From 3a9044f2407d7d10ca746241a151382f9c9c483b Mon Sep 17 00:00:00 2001
From: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Date: Mon, 7 Nov 2022 22:56:06 -0800
Subject: [PATCH] Rename darwin-kubelet to containerd

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
---
 runtime/v2/shim/util_unix.go | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/runtime/v2/shim/util_unix.go b/runtime/v2/shim/util_unix.go
index 4e2309a80..1d6c09a67 100644
--- a/runtime/v2/shim/util_unix.go
+++ b/runtime/v2/shim/util_unix.go
@@ -26,6 +26,7 @@ import (
 	"net"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 	"syscall"
 	"time"
@@ -87,15 +88,20 @@ func AnonReconnectDialer(address string, timeout time.Duration) (net.Conn, error
 // NewSocket returns a new socket
 func NewSocket(address string) (*net.UnixListener, error) {
 	var (
-		sock = socket(address)
-		path = sock.path()
+		sock       = socket(address)
+		path       = sock.path()
+		isAbstract = sock.isAbstract()
+		perm       = os.FileMode(0600)
 	)
 
-	isAbstract := sock.isAbstract()
+	// Darwin needs +x to access socket, otherwise it'll fail with "bind: permission denied" when running as non-root.
+	if runtime.GOOS == "darwin" {
+		perm = 0700
+	}
 
 	if !isAbstract {
-		if err := os.MkdirAll(filepath.Dir(path), 0600); err != nil {
-			return nil, fmt.Errorf("%s: %w", path, err)
+		if err := os.MkdirAll(filepath.Dir(path), perm); err != nil {
+			return nil, fmt.Errorf("mkdir failed for %s: %w", path, err)
 		}
 	}
 	l, err := net.Listen("unix", path)
@@ -104,12 +110,13 @@ func NewSocket(address string) (*net.UnixListener, error) {
 	}
 
 	if !isAbstract {
-		if err := os.Chmod(path, 0600); err != nil {
+		if err := os.Chmod(path, perm); err != nil {
 			os.Remove(sock.path())
 			l.Close()
-			return nil, err
+			return nil, fmt.Errorf("chmod failed for %s: %w", path, err)
 		}
 	}
+
 	return l.(*net.UnixListener), nil
 }