search

blacktop / docker-volatility

Volatility Dockerfile
MIT License
30 stars 6 forks source link

Add contrib/plugins #6

Closed morallo closed 7 years ago

morallo commented 7 years ago

Solves #5

blacktop commented 7 years ago

I really appreciate you pointing this out, but I think it makes more sense to add the community plugins to the main plugin folder instead of the other way around? That way you don't have to even add the --plugin flag? Is there a way for you to test a community plugin from the last push I did?

morallo commented 7 years ago

Hey, thanks for the quick reply.

As far as I know, you always need to use the --plugin=contrib/plugins, they are not included automatically (source: Specifying Additional Plugin Directories)

In that case, I thought it was easier to put all the plugins in the simpler path (/plugins), as it's easier for users to add their own plugins and browse inside the container. Adding --plugins=/usr/lib/python2.7/site-packages/volatility-2.6-py2.7.egg/contrib/plugins is a lot uglier :-)

What we can do is add the --plugins=/plugins to the default container entrypoint.

blacktop commented 7 years ago

You are correct about loading addition plugins not being the default, however, because I put them in the contrib folder according to that link you posted you should only have to link to --plugin=contrib/plugins which is why I did it, but I can't tell if it is actually loading them or not? I like using the /plugins folder better too, however. Thank you!

morallo commented 7 years ago

According to my tests, it doesn't work unless you specify the absolute path

El 5/2/2017 5:40 p. m., "blacktop" notifications@github.com escribió:

You are correct about loading addition plugins not being the default, however, because I put them in the contrib folder according to that link you posted you should only have to link to --plugin=contrib/plugins which is why I did it, but I can't tell if it is actually loading them or not? I like using the /plugins folder better too, however. Thank you!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/blacktop/docker-volatility/pull/6#issuecomment-277531363, or mute the thread https://github.com/notifications/unsubscribe-auth/AB7JLCxpksIHBe3u1VTHgrCduf8Hb8ttks5rZfuAgaJpZM4L2nPP .