Dangerzone from main branch does not work on Tails systems

[apyrgio]

What happened?

I built a Debian package for the upcoming Dangerzone 0.8.0 release, and installed it on a Tails system. Dangerzone 0.7.1 in this Tails system works great. When I attempt to run the latest Dangerzone code there though, it fails.

Linux distribution

$ cat /etc/os-release 
NAME="Tails"
ID="tails"
ID_LIKE="debian"
PRETTY_NAME="Tails"
VERSION="6.4"
HOME_URL="https://tails.net/"
SUPPORT_URL="https://tails.net/support/"
BUG_REPORT_URL="https://tails.net/doc/first_steps/whisperback/"
TAILS_DISTRIBUTION="unstable"
TAILS_SOURCE_DATE_EPOCH="1718637181"
TAILS_GIT_COMMIT="a2cc3751c8a9b5074ae74126bc1b8b3ec5f4f950"
TAILS_GIT_TAG="6.4"

Dangerzone version

0.8.0 (from main branch)

Podman info

amnesia@amnesia:~$ podman version
ERRO[0000] User-selected graph driver "vfs" overwritten by graph driver "overlay" from database - delete libpod local files to resolve.  May prevent use of images created by other tools 
Client:       Podman Engine
Version:      4.3.1
API Version:  4.3.1
Go Version:   go1.19.8
Built:        Thu Jan  1 00:00:00 1970
OS/Arch:      linux/amd64
amnesia@amnesia:~$ podman info -f 'json'
ERRO[0000] User-selected graph driver "vfs" overwritten by graph driver "overlay" from database - delete libpod local files to resolve.  May prevent use of images created by other tools 
{
  "host": {
    "arch": "amd64",
    "buildahVersion": "1.28.2",
    "cgroupManager": "systemd",
    "cgroupVersion": "v2",
    "cgroupControllers": [
      "memory",
      "pids"
    ],
    "conmon": {
      "package": "conmon_2.1.6+ds1-1_amd64",
      "path": "/usr/bin/conmon",
      "version": "conmon version 2.1.6, commit: unknown"
    },
    "cpus": 8,
    "cpuUtilization": {
      "userPercent": 1.06,
      "systemPercent": 0.6,
      "idlePercent": 98.34
    },
    "distribution": {
      "distribution": "\"tails\"",
      "version": "unknown"
    },
    "eventLogger": "journald",
    "hostname": "amnesia",
    "idMappings": {
      "gidmap": [
        {
          "container_id": 0,
          "host_id": 1000,
          "size": 1
        },
        {
          "container_id": 1,
          "host_id": 100000,
          "size": 65536
        }
      ],
      "uidmap": [
        {
          "container_id": 0,
          "host_id": 1000,
          "size": 1
        },
        {
          "container_id": 1,
          "host_id": 100000,
          "size": 65536
        }
      ]
    },
    "kernel": "6.1.0-21-amd64",
    "logDriver": "journald",
    "memFree": 38109102080,
    "memTotal": 50293956608,
    "networkBackend": "cni",
    "ociRuntime": {
      "name": "crun",
      "package": "crun_1.8.1-1+deb12u1_amd64",
      "path": "/usr/bin/crun",
      "version": "crun version 1.8.1\ncommit: f8a096be060b22ccd3d5f3ebe44108517fbf6c30\nrundir: /run/user/1000/crun\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL"
    },
    "os": "linux",
    "remoteSocket": {
      "path": "/run/user/1000/podman/podman.sock"
    },
    "serviceIsRemote": false,
    "security": {
      "apparmorEnabled": false,
      "capabilities": "CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT",
      "rootless": true,
      "seccompEnabled": true,
      "seccompProfilePath": "/usr/share/containers/seccomp.json",
      "selinuxEnabled": false
    },
    "slirp4netns": {
      "executable": "",
      "package": "",
      "version": ""
    },
    "swapFree": 50293952512,
    "swapTotal": 50293952512,
    "uptime": "2h 57m 25.00s (Approximately 0.08 days)",
    "linkmode": "dynamic"
  },
  "store": {
    "configFile": "/home/amnesia/.config/containers/storage.conf",
    "containerStore": {
      "number": 0,
      "paused": 0,
      "running": 0,
      "stopped": 0
    },
    "graphDriverName": "overlay",
    "graphOptions": {
      
    },
    "graphRoot": "/home/amnesia/.local/share/containers/storage",
    "graphRootAllocated": 21628796928,
    "graphRootUsed": 4558733312,
    "graphStatus": {
      "Backing Filesystem": "extfs",
      "Native Overlay Diff": "true",
      "Supports d_type": "true",
      "Using metacopy": "false"
    },
    "imageCopyTmpDir": "/var/tmp",
    "imageStore": {
      "number": 1
    },
    "runRoot": "/run/user/1000/containers",
    "volumePath": "/home/amnesia/.local/share/containers/storage/volumes"
  },
  "registries": {
    
  },
  "plugins": {
    "volume": [
      "local"
    ],
    "network": [
      "bridge",
      "macvlan",
      "ipvlan"
    ],
    "log": [
      "k8s-file",
      "none",
      "passthrough",
      "journald"
    ],
    "authorization": null
  },
  "version": {
    "APIVersion": "4.3.1",
    "Version": "4.3.1",
    "GoVersion": "go1.19.8",
    "GitCommit": "",
    "BuiltTime": "Thu Jan  1 00:00:00 1970",
    "Built": 0,
    "OsArch": "linux/amd64",
    "Os": "linux"
  }
}
amnesia@amnesia:~$ podman images
ERRO[0000] User-selected graph driver "vfs" overwritten by graph driver "overlay" from database - delete libpod local files to resolve.  May prevent use of images created by other tools 
REPOSITORY                   TAG         IMAGE ID      CREATED      SIZE
dangerzone.rocks/dangerzone  latest      2634ee133c60  3 hours ago  1.03 GB

Document conversion logs

$ dangerzone-cli ~/Persistent/Tor\ Browser/sample.pdf 
╭──────────────────────────╮
│           ▄██▄           │
│          ██████          │
│         ███▀▀▀██         │
│        ███   ████        │
│       ███   ██████       │
│      ███   ▀▀▀▀████      │
│     ███████  ▄██████     │
│    ███████ ▄█████████    │
│   ████████████████████   │
│    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    │
│                          │
│    Dangerzone v0.8.0     │
│ https://dangerzone.rocks │
╰──────────────────────────╯
Assigning ID 'mcNJ7i' to doc '/home/amnesia/Persistent/Tor Browser/sample.pdf'
ERRO[0000] User-selected graph driver "vfs" overwritten by graph driver "overlay" from database - delete libpod local files to resolve.  May prevent use of images created by other tools 

Converting document to safe PDF
> /usr/bin/podman run --log-driver none --security-opt no-new-privileges --security-opt seccomp=/usr/share/dangerzone/seccomp.gvisor.json --cap-drop all --cap-add SYS_CHROOT --security-opt label=type:container_engine_t --network=none -u dangerzone --rm -i --name dangerzone-doc-to-pixels-mcNJ7i --userns nomap dangerzone.rocks/dangerzone /usr/bin/python3 -m dangerzone.conversion.doc_to_pixels
ERROR [doc mcNJ7i] 0% Unspecified error

Failed to convert document(s)
/home/amnesia/Persistent/Tor Browser/sample.pdf

Additional info

Performing the conversion with debug output returns the following debug log: dz-tails-crash.txt

The important line seems to be:

running container: creating container: cannot create sandbox: cannot read client sync file: waiting for sandbox to start: EOF

I also see this corresponding entry in journalctl:

Oct 30 15:06:08 amnesia kernel: ptrace attach of "runsc-sandbox --directfs=false --root=/home/dangerzone/.containers --debug=true --network=none --rootless=true --alsologtostderr=true boot --bundle=/home/dangerzone/dangerzone-image --gofer-mount-confs=lisafs:none --setup-root --total-host-memory 50293956608 --total-memory 50293956608 --attached --io-fds=3 --dev-io-fd=-1 --mounts-fd=4 --start-sync-fd=5 --controller-fd=6 --spec-fd=7 --stdio-fds=8 --stdio-fds=9 --stdio-fds=10 dangerzone"[61502] was attempted by "runsc-sandbox --directfs=false --root=/home/dangerzone/.containers --debug=true --network=none --rootless=true --alsologtostderr=true boot --bundle=/home/dangerzone/dangerzone-image --gofer-mount-confs=lisafs:none --setup-root --total-host-memory 50293956608 --total-memory 50293956608 --attached --io-fds=3 --dev-io-fd=-1 --mounts-fd=4 --start-sync-fd=5 --controller-fd=6 --spec-fd=7 --stdio-fds=8 --stdio-fds=9 --stdio-fds=10 dangerzone"[61477]

But more importantly, if I re-enable gVisor's DirectFS feature (which was disabled in #898), the conversion works.

[apyrgio]

Actually, it seems that the underlying problem is that Tails has a more strict ptrace_scope:

$ cat /proc/sys/kernel/yama/ptrace_scope 
2

If I set the same scope in my Linux system, I see the same failure. There are some related issues in the gVisor tracker for this, e.g., google/gvisor#9006. It looks though as if the problem was resolved.

[apyrgio]

I've notified the gVisor devs as well: google/gvisor#11091