Make container mount and unmount dirs from the host

2025-04-28 18:02:38 +02:00 · 2021-07-01 17:14:48 -07:00 · 2021-07-01 17:14:48 -07:00 · a7f3eb9b43
commit a7f3eb9b43
parent 2904d44aad
2 changed files with 73 additions and 22 deletions
--- a/dangerzone/container.py
+++ b/dangerzone/container.py
@ -5,6 +5,7 @@ import sys
 import pipes
 import shutil
 import json
+import os

 # What is the container runtime for this platform?
 if platform.system() == "Darwin":
@ -66,6 +67,18 @@ def exec_vm(args, vm_info):
    return exec(args)


+def mount_vm(path, vm_info):
+    basename = os.path.basename(path)
+    normalized_path = f"/home/user/mnt/{basename}"
+    exec_vm(["/usr/bin/sshfs", f"hostbox:{path}", normalized_path], vm_info)
+    return normalized_path
+
+
+def unmount_vm(normalized_path, vm_info):
+    exec_vm(["/usr/bin/fusermount3", normalized_path], vm_info)
+    exec_vm(["/bin/rmdir", normalized_path], vm_info)
+
+
 def exec_container(args, vm_info):
    if container_tech == "dangerzone-vm" and vm_info is None:
        print("--vm-info-path required on this platform")
@ -113,6 +126,21 @@ def ls(vm_info_path, container_name):
@click.option("--container-name", default="docker.io/flmcode/dangerzone")
 def documenttopixels(vm_info_path, document_filename, pixel_dir, container_name):
    """docker run --network none -v [document_filename]:/tmp/input_file -v [pixel_dir]:/dangerzone [container_name] document-to-pixels"""
+
+    vm_info = load_vm_info(vm_info_path)
+
+    document_dir = os.path.dirname(document_filename)
+    if vm_info:
+        normalized_document_dir = mount_vm(document_dir, vm_info)
+        normalized_document_filename = os.path.join(
+            normalized_document_dir, os.path.basename(document_filename)
+        )
+        normalized_pixel_dir = mount_vm(pixel_dir, vm_info)
+    else:
+        normalized_document_dir = document_dir
+        normalized_document_filename = document_filename
+        normalized_pixel_dir = pixel_dir
+
    args = ["run", "--network", "none"]

    # docker uses --security-opt, podman doesn't
@ -121,13 +149,19 @@ def documenttopixels(vm_info_path, document_filename, pixel_dir, container_name)

    args += [
        "-v",
-        f"{document_filename}:/tmp/input_file",
+        f"{normalized_document_filename}:/tmp/input_file",
        "-v",
-        f"{pixel_dir}:/dangerzone",
+        f"{normalized_pixel_dir}:/dangerzone",
        container_name,
        "document-to-pixels",
    ]
-    sys.exit(exec_container(args, load_vm_info(vm_info_path)))
+    ret = exec_container(args, load_vm_info(vm_info_path))
+
+    if vm_info:
+        unmount_vm(normalized_document_dir, vm_info)
+        unmount_vm(normalized_pixel_dir, vm_info)
+
+    sys.exit(ret)


@container_main.command()
@ -139,23 +173,36 @@ def documenttopixels(vm_info_path, document_filename, pixel_dir, container_name)
@click.option("--ocr-lang", required=True)
 def pixelstopdf(vm_info_path, pixel_dir, safe_dir, container_name, ocr, ocr_lang):
    """docker run --network none -v [pixel_dir]:/dangerzone -v [safe_dir]:/safezone [container_name] -e OCR=[ocr] -e OCR_LANGUAGE=[ocr_lang] pixels-to-pdf"""
-    sys.exit(
-        exec_container(
-            [
-                "run",
-                "--network",
-                "none",
-                "-v",
-                f"{pixel_dir}:/dangerzone",
-                "-v",
-                f"{safe_dir}:/safezone",
-                "-e",
-                f"OCR={ocr}",
-                "-e",
-                f"OCR_LANGUAGE={ocr_lang}",
-                container_name,
-                "pixels-to-pdf",
-            ],
-            load_vm_info(vm_info_path),
-        )
+    vm_info = load_vm_info(vm_info_path)
+
+    if vm_info:
+        normalized_pixel_dir = mount_vm(pixel_dir, vm_info)
+        normalized_safe_dir = mount_vm(safe_dir, vm_info)
+    else:
+        normalized_pixel_dir = pixel_dir
+        normalized_safe_dir = safe_dir
+
+    ret = exec_container(
+        [
+            "run",
+            "--network",
+            "none",
+            "-v",
+            f"{normalized_pixel_dir}:/dangerzone",
+            "-v",
+            f"{normalized_safe_dir}:/safezone",
+            "-e",
+            f"OCR={ocr}",
+            "-e",
+            f"OCR_LANGUAGE={ocr_lang}",
+            container_name,
+            "pixels-to-pdf",
+        ],
+        vm_info,
    )
+
+    if vm_info:
+        unmount_vm(normalized_pixel_dir, vm_info)
+        unmount_vm(normalized_safe_dir, vm_info)
+
+    sys.exit(ret)
--- a/install/vm-builder/etc/init.d/dangerzone
+++ b/install/vm-builder/etc/init.d/dangerzone
@ -8,6 +8,10 @@ start() {
    # Create user
    /usr/sbin/adduser -D -u 1001 user

+	# Make folder for user mounts
+	mkdir /home/user/mnt
+	chown user:user /home/user/mnt
+
 	# Move containers into home dir
 	mkdir -p /home/user/.local/share
 	mv /etc/container-data /home/user/.local/share/containers