fix: Add Linux support for Docker volume permissions
This commit is contained in:
+11
-5
@@ -121,12 +121,15 @@ RUN npm ci --only=production && \
|
|||||||
COPY . .
|
COPY . .
|
||||||
|
|
||||||
# Create directories for session data and ensure proper permissions
|
# Create directories for session data and ensure proper permissions
|
||||||
|
RUN mkdir -p /app/sessions /app/deliverables /app/repos /app/configs && \
|
||||||
RUN mkdir -p /app/sessions /app/deliverables /app/repos && \
|
mkdir -p /tmp/.cache /tmp/.config /tmp/.npm && \
|
||||||
chown -R pentest:pentest /app /app/repos && \
|
chmod 777 /app && \
|
||||||
|
chmod 777 /tmp/.cache && \
|
||||||
|
chmod 777 /tmp/.config && \
|
||||||
|
chmod 777 /tmp/.npm && \
|
||||||
|
chown -R pentest:pentest /app && \
|
||||||
chmod +x /app/shannon.mjs
|
chmod +x /app/shannon.mjs
|
||||||
|
|
||||||
|
|
||||||
# Switch to non-root user
|
# Switch to non-root user
|
||||||
USER pentest
|
USER pentest
|
||||||
|
|
||||||
@@ -139,7 +142,10 @@ ENV PATH="/usr/local/bin:$PATH"
|
|||||||
ENV SHANNON_DOCKER=true
|
ENV SHANNON_DOCKER=true
|
||||||
ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
|
ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
|
||||||
ENV PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=/usr/bin/chromium-browser
|
ENV PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=/usr/bin/chromium-browser
|
||||||
|
ENV npm_config_cache=/tmp/.npm
|
||||||
|
ENV HOME=/tmp
|
||||||
|
ENV XDG_CACHE_HOME=/tmp/.cache
|
||||||
|
ENV XDG_CONFIG_HOME=/tmp/.config
|
||||||
|
|
||||||
# Set entrypoint
|
# Set entrypoint
|
||||||
ENTRYPOINT ["./shannon.mjs"]
|
ENTRYPOINT ["./shannon.mjs"]
|
||||||
@@ -192,6 +192,12 @@ docker run --rm -it \
|
|||||||
--config /app/configs/example-config.yaml
|
--config /app/configs/example-config.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### Platform-Specific Instructions
|
||||||
|
|
||||||
|
**For Linux (Native Docker):**
|
||||||
|
|
||||||
|
Add the `--user $(id -u):$(id -g)` flag to the Docker commands above to avoid permission issues with volume mounts. Docker Desktop on macOS and Windows handles this automatically, but native Linux Docker requires explicit user mapping.
|
||||||
|
|
||||||
**Network Capabilities:**
|
**Network Capabilities:**
|
||||||
|
|
||||||
- `--cap-add=NET_RAW` - Enables advanced port scanning with nmap
|
- `--cap-add=NET_RAW` - Enables advanced port scanning with nmap
|
||||||
|
|||||||
Reference in New Issue
Block a user