almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Rip out everything required to make dangerzone-container run with root privs

Browse source
This commit is contained in:
Micah Lee 2021-06-17 14:16:27 -07:00
parent da6c3c253e
commit d24d593094
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
5 changed files with 0 additions and 124 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
dangerzone/gui/__init__.py
View file

@ -71,18 +71,6 @@ def gui_main(custom_container, filename):
# Allow Ctrl-C to smoothly quit the program instead of throwing an exception # Allow Ctrl-C to smoothly quit the program instead of throwing an exception
signal.signal(signal.SIGINT, signal.SIG_DFL) signal.signal(signal.SIGINT, signal.SIG_DFL)
# If we're using Linux and docker, see if we need to add the user to the docker group or if the user prefers typing their password
if platform.system() == "Linux":
if not gui_common.ensure_docker_group_preference():
return
try:
if not gui_common.ensure_docker_service_is_started():
click.echo("Failed to start docker service")
return
except AuthorizationFailed:
click.echo("Authorization failed")
return
# See if we need to install Docker... # See if we need to install Docker...
if (platform.system() == "Darwin" or platform.system() == "Windows") and ( if (platform.system() == "Darwin" or platform.system() == "Windows") and (
not is_docker_installed() or not is_docker_ready(global_common) not is_docker_installed() or not is_docker_ready(global_common)

89
dangerzone/gui/common.py
View file

@ -142,95 +142,6 @@ class GuiCommon(object):
return pdf_viewers return pdf_viewers
def ensure_docker_group_preference(self):
# If the user prefers typing their password
if self.global_common.settings.get("linux_prefers_typing_password") == True:
return True
# Get the docker group
try:
groupinfo = grp.getgrnam("docker")
except:
# Ignore if group is not found
return True
# See if the user is in the group
username = getpass.getuser()
if username not in groupinfo.gr_mem:
# User is not in the docker group, ask if they prefer typing their password
message = "<b>Dangerzone requires Docker</b><br><br>In order to use Docker, your user must be in the 'docker' group or you'll need to type your password each time you run dangerzone.<br><br><b>Adding your user to the 'docker' group is more convenient but less secure</b>, and will require just typing your password once. Which do you prefer?"
return_code = Alert(
self,
self.global_common,
message,
ok_text="I'll type my password each time",
extra_button_text="Add my user to the 'docker' group",
).launch()
if return_code == QtWidgets.QDialog.Accepted:
# Prefers typing password
self.global_common.settings.set("linux_prefers_typing_password", True)
self.global_common.settings.save()
return True
elif return_code == 2:
# Prefers being in the docker group
self.global_common.settings.set("linux_prefers_typing_password", False)
self.global_common.settings.save()
# Add user to the docker group
p = subprocess.run(
[
"/usr/bin/pkexec",
"/usr/sbin/usermod",
"-a",
"-G",
"docker",
username,
]
)
if p.returncode == 0:
message = "Great! Now you must log out of your computer and log back in, and then you can use Dangerzone."
Alert(self, self.global_common, message).launch()
else:
message = "Failed to add your user to the 'docker' group, quitting."
Alert(self, self.global_common, message).launch()
return False
else:
# Cancel
return False
return True
def ensure_docker_service_is_started(self):
if not is_docker_ready(self.global_common):
message = "<b>Dangerzone requires Docker</b><br><br>Docker should be installed, but it looks like it's not running in the background.<br><br>Click Ok to try starting the docker service. You will have to type your login password."
if (
Alert(self, self.global_common, message).launch()
== QtWidgets.QDialog.Accepted
):
p = subprocess.run(
[
"/usr/bin/pkexec",
self.global_common.get_resource_path(
"enable_docker_service.sh"
),
]
)
if p.returncode == 0:
# Make sure docker is now ready
if is_docker_ready(self.global_common):
return True
else:
message = "Restarting docker appeared to work, but the service still isn't responding, quitting."
Alert(self, self.global_common, message).launch()
else:
message = "Failed to start the docker service, quitting."
Alert(self, self.global_common, message).launch()
return False
return True
class Alert(QtWidgets.QDialog): class Alert(QtWidgets.QDialog):
def __init__( def __init__(

16
install/linux/media.firstlook.dangerzone-container.policy
View file

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policyconfig PUBLIC
"-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
"http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
<policyconfig>
<action id="org.freedesktop.policykit.pkexec.dangerzone">
<description>Run Dangerzone Container</description>
<message>Dangerzone needs you to authenticate to run containers</message>
<defaults>
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/dangerzone-container</annotate>
</action>
</policyconfig>

4
setup.py
View file

@ -34,10 +34,6 @@ setuptools.setup(
["install/linux/media.firstlook.dangerzone.png"], ["install/linux/media.firstlook.dangerzone.png"],
), ),
("share/dangerzone", file_list("share")), ("share/dangerzone", file_list("share")),
(
"share/polkit-1/actions",
["install/linux/media.firstlook.dangerzone-container.policy"],
),
], ],
classifiers=[ classifiers=[
"Programming Language :: Python", "Programming Language :: Python",

3
share/enable_docker_service.sh
View file

@ -1,3 +0,0 @@
#!/bin/sh
/bin/systemctl restart docker.service
/bin/systemctl enable docker.service