eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-02-04 04:56:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Make 'collaboraSeccompDisabled' an attribute

Browse source 
Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
This commit is contained in:
Pablo Zmdl 2026-01-26 10:12:01 +01:00
parent 17f7663a64
commit 0a208136cb
2 changed files with 6 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

16
php/src/Data/ConfigurationManager.php
View file

@ -114,7 +114,7 @@ class ConfigurationManager
// Type-cast because old configs could have 1/0 for this key. // Type-cast because old configs could have 1/0 for this key.
get => (bool) $this->get('isFulltextsearchEnabled', false); get => (bool) $this->get('isFulltextsearchEnabled', false);
// Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768 // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
set { $this->set('isFulltextsearchEnabled', ($this->isSeccompDisabled() && $value)); } set { $this->set('isFulltextsearchEnabled', ($this->collaboraSeccompDisabled && $value)); }
} }
public string $domain { public string $domain {
@ -689,21 +689,15 @@ class ConfigurationManager
public function GetCollaboraSeccompPolicy() : string { public function GetCollaboraSeccompPolicy() : string {
$defaultString = '--o:security.seccomp='; $defaultString = '--o:security.seccomp=';
if (!$this->isSeccompDisabled()) { if (!$this->collaboraSeccompDisabled) {
return $defaultString . 'true'; return $defaultString . 'true';
} }
return $defaultString . 'false'; return $defaultString . 'false';
} }
private function GetCollaboraSeccompDisabledState() : string { public bool $collaboraSeccompDisabled {
$envVariableName = 'COLLABORA_SECCOMP_DISABLED'; get => booleanize($this->GetEnvironmentalVariableOrConfig('COLLABORA_SECCOMP_DISABLED', 'collabora_seccomp_disabled', ''));
$configName = 'collabora_seccomp_disabled'; set { $this->set('collabora_seccomp_disabled', $value); }
$defaultValue = 'false';
return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
}
public function isSeccompDisabled() : bool {
return $this->GetCollaboraSeccompDisabledState() === 'true';
} }
/** /**

2
php/src/Docker/DockerActionManager.php
View file

@ -412,7 +412,7 @@ readonly class DockerActionManager {
// Special things for the collabora container which should not be exposed in the containers.json // Special things for the collabora container which should not be exposed in the containers.json
} elseif ($container->identifier === 'nextcloud-aio-collabora') { } elseif ($container->identifier === 'nextcloud-aio-collabora') {
if (!$this->configurationManager->isSeccompDisabled()) { if (!$this->configurationManager->collaboraSeccompDisabled) {
// Load reference seccomp profile for collabora // Load reference seccomp profile for collabora
$seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath()); $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
$requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"]; $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];