify TLS certs when retrieving spec and reporting results")