almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-29 10:12:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

drop all linux kernel capabilities from containers

Browse source 
These are not needed in order to convert documents in the
dangerzone containers.
This commit is contained in:
deeplow 2022-08-10 19:44:09 +01:00
parent a02801cc2d
commit 2d4bad680e
No known key found for this signature in database
GPG key ID: 577982871529A52A
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dangerzone/container.py
View file

@ -82,6 +82,8 @@ def convert(input_filename, output_filename, ocr_lang, stdout_callback):
platform_args = [] platform_args = []
security_args = ["--security-opt", "no-new-privileges"] security_args = ["--security-opt", "no-new-privileges"]
# drop all linux kernel capabilities
security_args += ["--cap-drop", "all"]
# Convert document to pixels # Convert document to pixels