From 68f8338d2032dd90b17e9b7c5d400fb532c5f20f Mon Sep 17 00:00:00 2001 From: Alex Pyrgiotis Date: Wed, 30 Oct 2024 19:38:20 +0200 Subject: [PATCH] Revert "Disable gVisor's DirectFS feature." This reverts commit 73b0f8b7d45f2e1ceb003fff006dc4ab6d419058. Unfortunately, disabling DirectFS causes a problem in Linux systems that enable Yama mode 2. Turns out that Tails is such a system, so we have to revert this change, if we want to support it. Refs #982 --- dangerzone/gvisor_wrapper/entrypoint.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/dangerzone/gvisor_wrapper/entrypoint.py b/dangerzone/gvisor_wrapper/entrypoint.py index 8d09eb2..f9941ed 100755 --- a/dangerzone/gvisor_wrapper/entrypoint.py +++ b/dangerzone/gvisor_wrapper/entrypoint.py @@ -142,9 +142,6 @@ runsc_argv = [ "--rootless=true", "--network=none", "--root=/home/dangerzone/.containers", - # Disable DirectFS for to make the seccomp filter even stricter, - # at some performance cost. - "--directfs=false", ] if os.environ.get("RUNSC_DEBUG"): runsc_argv += ["--debug=true", "--alsologtostderr=true"]