Merge af13e316aa into a54a8f2057

Reapply "Disable gVisor's DirectFS feature.""
This reverts commit 68f8338d20. Fixes #982
2025-05-05 05:01:49 +02:00 · 2024-11-16 21:55:27 +01:00 · 2024-11-09 21:43:24 +01:00 · 2024-11-09 21:42:59 +01:00
2 changed files with 4 additions and 3 deletions
--- a/4
+++ b/4
@ -74,9 +74,7 @@ FROM alpine:latest
 RUN apk --no-cache -U upgrade && \
    apk --no-cache add python3

-# Temporarily pin gVisor to the latest working version (release-20240826.0).
-# See: https://github.com/freedomofpress/dangerzone/issues/928
-RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/20240826/$(uname -m)"; \
+RUN GVISOR_URL="https://storage.googleapis.com/gvisor/releases/release/latest/$(uname -m)"; \
    wget "${GVISOR_URL}/runsc" "${GVISOR_URL}/runsc.sha512" && \
    sha512sum -c runsc.sha512 && \
    rm -f runsc.sha512 && \
--- a/dangerzone/gvisor_wrapper/entrypoint.py
+++ b/dangerzone/gvisor_wrapper/entrypoint.py
@ -142,6 +142,9 @@ runsc_argv = [
    "--rootless=true",
    "--network=none",
    "--root=/home/dangerzone/.containers",
+    # Disable DirectFS for to make the seccomp filter even stricter,
+    # at some performance cost.
+    "--directfs=false",
 ]
 if os.environ.get("RUNSC_DEBUG"):
    runsc_argv += ["--debug=true", "--alsologtostderr=true"]
Author	SHA1	Message	Date
Alexis Métaireau	4f6df19def	Merge `af13e316aa` into `a54a8f2057`	2024-11-16 21:55:27 +01:00
Alexis Métaireau	af13e316aa	Reapply "Disable gVisor's DirectFS feature."" This reverts commit `68f8338d20`. Fixes #982	2024-11-09 21:43:24 +01:00
Alexis Métaireau	8b22cdb81f	Unpin gVisor, now that upstream is able to support Linux Yama Mode 2 Fixes #298	2024-11-09 21:42:59 +01:00