From 21a9a6c98c2a6d965fa0316be676c08ea1d024a1 Mon Sep 17 00:00:00 2001
From: deeplow <deeplower@protonmail.com>
Date: Mon, 15 Aug 2022 11:10:02 +0100
Subject: [PATCH] running dangerzone without root in container

There was previously a user created in the container but it was not
used via the dockerfile RUN directive (as pointed out by
gmarmstrong[1]).

Fixes #169

[1]: https://github.com/freedomofpress/dangerzone/issues/169#issue-1268399245
---
 container/Dockerfile    | 3 ++-
 dangerzone/container.py | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/container/Dockerfile b/container/Dockerfile
index 845de68..70fdbad 100644
--- a/container/Dockerfile
+++ b/container/Dockerfile
@@ -91,7 +91,8 @@ COPY dangerzone.py /usr/local/bin/
 RUN chmod +x /usr/local/bin/dangerzone.py
 
 # Add the unprivileged user
-RUN adduser -h /home/user -s /bin/sh -D user
+RUN adduser -s /bin/sh -D dangerzone
+USER dangerzone
 
 # /tmp/input_file is where the first convert expects the input file to be, and
 # /tmp where it will write the pixel files
diff --git a/dangerzone/container.py b/dangerzone/container.py
index 4a67857..0162e61 100644
--- a/dangerzone/container.py
+++ b/dangerzone/container.py
@@ -85,11 +85,13 @@ def convert(input_filename, output_filename, ocr_lang, stdout_callback):
     # drop all linux kernel capabilities
     security_args += ["--cap-drop", "all"]
 
+    user_args = ["-u", "dangerzone"]
 
     # Convert document to pixels
     args = (
         ["run", "--network", "none"]
         + platform_args
+        + user_args
         + security_args
         + [
             "-v",
@@ -113,6 +115,7 @@ def convert(input_filename, output_filename, ocr_lang, stdout_callback):
             ["run", "--network", "none"]
             + platform_args
             + security_args
+            + user_args
             + [
                 "-v",
                 f"{pixel_dir}:/dangerzone",