apyrgio
commented
2 months ago Hm, so you're looking for a way to perform the conversion on the host, without spawning any sort of sandbox, right? I'm afraid that such an option would be difficult to implement for two reasons:
- It would need to come with a pretty big disclaimer that it's unsafe. To be frank, I'd be very hesitant to give such an option to end users.
- It would need to run in every supported operating system (Windows, macOS, Linux). That's not an easy task, mainly from a dependency management standpoint.
However, power users who are comfortable with Python can write a hacky script that subclasses the Container isolation provider, and replaces exec_container() with a method that runs the conversion on the host. For a less hacky solution, they can create their own isolation provider that will integrate with integrate with their container engine (e.g., Kubernetes).
In any case, please note that you cannot run both stages of the conversion in the same container. It defeats the purpose of the protection, as we need an unsafe sandbox that simply writes pixels back to the host, and a safe sandbox that recreates the document.
I'll close this issue as out of scope if you don't mind, but feel free to ask for implementation details. If I've misunderstood something or you have a more specific use case in mind, we can reopen this issue.
develorer
Thanks for this great tool!
There are some cases where we'd need to run DangerZone from a container or VM, but the fact that the app itself spawns containers is an issue (nested containers is a pain).
Could you please add a CLI argument that allows to do all the proper conversion, but without actually spawning containers?