almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Revert "Disable gVisor's DirectFS feature."

Browse source 
This reverts commit 73b0f8b7d4.
Unfortunately, disabling DirectFS causes a problem in Linux systems that
enable Yama mode 2. Turns out that Tails is such a system, so we have to
revert this change, if we want to support it.

Refs #982
This commit is contained in:
Alex Pyrgiotis 2024-10-30 19:38:20 +02:00 committed by Alexis Métaireau
parent d561878e03
commit 68f8338d20
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
1 changed files with 0 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
dangerzone/gvisor_wrapper/entrypoint.py
View file

@ -142,9 +142,6 @@ runsc_argv = [
"--rootless=true", "--rootless=true",
"--network=none", "--network=none",
"--root=/home/dangerzone/.containers", "--root=/home/dangerzone/.containers",
# Disable DirectFS for to make the seccomp filter even stricter,
# at some performance cost.
"--directfs=false",
] ]
if os.environ.get("RUNSC_DEBUG"): if os.environ.get("RUNSC_DEBUG"):
runsc_argv += ["--debug=true", "--alsologtostderr=true"] runsc_argv += ["--debug=true", "--alsologtostderr=true"]