mirror of
https://github.com/kasmtech/workspaces-images.git
synced 2024-11-21 23:53:10 +01:00
KASM-5317 remove terminals, KASM-5318 restrict local file urls
This commit is contained in:
parent
b589f6d6da
commit
80cd3af358
@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
|
||||
RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
|
||||
RUN apt-get remove -y xfce4-panel
|
||||
|
||||
# Security modifications
|
||||
COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
|
||||
RUN bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
|
||||
COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/brave/policies/managed/urlblocklist.json
|
||||
|
||||
# Setup the custom startup script that will be invoked when the container starts
|
||||
#ENV LAUNCH_URL http://kasmweb.com
|
||||
|
||||
|
@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
|
||||
RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
|
||||
RUN apt-get remove -y xfce4-panel
|
||||
|
||||
# Security modifications
|
||||
COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
|
||||
RUN bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
|
||||
COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/opt/chrome/policies/managed/urlblocklist.json
|
||||
|
||||
# Setup the custom startup script that will be invoked when the container starts
|
||||
#ENV LAUNCH_URL http://kasmweb.com
|
||||
|
||||
|
@ -19,6 +19,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
|
||||
RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
|
||||
RUN apt-get remove -y xfce4-panel
|
||||
|
||||
# Security modifications
|
||||
COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
|
||||
RUN bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
|
||||
COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/chromium/policies/managed/urlblocklist.json
|
||||
|
||||
# Setup the custom startup script that will be invoked when the container starts
|
||||
#ENV LAUNCH_URL http://kasmweb.com
|
||||
|
||||
|
@ -24,6 +24,11 @@ ENV KASM_RESTRICTED_FILE_CHOOSER=1
|
||||
COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
|
||||
RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
|
||||
|
||||
# Security modifications
|
||||
COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
|
||||
RUN bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
|
||||
COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/opt/edge/policies/managed/urlblocklist.json
|
||||
|
||||
# Setup the custom startup script that will be invoked when the container starts
|
||||
#ENV LAUNCH_URL http://kasmweb.com
|
||||
|
||||
|
@ -21,6 +21,10 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
|
||||
RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
|
||||
RUN apt-get remove -y xfce4-panel
|
||||
|
||||
# Security modifications
|
||||
COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
|
||||
RUN bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
|
||||
|
||||
# Setup the custom startup script that will be invoked when the container starts
|
||||
#ENV LAUNCH_URL http://kasmweb.com
|
||||
|
||||
|
@ -20,6 +20,10 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
|
||||
RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
|
||||
RUN apt-get remove -y xfce4-panel
|
||||
|
||||
# Security modifications
|
||||
COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
|
||||
RUN bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
|
||||
|
||||
ENV KASM_RESTRICTED_FILE_CHOOSER=1
|
||||
COPY ./src/ubuntu/install/gtk/ $INST_SCRIPTS/gtk/
|
||||
RUN bash $INST_SCRIPTS/gtk/install_restricted_file_chooser.sh
|
||||
|
@ -20,6 +20,11 @@ RUN cp $HOME/.config/xfce4/xfconf/single-application-xfce-perchannel-xml/* $HOME
|
||||
RUN cp /usr/share/extra/backgrounds/bg_kasm.png /usr/share/extra/backgrounds/bg_default.png
|
||||
RUN apt-get remove -y xfce4-panel
|
||||
|
||||
# Security modifications
|
||||
COPY ./src/ubuntu/install/misc/single_app_security.sh $INST_SCRIPTS/misc/
|
||||
RUN bash $INST_SCRIPTS/misc/single_app_security.sh -t && rm -rf $INST_SCRIPTS/misc/
|
||||
COPY ./src/common/chrome-managed-policies/urlblocklist.json /etc/chromium/policies/managed/urlblocklist.json
|
||||
|
||||
# Setup the custom startup script that will be invoked when the container starts
|
||||
#ENV LAUNCH_URL http://kasmweb.com
|
||||
|
||||
|
3
src/common/chrome-managed-policies/urlblocklist.json
Normal file
3
src/common/chrome-managed-policies/urlblocklist.json
Normal file
@ -0,0 +1,3 @@
|
||||
{
|
||||
"URLBlocklist": ["file://*"]
|
||||
}
|
31
src/ubuntu/install/misc/single_app_security.sh
Normal file
31
src/ubuntu/install/misc/single_app_security.sh
Normal file
@ -0,0 +1,31 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
REMOVE_TERMINALS=false
|
||||
|
||||
while getopts "th" var
|
||||
do
|
||||
case "$var" in
|
||||
t) REMOVE_TERMINALS=true;;
|
||||
h) echo "Valid arguments:"
|
||||
echo "-t Remove terminals"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
## Remote unneeded packages
|
||||
|
||||
#Remove Terminals
|
||||
if [ "$REMOVE_TERMINALS" = true ] ; then
|
||||
echo "Removing terminals..."
|
||||
if [ -x "$(command -v apt-get)" ]; then
|
||||
echo "apt package manager detected"
|
||||
terminals=("koi8rxterm" "lxterm" "xterm" "x-terminal-emulator" "xfce4-terminal" "xfce4-terminal.wrapper")
|
||||
|
||||
for termapp in ${terminals[@]}; do
|
||||
if [[ $(apt -qq list "$termapp") ]] ; then
|
||||
echo "Removing termina all $termapp."
|
||||
apt remove -y ${termapp}
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
Loading…
Reference in New Issue
Block a user