almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Lockdown ssh, and also temporarily comment out deleting containers on ISO build

Browse source
This commit is contained in:
Micah Lee 2021-07-27 10:54:17 -07:00
parent 2c2f87593c
commit 9fcb304545
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
2 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
dangerzone/gui/vm.py
View file

@ -153,6 +153,8 @@ class Vm(QtCore.QObject):
"UseDNS=no",
"-o",
f"AuthorizedKeysFile={self.ssh_client_pubkey_path}",
"-o",
"ForceCommand=/sbin/nologin",
]
args_str = " ".join(pipes.quote(s) for s in args)
print("> " + args_str)
@ -229,11 +231,14 @@ class Vm(QtCore.QObject):
]
args_str = " ".join(pipes.quote(s) for s in args)
print("> " + args_str)
# To be able to login to the VM from the console, remove the stdout, stderr, and stdin args below
# self.hyperkit_p = subprocess.Popen(
# args, stdout=self.devnull, stderr=self.devnull, stdin=self.devnull
# )
self.hyperkit_p = subprocess.Popen(args)
# Start the VM with the ability to login
# self.hyperkit_p = subprocess.Popen(args)
# Start the VM without ability to login
self.hyperkit_p = subprocess.Popen(
args, stdout=self.devnull, stderr=self.devnull, stdin=self.devnull
)
# Wait for SSH thread
self.wait_t = WaitForSsh(self.sshd_tunnel_port)

4
install/vm-builder/build-iso.sh
View file

@ -5,7 +5,9 @@ sudo modprobe fuse
sudo modprobe tun
sudo rc-update add cgroups
sudo rc-service cgroups start
sudo -u user podman system prune -a -f
# Temporarily comment this out to speed up building ISOs in dev
# sudo -u user podman system prune -a -f
# Build the podman container
cd /opt/dangerzone-converter