mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 18:02:38 +02:00
Butcher resolv.conf and shadow
Some checks failed
Build dev environments / Build dev-env (debian-bookworm) (push) Has been cancelled
Build dev environments / Build dev-env (debian-bullseye) (push) Has been cancelled
Build dev environments / Build dev-env (debian-trixie) (push) Has been cancelled
Build dev environments / Build dev-env (fedora-40) (push) Has been cancelled
Build dev environments / Build dev-env (fedora-41) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-20.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-22.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-24.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-24.10) (push) Has been cancelled
Build dev environments / build-container-image (push) Has been cancelled
Tests / run-lint (push) Has been cancelled
Tests / build-container-image (push) Has been cancelled
Tests / Download and cache Tesseract data (push) Has been cancelled
Tests / check-reproducibility (push) Has been cancelled
Release multi-arch container image / build (linux/amd64) (push) Has been cancelled
Release multi-arch container image / build (linux/arm64) (push) Has been cancelled
Tests / windows (push) Has been cancelled
Tests / macOS (arch64) (push) Has been cancelled
Tests / macOS (x86_64) (push) Has been cancelled
Tests / build-deb (debian bookworm) (push) Has been cancelled
Tests / build-deb (debian bullseye) (push) Has been cancelled
Tests / build-deb (debian trixie) (push) Has been cancelled
Tests / build-deb (ubuntu 20.04) (push) Has been cancelled
Tests / build-deb (ubuntu 22.04) (push) Has been cancelled
Tests / build-deb (ubuntu 24.04) (push) Has been cancelled
Tests / build-deb (ubuntu 24.10) (push) Has been cancelled
Tests / install-deb (debian bookworm) (push) Has been cancelled
Tests / install-deb (debian bullseye) (push) Has been cancelled
Tests / install-deb (debian trixie) (push) Has been cancelled
Tests / install-deb (ubuntu 20.04) (push) Has been cancelled
Tests / install-deb (ubuntu 22.04) (push) Has been cancelled
Tests / install-deb (ubuntu 24.04) (push) Has been cancelled
Tests / install-deb (ubuntu 24.10) (push) Has been cancelled
Tests / build-install-rpm (fedora 40) (push) Has been cancelled
Tests / build-install-rpm (fedora 41) (push) Has been cancelled
Tests / run tests (debian bookworm) (push) Has been cancelled
Tests / run tests (debian bullseye) (push) Has been cancelled
Tests / run tests (debian trixie) (push) Has been cancelled
Tests / run tests (fedora 40) (push) Has been cancelled
Tests / run tests (fedora 41) (push) Has been cancelled
Tests / run tests (ubuntu 20.04) (push) Has been cancelled
Tests / run tests (ubuntu 22.04) (push) Has been cancelled
Tests / run tests (ubuntu 24.04) (push) Has been cancelled
Tests / run tests (ubuntu 24.10) (push) Has been cancelled
Release multi-arch container image / merge (push) Has been cancelled
Release multi-arch container image / provenance (push) Has been cancelled
Some checks failed
Build dev environments / Build dev-env (debian-bookworm) (push) Has been cancelled
Build dev environments / Build dev-env (debian-bullseye) (push) Has been cancelled
Build dev environments / Build dev-env (debian-trixie) (push) Has been cancelled
Build dev environments / Build dev-env (fedora-40) (push) Has been cancelled
Build dev environments / Build dev-env (fedora-41) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-20.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-22.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-24.04) (push) Has been cancelled
Build dev environments / Build dev-env (ubuntu-24.10) (push) Has been cancelled
Build dev environments / build-container-image (push) Has been cancelled
Tests / run-lint (push) Has been cancelled
Tests / build-container-image (push) Has been cancelled
Tests / Download and cache Tesseract data (push) Has been cancelled
Tests / check-reproducibility (push) Has been cancelled
Release multi-arch container image / build (linux/amd64) (push) Has been cancelled
Release multi-arch container image / build (linux/arm64) (push) Has been cancelled
Tests / windows (push) Has been cancelled
Tests / macOS (arch64) (push) Has been cancelled
Tests / macOS (x86_64) (push) Has been cancelled
Tests / build-deb (debian bookworm) (push) Has been cancelled
Tests / build-deb (debian bullseye) (push) Has been cancelled
Tests / build-deb (debian trixie) (push) Has been cancelled
Tests / build-deb (ubuntu 20.04) (push) Has been cancelled
Tests / build-deb (ubuntu 22.04) (push) Has been cancelled
Tests / build-deb (ubuntu 24.04) (push) Has been cancelled
Tests / build-deb (ubuntu 24.10) (push) Has been cancelled
Tests / install-deb (debian bookworm) (push) Has been cancelled
Tests / install-deb (debian bullseye) (push) Has been cancelled
Tests / install-deb (debian trixie) (push) Has been cancelled
Tests / install-deb (ubuntu 20.04) (push) Has been cancelled
Tests / install-deb (ubuntu 22.04) (push) Has been cancelled
Tests / install-deb (ubuntu 24.04) (push) Has been cancelled
Tests / install-deb (ubuntu 24.10) (push) Has been cancelled
Tests / build-install-rpm (fedora 40) (push) Has been cancelled
Tests / build-install-rpm (fedora 41) (push) Has been cancelled
Tests / run tests (debian bookworm) (push) Has been cancelled
Tests / run tests (debian bullseye) (push) Has been cancelled
Tests / run tests (debian trixie) (push) Has been cancelled
Tests / run tests (fedora 40) (push) Has been cancelled
Tests / run tests (fedora 41) (push) Has been cancelled
Tests / run tests (ubuntu 20.04) (push) Has been cancelled
Tests / run tests (ubuntu 22.04) (push) Has been cancelled
Tests / run tests (ubuntu 24.04) (push) Has been cancelled
Tests / run tests (ubuntu 24.10) (push) Has been cancelled
Release multi-arch container image / merge (push) Has been cancelled
Release multi-arch container image / provenance (push) Has been cancelled
This commit is contained in:
Alex Pyrgiotis
parent
864275357b
commit
859aa5dbf8
1 changed files with 10 additions and 3 deletions
13
Dockerfile
13
Dockerfile
|
|
@ -52,9 +52,12 @@ RUN mkdir /opt/libreoffice_ext && cd /opt/libreoffice_ext \
|
||||||
&& rm /root/.wget-hsts
|
&& rm /root/.wget-hsts
|
||||||
|
|
||||||
# Create an unprivileged user both for gVisor and for running Dangerzone.
|
# Create an unprivileged user both for gVisor and for running Dangerzone.
|
||||||
|
# XXX: Make the shadow filed "date of last password change" a constant
|
||||||
|
# number.
|
||||||
RUN addgroup --gid 1000 dangerzone
|
RUN addgroup --gid 1000 dangerzone
|
||||||
RUN adduser --uid 1000 --ingroup dangerzone --shell /bin/true \
|
RUN adduser --uid 1000 --ingroup dangerzone --shell /bin/true \
|
||||||
--disabled-password --home /home/dangerzone dangerzone
|
--disabled-password --home /home/dangerzone dangerzone \
|
||||||
|
&& chage -d 99999 dangerzone
|
||||||
|
|
||||||
# Copy Dangerzone's conversion logic under /opt/dangerzone, and allow Python to
|
# Copy Dangerzone's conversion logic under /opt/dangerzone, and allow Python to
|
||||||
# import it.
|
# import it.
|
||||||
|
|
@ -178,8 +181,12 @@ RUN mkdir -p \
|
||||||
/new_root/tmp \
|
/new_root/tmp \
|
||||||
/new_root/home/dangerzone/dangerzone-image/rootfs
|
/new_root/home/dangerzone/dangerzone-image/rootfs
|
||||||
|
|
||||||
RUN cp -r /etc /var /new_root/
|
# XXX: Remove /etc/resolv.conf, so that the network configuration of the host
|
||||||
RUN cp -r /etc /opt /usr /new_root/home/dangerzone/dangerzone-image/rootfs
|
# does not leak.
|
||||||
|
RUN cp -r /etc /var /new_root/ \
|
||||||
|
&& rm /new_root/etc/resolv.conf
|
||||||
|
RUN cp -r /etc /opt /usr /new_root/home/dangerzone/dangerzone-image/rootfs \
|
||||||
|
&& rm /new_root/home/dangerzone/dangerzone-image/rootfs/etc/resolv.conf
|
||||||
|
|
||||||
RUN ln -s /home/dangerzone/dangerzone-image/rootfs/usr /new_root/usr
|
RUN ln -s /home/dangerzone/dangerzone-image/rootfs/usr /new_root/usr
|
||||||
RUN ln -s usr/bin /new_root/bin
|
RUN ln -s usr/bin /new_root/bin
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue