dangerzone icon indicating copy to clipboard operation
dangerzone copied to clipboard
verified publisher icon freedomofpress

Dangerzone may fail to run with user ID other than 1000

Open apyrgio opened this issue 2 years ago • 1 comments

When Dangerzone invokes Podman, it passes a --userns keep-id argument. This invocation basically binds the user ID in the host (typically 1000) with the exact same user ID in the container (again 1000). This way, the container user (see Podman's -u dangerzone flag) can write to the mounted temp dir in the container (i.e., /tmp/dangerzone) which is owned by the user in the host.

If Dangerzone runs from a user in the host whose ID is != 1000 (e.g., 1001), then we have a problem, because the container user will still have user ID 1000, and thus --userns keep-id will not work.

Related issues: #620 Will be resolved by: #443, #625

apyrgio avatar Nov 23 '23 20:11 apyrgio

We had another user who was bitten by this (https://github.com/freedomofpress/dangerzone/issues/781). A workaround in their case was to create a user account with UID 1000, and run Dangerzone as that user with sudo -iu <user> dangerzone.

Once we merge #625, this workaround will no longer be necessary.

apyrgio avatar Apr 18 '24 16:04 apyrgio