Ever since Dropbox dropped support for various forms of modern and older Linux versions, there have been ways to get around the issues. However, none of them properly consider SELinux’s being in use. Dropbox removed effective support for CentOS 7.x and RHEL 7.x while maintaining it for the latest Debian versions. Why is not really the issue; there are many thoughts out there. However, the impact is pretty heavy for those using Enterprise Linux for desktops, like myself. Containers to the rescue.
The solution many use is to run Dropbox within a Docker container. There is already a great writeup on how to get this working by Valentin Heidelberger, but it does not go into the intricacies of SELinux requirements.
Docker and SELinux have a long history of issues. However, as of Docker 1.7, many of those seem to be fixed. There were a few issues with Valentin’s solution:
- Hardcoded directory settings
- Hardcoded UID and GID settings
- Not SELinux ready
- Not set up to run at login
These are relatively simple issues to fix. The SELinux one took some trial and error until I determined that I could not be the first one to have this issue with Docker. The solution I found works for this container as well. The two lines of .bashrc (or system wide in /etc/profile.d/dropbox.sh) aliases needed to change as follows:
alias dropbox="docker exec -it dropbox dropbox" alias dropbox-start="docker run -d --restart=always --name=dropbox -v $HOME/Dropbox:/dbox/Dropbox:z -v $HOME/.dropbox:/dbox/.dropbox:z -e DBOX_UID=`id -u` -e DBOX_GID=`id -g` janeczku/dropbox"
These changes do three things:
- Use $HOME as the root for the Dropbox folders. This is an environment variable available for every install of Linux.
- Uses the “id” command to get the user (-u) and group (-g) ids associated with the account. No need to hardcode values.
- Adds the “:z” option to the persistent datastore mountpoints used by Docker. The “:z” at the end of the volume (-v) option says to do the right thing with respect to SELinux.
The last part is to start Dropbox on login, but only once. Running the start command more than once will not be an issue, but it does produce an annoying error. To fix that problem, add the following to the end of your .bash_profile (or system wide in /etc/profile.d/dropbox.sh):
# start Dropbox container
docker ps |grep dropbox >& /dev/null
if [ $? -eq 1 ]
then
dropbox-start
fi
The above just checks to see if the Dropbox container is running and starts it on login.
Now, the four issues I had with the current Dropbox in a container on Linux are fixed. I am very glad that Docker already solved the SELinux problem for exposed volumes. Without that, the effort to get SELinux to work would have been quite annoying. The initial trials I went through before finding the “:z” capability for Docker volumes had been turning into a nightmare.
What we need, more than anything, with respect to SELinux is a good tool for managing and creating new rules. The troubleshooter helps quite a bit, but managing SELinux across an entire estate is nontrivial at best. If anyone knows of such a tool, please let me know, and I can run it through its paces.
Unfortunately, the graphical use interface for Dropbox is not available with the container approach, but the CLI is. The common commands I have used are:
- dropbox status — this errors out during initial sync, so was of limited use
- dropbox filestatus — this worked all the time and gave a per-directory sync status
- dropbox sharelink — get a sharable url for a file
In essence, this approach removes the graphical user interface. To gain back this functionality, you will need to use a background shell script to produce notification for the your window manager in use. I prefer to use the CLI, so this is not an issue for me at the moment.
I have placed on GitHub an installer that will install and set up everything you need for system-wide access to Dropbox by any user on the system. In other words, the aliases exist for all users and are user specific, not shared between users.
