almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-29 10:12:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

container: Take SELinux labels into account

Browse source 
Take SELinux labels into account when mounting a file to the Dangerzone
container. Use the `:Z` flag (which is a no-op in non-SELinux systems)
to clear the existing SELinux label for a file, and apply one that
matches the container's.

Refs #335
This commit is contained in:
Alex Pyrgiotis 2023-02-08 16:18:48 +02:00
parent d733890ca0
commit ea73f5d820
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
dangerzone/isolation_provider/container.py
View file

@ -260,9 +260,9 @@ class Container(IsolationProvider):
] ]
extra_args = [ extra_args = [
"-v", "-v",
f"{document.input_filename}:/tmp/input_file", f"{document.input_filename}:/tmp/input_file:Z",
"-v", "-v",
f"{pixel_dir}:/dangerzone", f"{pixel_dir}:/dangerzone:Z",
"-e", "-e",
f"ENABLE_TIMEOUTS={self.enable_timeouts}", f"ENABLE_TIMEOUTS={self.enable_timeouts}",
] ]
@ -280,9 +280,9 @@ class Container(IsolationProvider):
] ]
extra_args = [ extra_args = [
"-v", "-v",
f"{pixel_dir}:/dangerzone", f"{pixel_dir}:/dangerzone:Z",
"-v", "-v",
f"{safe_dir}:/safezone", f"{safe_dir}:/safezone:Z",
"-e", "-e",
f"OCR={ocr}", f"OCR={ocr}",
"-e", "-e",