From c4d239f56947cf5ae4c4d260946bf5ff9fe040cf Mon Sep 17 00:00:00 2001
From: Ivan Alejandro <ivanalejandro0@gmail.com>
Date: Wed, 23 Sep 2015 15:32:22 -0300
Subject: [feat] disable email firewall on docker containers

- Related: #7471
---
 changes/feature-7471_disable-email-fw-on-docker | 1 +
 docker/bitmask-docker.sh                        | 6 ++++--
 src/leap/bitmask/services/mail/emailfirewall.py | 5 +++++
 3 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 changes/feature-7471_disable-email-fw-on-docker

diff --git a/changes/feature-7471_disable-email-fw-on-docker b/changes/feature-7471_disable-email-fw-on-docker
new file mode 100644
index 00000000..0a31d564
--- /dev/null
+++ b/changes/feature-7471_disable-email-fw-on-docker
@@ -0,0 +1 @@
+- disable email firewall if we are running inside a docker container. Related to #7471.
diff --git a/docker/bitmask-docker.sh b/docker/bitmask-docker.sh
index ff82e833..329900f8 100755
--- a/docker/bitmask-docker.sh
+++ b/docker/bitmask-docker.sh
@@ -14,8 +14,8 @@ run(){
         CREDS_OPTS="-e BITMASK_CREDENTIALS=/data/credentials.ini -v $BITMASK_CREDENTIALS:/data/credentials.ini"
     fi
 
+    # NOTE: to use containerized VPN from the host you need to add `--net host`
     docker run --rm -it \
-        --net host \
         --privileged \
         -v /tmp/.X11-unix:/tmp/.X11-unix \
         -e DISPLAY=unix$DISPLAY \
@@ -23,6 +23,7 @@ run(){
         -v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \
         -v `pwd`/data/config:/root/.config/leap \
         -p 1984:1984 -p 2013:2013 \
+        -e LEAP_DOCKERIZED=1 \
         --name bitmask \
         test/bitmask run $@
 
@@ -44,14 +45,15 @@ run(){
 shell(){
     xhost local:root
 
+    # NOTE: to use containerized VPN from the host you need to add `--net host`
     docker run --rm -it \
-        --net host \
         --privileged \
         -v /tmp/.X11-unix:/tmp/.X11-unix \
         -e DISPLAY=unix$DISPLAY \
         -v `pwd`/data/:/data/ -v `pwd`:/SHARED/ \
         -v `pwd`/data/config:/root/.config/leap \
         -p 1984:1984 -p 2013:2013 \
+        -e LEAP_DOCKERIZED=1 \
         --name bitmask \
         --entrypoint=bash \
         test/bitmask
diff --git a/src/leap/bitmask/services/mail/emailfirewall.py b/src/leap/bitmask/services/mail/emailfirewall.py
index 2cd2ec31..f7b5d7a2 100644
--- a/src/leap/bitmask/services/mail/emailfirewall.py
+++ b/src/leap/bitmask/services/mail/emailfirewall.py
@@ -34,6 +34,11 @@ def get_email_firewall():
     """
     Return the email firewall handler for the current platform.
     """
+    # disable email firewall on a docker container so we can access from an
+    # external MUA
+    if os.environ.get("LEAP_DOCKERIZED"):
+        return None
+
     if not (IS_LINUX):
         error_msg = "Email firewall not implemented for this platform."
         raise NotImplementedError(error_msg)
-- 
cgit v1.2.3