What are you trying to do?
Work around cros-garcon's cold-boot crash on ChromeOS Crostini (documented in #12090) without waiting on a closed-source ChromiumOS fix. When tailscale0 is present in the interface list at garcon's netlink enumeration, garcon NULL-derefs and takes the penguin container with it. Defaulting Crostini to userspace-networking keeps tailscale0 out of the kernel and stops the crash. Four cold-boot tests are in my comment on #12090.
How should we solve this?
Three files, roughly 15 lines.
Detection. In version/distro/distro.go, add the constant and the detection case (before /etc/debian_version, since Crostini is Debian-based; same ordering rule UBNT and TrueNAS already follow):
Crostini = Distro("crostini")case have("/opt/google/cros-containers/bin/garcon"):
return Crostini/opt/google/cros-containers/bin/garcon is shipped by the cros-garcon package, is stable, and is specific to Crostini.
Default TUN. In cmd/tailscaled/tailscaled.go, inside defaultTunName()'s case "linux":, alongside the existing Synology check:
if distro.Get() == distro.Crostini {
// cros-garcon NULL-derefs on cold-boot netlink enumeration
// when tailscale0 is present. See #12090.
return "userspace-networking"
}Users on a fixed cros-garcon can still override with --tun=tailscale0.
Debian-derivative downstream. Crostini detecting as its own distro will stop matching case distro.Debian: in three places. I checked each:
clientupdate/clientupdate.go: harmless. The existing haveExecutable("apt-get") fallback catches Crostini identically.net/tstun/tun_linux.go: harmless. That branch only runs when the tun module fails to load, which cannot happen under userspace-networking.ssh/tailssh/user.go: minor regression (loses the Ubuntu-shaped SSH PATH). Fix inline: case distro.Debian, distro.Crostini:.
What is the impact of not solving this?
Today, Crostini users have to manually edit /etc/default/tailscaled to add FLAGS="--tun=userspace-networking". The recipe is in #12090 but most users will not know to look or how. cros-garcon ships as a closed aarch64 binary from Google, so an upstream ChromiumOS fix is on an indefinite timeline. userspace-networking is already the default on aix, solaris, illumos, and is the Synology fallback.
Anything else?
Happy to send the PR with Signed-off-by on each commit.
What are you trying to do?
Work around cros-garcon's cold-boot crash on ChromeOS Crostini (documented in #12090) without waiting on a closed-source ChromiumOS fix. When tailscale0 is present in the interface list at garcon's netlink enumeration, garcon NULL-derefs and takes the penguin container with it. Defaulting Crostini to userspace-networking keeps tailscale0 out of the kernel and stops the crash. Four cold-boot tests are in my comment on #12090.
How should we solve this?
Three files, roughly 15 lines.
Detection. In
version/distro/distro.go, add the constant and the detection case (before/etc/debian_version, since Crostini is Debian-based; same ordering rule UBNT and TrueNAS already follow):/opt/google/cros-containers/bin/garconis shipped by thecros-garconpackage, is stable, and is specific to Crostini.Default TUN. In
cmd/tailscaled/tailscaled.go, insidedefaultTunName()'scase "linux":, alongside the existing Synology check:Users on a fixed cros-garcon can still override with
--tun=tailscale0.Debian-derivative downstream. Crostini detecting as its own distro will stop matching
case distro.Debian:in three places. I checked each:clientupdate/clientupdate.go: harmless. The existinghaveExecutable("apt-get")fallback catches Crostini identically.net/tstun/tun_linux.go: harmless. That branch only runs when the tun module fails to load, which cannot happen under userspace-networking.ssh/tailssh/user.go: minor regression (loses the Ubuntu-shaped SSH PATH). Fix inline:case distro.Debian, distro.Crostini:.What is the impact of not solving this?
Today, Crostini users have to manually edit
/etc/default/tailscaledto addFLAGS="--tun=userspace-networking". The recipe is in #12090 but most users will not know to look or how. cros-garcon ships as a closed aarch64 binary from Google, so an upstream ChromiumOS fix is on an indefinite timeline. userspace-networking is already the default on aix, solaris, illumos, and is the Synology fallback.Anything else?
Happy to send the PR with
Signed-off-byon each commit.