Add non-dbus alternative to detect system shutdown

Signed-off-by: keliramu <ramunas.keliuotis@nordsec.com>
NordSecurity · May 24, 2024 · 8ab8cfd · 8ab8cfd
1 parent 2cea95a
commit 8ab8cfd
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 16 deletions.
diff --git a/cmd/daemon/main.go b/cmd/daemon/main.go
@@ -551,7 +551,7 @@ func main() {
 	go rpc.StartJobs()
 	go meshService.StartJobs()
 	rpc.StartKillSwitch()
-	go rpc.RunSystemShutdownMonitor()
+	go rpc.StartSystemShutdownMonitor()
 
 	if cfg.AutoConnect {
 		go rpc.StartAutoConnect(network.ExponentialBackoff)

diff --git a/daemon/jobs.go b/daemon/jobs.go
@@ -82,17 +82,21 @@ func (r *RPC) StopKillSwitch() error {
 		return fmt.Errorf("loading daemon config: %w", err)
 	}
 
-	// do not unset killswitch rules if system is in shutdown or reboot
-	if cfg.KillSwitch && !r.systemShutdown.Load() {
-		if err := r.netw.UnsetKillSwitch(); err != nil {
-			return fmt.Errorf("unsetting killswitch: %w", err)
+	if cfg.KillSwitch {
+		// do not unset killswitch rules if system is in shutdown or reboot
+		shutdownIsActive := (r.dbusAvailable.Load() && r.systemShutdown.Load()) ||
+			(!r.dbusAvailable.Load() && internal.IsSystemShutdown())
+		if !shutdownIsActive {
+			if err := r.netw.UnsetKillSwitch(); err != nil {
+				return fmt.Errorf("unsetting killswitch: %w", err)
+			}
 		}
 	}
 	return nil
 }
 
-// RunSystemShutdownMonitor to be run on separate goroutine
-func (r *RPC) RunSystemShutdownMonitor() {
+// StartSystemShutdownMonitor to be run on separate goroutine
+func (r *RPC) StartSystemShutdownMonitor() {
 	// get connection to system dbus
 	conn, err := dbus.SystemBus()
 	if err != nil {
@@ -101,6 +105,8 @@ func (r *RPC) RunSystemShutdownMonitor() {
 	}
 	defer conn.Close()
 
+	r.dbusAvailable.Store(true)
+
 	// register dbus signal monitor
 	err = conn.AddMatchSignal(
 		dbus.WithMatchInterface("org.freedesktop.systemd1.Manager"),

diff --git a/daemon/rpc.go b/daemon/rpc.go
@@ -52,6 +52,7 @@ type RPC struct {
 	analytics        events.Analytics
 	norduser         service.NorduserService
 	meshRegistry     mesh.Registry
+	dbusAvailable    atomic.Bool
 	systemShutdown   atomic.Bool
 	pb.UnimplementedDaemonServer
 }

diff --git a/internal/filesystem.go b/internal/filesystem.go
@@ -442,15 +442,6 @@ func CliDimensions() ([]string, error) {
 	return strings.Split(strings.Trim(string(out), "\n"), " "), nil
 }
 
-// IsServiceActive check if given service is active
-func IsServiceActive(service string) bool {
-	out, err := exec.Command(SystemctlExec, "is-active", service).Output()
-	if err != nil {
-		return false
-	}
-	return "active" == strings.Trim(strings.Trim(string(out), "\n"), " ")
-}
-
 // MachineID return unique machine identification id
 func MachineID() uuid.UUID {
 	// systemd machine id

diff --git a/internal/systemd.go b/internal/systemd.go
@@ -0,0 +1,20 @@
+package internal
+
+import (
+	"os/exec"
+	"strings"
+)
+
+// IsServiceActive check if given service is active
+func IsServiceActive(service string) bool {
+	out, err := exec.Command(SystemctlExec, "is-active", service).Output()
+	if err != nil {
+		return false
+	}
+	return "active" == strings.Trim(strings.Trim(string(out), "\n"), " ")
+}
+
+// IsSystemShutdown detect if system is being shutdown
+func IsSystemShutdown() bool {
+	return FileExists("/run/nologin") || FileExists("/var/run/nologin")
+}