Merge af13e316aa into a54a8f2057

2025-05-04 12:41:50 +02:00 · 2024-11-16 21:55:27 +01:00 · 2024-11-16 21:55:27 +01:00 · 4f6df19def
commit 4f6df19def
parent a54a8f2057 af13e316aa
2 changed files with 4 additions and 3 deletions
--- a/4
+++ b/4
@ -74,9 +74,7 @@ FROM alpine:latest
 RUN apk --no-cache -U upgrade && \
    apk --no-cache add python3

-# Temporarily pin gVisor to the latest working version (release-20240826.0).
-# See: https://github.com/freedomofpress/dangerzone/issues/928
-RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/20240826/$(uname -m)"; \
+RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)"; \
    wget "${GVISOR_URL}/runsc" "${GVISOR_URL}/runsc.sha512" && \
    sha512sum -c runsc.sha512 && \
    rm -f runsc.sha512 && \
--- a/dangerzone/gvisor_wrapper/entrypoint.py
+++ b/dangerzone/gvisor_wrapper/entrypoint.py
@ -142,6 +142,9 @@ runsc_argv = [
    "--rootless=true",
    "--network=none",
    "--root=/home/dangerzone/.containers",
+    # Disable DirectFS for to make the seccomp filter even stricter,
+    # at some performance cost.
+    "--directfs=false",
 ]
 if os.environ.get("RUNSC_DEBUG"):
    runsc_argv += ["--debug=true", "--alsologtostderr=true"]