Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DirectFS is enabled by default in gVisor to improve I/O performance, but comes at the cost of enabling the `openat(2)` syscall (with severe restrictions, but still). As Dangerzone is not performance-sensitive, and that it is desirable to guarantee for the document conversion process to not open any files (to mimic some of what SELinux provides), might as well disable it by default. See freedomofpress#226.
- Loading branch information