eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 22:46:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

DockerActionManager: fix bug with collabora using seccomp if it is globally disabled

Browse source 
Signed-off-by: Simon L. <szaimen@e.mail.de>
This commit is contained in:
Simon L. 2025-11-24 10:08:12 +01:00
parent 595b5db9fb
commit 0fe8008777
2 changed files with 14 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
php/src/Data/ConfigurationManager.php
View file

@ -209,7 +209,7 @@ class ConfigurationManager
public function SetFulltextsearchEnabledState(int $value) : void { public function SetFulltextsearchEnabledState(int $value) : void {
// Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768 // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
if ($this->GetCollaboraSeccompDisabledState() === 'true') { if ($this->isSeccompDisabled()) {
$value = 0; $value = 0;
} }
@ -757,7 +757,7 @@ class ConfigurationManager
public function GetCollaboraSeccompPolicy() : string { public function GetCollaboraSeccompPolicy() : string {
$defaultString = '--o:security.seccomp='; $defaultString = '--o:security.seccomp=';
if ($this->GetCollaboraSeccompDisabledState() !== 'true') { if ($this->isSeccompDisabled()) {
return $defaultString . 'true'; return $defaultString . 'true';
} }
return $defaultString . 'false'; return $defaultString . 'false';
@ -770,6 +770,13 @@ class ConfigurationManager
return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue); return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
} }
public function isSeccompDisabled() : bool {
if ($this->GetCollaboraSeccompDisabledState() === 'true') {
return true;
}
return false;
}
/** /**
* @throws InvalidSettingConfigurationException * @throws InvalidSettingConfigurationException
*/ */

2
php/src/Docker/DockerActionManager.php
View file

@ -415,9 +415,11 @@ readonly class DockerActionManager {
// Special things for the collabora container which should not be exposed in the containers.json // Special things for the collabora container which should not be exposed in the containers.json
} elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') { } elseif ($container->GetIdentifier() === 'nextcloud-aio-collabora') {
if (!$this->configurationManager->isSeccompDisabled()) {
// Load reference seccomp profile for collabora // Load reference seccomp profile for collabora
$seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath()); $seccompProfile = (string)file_get_contents(DataConst::GetCollaboraSeccompProfilePath());
$requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"]; $requestBody['HostConfig']['SecurityOpt'] = ["label:disable", "seccomp=$seccompProfile"];
}
// Additional Collabora options // Additional Collabora options
if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') { if ($this->configurationManager->GetAdditionalCollaboraOptions() !== '') {