sist2
sist2 copied to clipboard
simon987
Limiting access to searching Host storage content
Device Information (please complete the following information):
- OS:
[e.g., Ubuntu 20.04, WSL2]= Linux QNAP - Deployment:
[Linux, Linux ARM64 or Docker]= Docker - Browser (if relevant):
[e.g., chrome, safari]= Safari (iOS iPAD) - SIST2 Version:
[e.g., v2.9.0]v2 - Elasticsearch Version (if relevant) : ``
Command with arguments Not sure ?
Describe the bug
If I create a task that has the path of just / I was expecting it to search only what’s accessible via my mapped drive (volume) in the compose or what’s within the container itself.
Steps To Reproduce Please be specific!
- Go to '.Create Task'
- Click on 'Path' and select
\ - Run the task
Expected behavior
Choosing \ should be limited to the container and the mapped volumes placed in the docker compose (only) not the entire Host by default.
Actual Behavior All of the Host system is scanned..
Can you post your docker compose file.
Also, the current version of SIST2 is 3.4.2, are you sure you are using Version 2?
Hi @dpieski - sorry as I didn’t know where to find support information I assumed it was v2 (based on the name)
As yet I’ve not been able to get SIST2 to do very much, I must be missing something obvious !!?
version: "3"
services:
elasticsearch:
image: elasticsearch:7.17.9
restart: unless-stopped
volumes:
# This directory must have 1000:1000 permissions (or update PUID & PGID below)
- /share/Container/sist2/sist2-es-data/:/usr/share/elasticsearch/data
environment:
- "discovery.type=single-node"
- "ES_JAVA_OPTS=-Xms2g -Xmx2g"
- "PUID=1005"
- "PGID=1000"
sist2-admin:
image: simon987/sist2:3.4.2-x64-linux
restart: unless-stopped
volumes:
- /share/Container/sist2/sist2-admin-data/:/sist2-admin/
- /:/host
ports:
- 4095:4090
# NOTE: Don't expose this port publicly!
- 8085:8080
working_dir: /root/sist2-admin/
entrypoint: python3
command:
- /root/sist2-admin/sist2_admin/app.py
Based on that docker compose file, the entire host is mapped as a volume in the container. This line - /:/host maps the entire host file system into the container at /host/
If you setup a search with the directory / then, from the container's perspective, that would include /host which has the host file system.
I have a mount in mine for - /mnt/foo:/data (where /foo is a NAS that I have mounted as a folder on the host under /mnt).
Then, when I setup the task, I use /data/bar or whatever the folder name is.
Alternatively, if I had the volume mapped like you do, I could use something like /host/mnt/foo/bar for the same scan/index task.
Thanks @dpieski
I have to admit I’m still learning Docker, but as - /:/host was in your Docker Compose example, I assumed it was needed. I’ll adjust mine based on what you shared..
Am I correct in saying I could add multiple volume mappings rather than just one to host ? For example - /documents /pdf / media folders - or will it only map to one thing as host ?
That mapping - /:/host means that the SIST2 container knows that the host file system is at /host/.
There is nothing really stopping you from doing something like - /path/to/documents:/data/documents, - /path/to/pdf:/data/pdf, and - /path/to/media:/data/media. Then, in the container, you could point to /data/documents to access /path/to/documents
In Docker, it is basically /path/on/host:/path/in/container So you can expose anything on your host to any folder location within your container - although it should probably be to a location that would not otherwise be used by the container.
This means that you couldn't have multiple things mapped to the same folder. If you try, it may give you an error, or just pick one to map - I can't remember what Docker would do there.
You can always just remove that line from the Docker Compose file and see what happens.