Merge 9810ae402b into c89988654c

dangerzone/cli.py

@@ -42,6 +42,11 @@ def print_header(s: str) -> None:
     type=click.UNPROCESSED,
     callback=args.validate_input_filenames,
 )
+@click.option(
+    "--debug",
+    "debug",
+    flag_value=True,
+    help="Run Dangerzone in debug mode, to get logs from gVisor.")
 @click.version_option(version=get_version(), message="%(version)s")
 @errors.handle_document_errors
 def cli_main(
@@ -50,6 +55,7 @@ def cli_main(
     filenames: List[str],
     archive: bool,
     dummy_conversion: bool,
+    debug: bool,
 ) -> None:
     setup_logging()
 
@@ -58,7 +64,7 @@ def cli_main(
     elif is_qubes_native_conversion():
         dangerzone = DangerzoneCore(Qubes())
     else:
-        dangerzone = DangerzoneCore(Container())
+        dangerzone = DangerzoneCore(Container(debug=debug))
 
     display_banner()
     if len(filenames) == 1 and output_filename:

dangerzone/isolation_provider/base.py

@@ -6,7 +6,6 @@ import signal
 import subprocess
 import sys
 from abc import ABC, abstractmethod
-from pathlib import Path
 from typing import IO, Callable, Iterator, Optional
 
 import fitz
@@ -87,12 +86,16 @@ class IsolationProvider(ABC):
     Abstracts an isolation provider
     """
 
-    def __init__(self) -> None:
+    def __init__(self, debug: bool = False) -> None:
-        if getattr(sys, "dangerzone_dev", False) is True:
+        self.debug = debug
+        if self.should_capture_stderr():
             self.proc_stderr = subprocess.PIPE
         else:
             self.proc_stderr = subprocess.DEVNULL
 
+    def should_capture_stderr(self) -> bool:
+        return self.debug or getattr(sys, "dangerzone_dev", False)
+
     @staticmethod
     def is_runtime_available() -> bool:
         return True
@@ -339,9 +342,9 @@ class IsolationProvider(ABC):
             )
 
             # Read the stderr of the process only if:
-            # * Dev mode is enabled.
+            # * We're in debug mode
             # * The process has exited (else we risk hanging).
-            if getattr(sys, "dangerzone_dev", False) and p.poll() is not None:
+            if self.should_capture_stderr() and p.poll() is not None:
                 assert p.stderr
                 debug_log = read_debug_text(p.stderr, MAX_CONVERSION_LOG_CHARS)
                 log.info(

dangerzone/isolation_provider/container.py

@@ -299,12 +299,17 @@ class Container(IsolationProvider):
     ) -> subprocess.Popen:
         container_runtime = self.get_runtime()
         security_args = self.get_runtime_security_args()
+        debug_args = []
+        if self.debug:
+            debug_args += ["-e", "RUNSC_DEBUG=1"]
+
         enable_stdin = ["-i"]
         set_name = ["--name", name]
         prevent_leakage_args = ["--rm"]
         args = (
             ["run"]
             + security_args
+            + debug_args
             + prevent_leakage_args
             + enable_stdin
             + set_name