mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 09:52:37 +02:00
Rip out everything required to make dangerzone-container run with root privs
This commit is contained in:
Micah Lee
parent
da6c3c253e
commit
d24d593094
5 changed files with 0 additions and 124 deletions
|
|
@ -71,18 +71,6 @@ def gui_main(custom_container, filename):
|
|||
# Allow Ctrl-C to smoothly quit the program instead of throwing an exception
|
||||
signal.signal(signal.SIGINT, signal.SIG_DFL)
|
||||
|
||||
# If we're using Linux and docker, see if we need to add the user to the docker group or if the user prefers typing their password
|
||||
if platform.system() == "Linux":
|
||||
if not gui_common.ensure_docker_group_preference():
|
||||
return
|
||||
try:
|
||||
if not gui_common.ensure_docker_service_is_started():
|
||||
click.echo("Failed to start docker service")
|
||||
return
|
||||
except AuthorizationFailed:
|
||||
click.echo("Authorization failed")
|
||||
return
|
||||
|
||||
# See if we need to install Docker...
|
||||
if (platform.system() == "Darwin" or platform.system() == "Windows") and (
|
||||
not is_docker_installed() or not is_docker_ready(global_common)
|
||||
|
|
|
|||
|
|
@ -142,95 +142,6 @@ class GuiCommon(object):
|
|||
|
||||
return pdf_viewers
|
||||
|
||||
def ensure_docker_group_preference(self):
|
||||
# If the user prefers typing their password
|
||||
if self.global_common.settings.get("linux_prefers_typing_password") == True:
|
||||
return True
|
||||
|
||||
# Get the docker group
|
||||
try:
|
||||
groupinfo = grp.getgrnam("docker")
|
||||
except:
|
||||
# Ignore if group is not found
|
||||
return True
|
||||
|
||||
# See if the user is in the group
|
||||
username = getpass.getuser()
|
||||
if username not in groupinfo.gr_mem:
|
||||
# User is not in the docker group, ask if they prefer typing their password
|
||||
message = "<b>Dangerzone requires Docker</b><br><br>In order to use Docker, your user must be in the 'docker' group or you'll need to type your password each time you run dangerzone.<br><br><b>Adding your user to the 'docker' group is more convenient but less secure</b>, and will require just typing your password once. Which do you prefer?"
|
||||
return_code = Alert(
|
||||
self,
|
||||
self.global_common,
|
||||
message,
|
||||
ok_text="I'll type my password each time",
|
||||
extra_button_text="Add my user to the 'docker' group",
|
||||
).launch()
|
||||
if return_code == QtWidgets.QDialog.Accepted:
|
||||
# Prefers typing password
|
||||
self.global_common.settings.set("linux_prefers_typing_password", True)
|
||||
self.global_common.settings.save()
|
||||
return True
|
||||
elif return_code == 2:
|
||||
# Prefers being in the docker group
|
||||
self.global_common.settings.set("linux_prefers_typing_password", False)
|
||||
self.global_common.settings.save()
|
||||
|
||||
# Add user to the docker group
|
||||
p = subprocess.run(
|
||||
[
|
||||
"/usr/bin/pkexec",
|
||||
"/usr/sbin/usermod",
|
||||
"-a",
|
||||
"-G",
|
||||
"docker",
|
||||
username,
|
||||
]
|
||||
)
|
||||
if p.returncode == 0:
|
||||
message = "Great! Now you must log out of your computer and log back in, and then you can use Dangerzone."
|
||||
Alert(self, self.global_common, message).launch()
|
||||
else:
|
||||
message = "Failed to add your user to the 'docker' group, quitting."
|
||||
Alert(self, self.global_common, message).launch()
|
||||
|
||||
return False
|
||||
else:
|
||||
# Cancel
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
def ensure_docker_service_is_started(self):
|
||||
if not is_docker_ready(self.global_common):
|
||||
message = "<b>Dangerzone requires Docker</b><br><br>Docker should be installed, but it looks like it's not running in the background.<br><br>Click Ok to try starting the docker service. You will have to type your login password."
|
||||
if (
|
||||
Alert(self, self.global_common, message).launch()
|
||||
== QtWidgets.QDialog.Accepted
|
||||
):
|
||||
p = subprocess.run(
|
||||
[
|
||||
"/usr/bin/pkexec",
|
||||
self.global_common.get_resource_path(
|
||||
"enable_docker_service.sh"
|
||||
),
|
||||
]
|
||||
)
|
||||
if p.returncode == 0:
|
||||
# Make sure docker is now ready
|
||||
if is_docker_ready(self.global_common):
|
||||
return True
|
||||
else:
|
||||
message = "Restarting docker appeared to work, but the service still isn't responding, quitting."
|
||||
Alert(self, self.global_common, message).launch()
|
||||
else:
|
||||
message = "Failed to start the docker service, quitting."
|
||||
Alert(self, self.global_common, message).launch()
|
||||
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
|
||||
class Alert(QtWidgets.QDialog):
|
||||
def __init__(
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE policyconfig PUBLIC
|
||||
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
|
||||
<policyconfig>
|
||||
<action id="org.freedesktop.policykit.pkexec.dangerzone">
|
||||
<description>Run Dangerzone Container</description>
|
||||
<message>Dangerzone needs you to authenticate to run containers</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin_keep</allow_any>
|
||||
<allow_inactive>auth_admin_keep</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/dangerzone-container</annotate>
|
||||
</action>
|
||||
</policyconfig>
|
||||
4
setup.py
4
setup.py
|
|
@ -34,10 +34,6 @@ setuptools.setup(
|
|||
["install/linux/media.firstlook.dangerzone.png"],
|
||||
),
|
||||
("share/dangerzone", file_list("share")),
|
||||
(
|
||||
"share/polkit-1/actions",
|
||||
["install/linux/media.firstlook.dangerzone-container.policy"],
|
||||
),
|
||||
],
|
||||
classifiers=[
|
||||
"Programming Language :: Python",
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/sh
|
||||
/bin/systemctl restart docker.service
|
||||
/bin/systemctl enable docker.service
|
||||
Loading…
Reference in a new issue