almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-29 10:12:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

add again the --security-opt flag

Browse source 
Had previously been added but removed in a refactor (see commit
488dca).
This commit is contained in:
deeplow 2022-08-10 17:32:36 +01:00
parent e63c931800
commit a02801cc2d
No known key found for this signature in database
GPG key ID: 577982871529A52A
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
dangerzone/container.py
View file

@ -77,13 +77,18 @@ def convert(input_filename, output_filename, ocr_lang, stdout_callback):
if container_tech == "docker": if container_tech == "docker":
platform_args = ["--platform", "linux/amd64"] platform_args = ["--platform", "linux/amd64"]
security_args = ["--security-opt=no-new-privileges:true"]
else: else:
platform_args = [] platform_args = []
security_args = ["--security-opt", "no-new-privileges"]
# Convert document to pixels # Convert document to pixels
args = ( args = (
["run", "--network", "none"] ["run", "--network", "none"]
+ platform_args + platform_args
+ security_args
+ [ + [
"-v", "-v",
f"{input_filename}:/tmp/input_file", f"{input_filename}:/tmp/input_file",
@ -105,6 +110,7 @@ def convert(input_filename, output_filename, ocr_lang, stdout_callback):
args = ( args = (
["run", "--network", "none"] ["run", "--network", "none"]
+ platform_args + platform_args
+ security_args
+ [ + [
"-v", "-v",
f"{pixel_dir}:/dangerzone", f"{pixel_dir}:/dangerzone",