Disable exec/java/qemu when non-root on non-windows OSes

client/driver/exec.go

@@ -2,7 +2,9 @@ package driver
 
 import (
 	"fmt"
+	"runtime"
 	"strings"
+	"syscall"
 	"time"
 
 	"github.com/hashicorp/nomad/client/config"
@@ -30,7 +32,11 @@ func NewExecDriver(ctx *DriverContext) Driver {
 }
 
 func (d *ExecDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
-	// We can always do a fork/exec
+	// Only enable if we are root when running on non-windows systems.
+	if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
+		return false, nil
+	}
+
 	node.Attributes["driver.exec"] = "1"
 	return true, nil
 }

client/driver/java.go

@@ -9,7 +9,9 @@ import (
 	"os/exec"
 	"path"
 	"path/filepath"
+	"runtime"
 	"strings"
+	"syscall"
 	"time"
 
 	"github.com/hashicorp/nomad/client/config"
@@ -36,6 +38,11 @@ func NewJavaDriver(ctx *DriverContext) Driver {
 }
 
 func (d *JavaDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
+	// Only enable if we are root when running on non-windows systems.
+	if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
+		return false, nil
+	}
+
 	// Find java version
 	var out bytes.Buffer
 	var erOut bytes.Buffer

client/driver/qemu.go

@@ -13,7 +13,9 @@ import (
 	"os/exec"
 	"path/filepath"
 	"regexp"
+	"runtime"
 	"strings"
+	"syscall"
 	"time"
 
 	"github.com/hashicorp/nomad/client/config"
@@ -52,6 +54,11 @@ func NewQemuDriver(ctx *DriverContext) Driver {
 }
 
 func (d *QemuDriver) Fingerprint(cfg *config.Config, node *structs.Node) (bool, error) {
+	// Only enable if we are root when running on non-windows systems.
+	if runtime.GOOS != "windows" && syscall.Geteuid() != 0 {
+		return false, nil
+	}
+
 	outBytes, err := exec.Command("qemu-system-x86_64", "-version").Output()
 	if err != nil {
 		return false, nil