Alex Pyrgiotis

Another update: it seems that gVisor will soon have the ability to run within rootless Podman, which will simplify things a lot for Dangerzone. @EtiennePerot, sharing this in case you're...

Woah, that's exciting! We're currently in the midst of releasing Dangezone 0.6.0 so I can't take a proper look right now, but I promise to do so as soon as...

Alright, I looked more carefully into the PR. I have several questions, some of those are just basic gVisor questions, and some apply to Dangerzone specifically. Here goes: 1. Assuming...

@EtiennePerot kind ping on the above questions, so that we don't lose context.

Thanks Etienne for answering all the my questions in great detail. Not only I'm covered, but I think we have enough material to update the parent issue, and write down...

> Sounds good. One small question: which issue do you mean by "updating the parent issue"? I was referring to this issue: https://github.com/freedomofpress/dangerzone/issues/126. It doesn't have the context that this...

Quick update here. I actually prioritized implementing the on-host pixels to PDF conversion PR (https://github.com/freedomofpress/dangerzone/pull/748), which is a prerequisite for vastly simplifying this one. Now that it's out, I'll follow...

The latest branch looks almost ready for inclusion. I want to do a last pass, document our architectural choices, and run tests on every platform. The latter are currently failing,...

While experimenting with this PR, I realized that we can re-introduce `--cap-drop all`, if we add the following capabilities: `SETFCAP` and `SYS_CHROOT`. It's not much for the security of the...

Heads up, I have a design document ready, that should explain how the gVisor integration works in Dangerzone, to people who have not seen the code: https://github.com/freedomofpress/dangerzone/pull/815/commits/8641b66b0db634d1b6b849f9047a93671d7c5a13 @EtiennePerot if you...