Skip to content

sg: finer grained .bin/ detection for FW

Warren Gifford requested to merge devx/fix-firewall into main

Created by: jhchabran

The previous PR https://github.com/sourcegraph/sourcegraph/pull/34475 nailed the root cause but it did not catch some edge cases where the command is behind a pipe.

I zoomed with @BolajiOlajide and saw that Zoekt was the culprit that wasn't added as an exception.

I suspect that the reason for with neither @bobheadxi or me have noticed it is because no connection attempt is being made to some services during the startup due to our local state.

This PR now iterates through all commands, including the ones in a pipe. The result is that my firewall exceptions are now covering the missing binaries.

Test plan

Tested locally, asserted the presence of Zoekt in the exceptions in the firewall control panel.

Merge request reports

Loading