mirror of
https://git.asonix.dog/asonix/pict-rs.git
synced 2024-12-24 03:36:59 +00:00
Add imagemagick policy file for docker
Add note about imagemagick policy to readme
This commit is contained in:
parent
468103a7cc
commit
b73dce91b2
6 changed files with 56 additions and 2 deletions
|
@ -9,7 +9,7 @@ _a simple image hosting service_
|
|||
## Usage
|
||||
### Running
|
||||
```
|
||||
pict-rs 0.3.0-alpha.5
|
||||
pict-rs 0.3.0-alpha.8
|
||||
|
||||
USAGE:
|
||||
pict-rs [FLAGS] [OPTIONS] --path <path>
|
||||
|
@ -59,7 +59,9 @@ $ wget https://git.asonix.dog/asonix/pict-rs/raw/branch/master/docker/prod/docke
|
|||
$ sudo docker-compose up -d
|
||||
```
|
||||
###### Note
|
||||
pict-rs makes use of the system's temporary folder. This is generally `/tmp` on linux
|
||||
- pict-rs makes use of the system's temporary folder. This is generally `/tmp` on linux
|
||||
- pict-rs makes use of a default imagemagick security policy at
|
||||
`/usr/local/lib/ImageMagick-$VERSION/config-Q16HDRI/policy.xml`
|
||||
|
||||
#### Docker Development
|
||||
The development system loads a rust environment inside a docker container with the neccessary
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
<policymap>
|
||||
<policy domain="resource" name="memory" value="256MiB" />
|
||||
<policy domain="resource" name="list-length" value="32" />
|
||||
<policy domain="resource" name="width" value="10KP" />
|
||||
<policy domain="resource" name="height" value="10KP" />
|
||||
<policy domain="resource" name="map" value="512MiB" />
|
||||
<policy domain="resource" name="area" value="16KP" />
|
||||
<policy domain="resource" name="disk" value="1GiB" />
|
||||
<policy domain="resource" name="file" value="768" />
|
||||
<policy domain="resource" name="thread" value="2" />
|
||||
<policy domain="coder" rights="none" pattern="*" />
|
||||
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||
<policy domain="filter" rights="none" pattern="*" />
|
||||
<policy domain="path" rights="none" pattern="@*" />
|
||||
<policy domain="delegate" rights="none" pattern="*" />
|
||||
<policy domain="module" rights="none" pattern="*" />
|
||||
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||
<!-- indirect reads not permitted -->
|
||||
<policy domain="cache" name="memory-map" value="anonymous" />
|
||||
<policy domain="cache" name="synchronize" value="true" />
|
||||
<policy domain="system" name="precision" value="6" />
|
||||
<policy domain="system" name="shred" value="1" />
|
||||
</policymap>
|
|
@ -219,6 +219,8 @@ ENV \
|
|||
RUN \
|
||||
chown pictrs:pictrs /mnt
|
||||
|
||||
COPY root/ /
|
||||
|
||||
VOLUME /mnt
|
||||
WORKDIR /opt/pict-rs
|
||||
USER pictrs
|
||||
|
|
|
@ -220,6 +220,8 @@ ENV \
|
|||
RUN \
|
||||
chown pictrs:pictrs /mnt
|
||||
|
||||
COPY root/ /
|
||||
|
||||
VOLUME /mnt
|
||||
WORKDIR /opt/pict-rs
|
||||
USER pictrs
|
||||
|
|
|
@ -220,6 +220,8 @@ ENV \
|
|||
RUN \
|
||||
chown pictrs:pictrs /mnt
|
||||
|
||||
COPY root/ /
|
||||
|
||||
VOLUME /mnt
|
||||
WORKDIR /opt/pict-rs
|
||||
USER pictrs
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
<policymap>
|
||||
<policy domain="resource" name="memory" value="256MiB" />
|
||||
<policy domain="resource" name="list-length" value="32" />
|
||||
<policy domain="resource" name="width" value="10KP" />
|
||||
<policy domain="resource" name="height" value="10KP" />
|
||||
<policy domain="resource" name="map" value="512MiB" />
|
||||
<policy domain="resource" name="area" value="16KP" />
|
||||
<policy domain="resource" name="disk" value="1GiB" />
|
||||
<policy domain="resource" name="file" value="768" />
|
||||
<policy domain="resource" name="thread" value="2" />
|
||||
<policy domain="coder" rights="none" pattern="*" />
|
||||
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||
<policy domain="filter" rights="none" pattern="*" />
|
||||
<policy domain="path" rights="none" pattern="@*" />
|
||||
<policy domain="delegate" rights="none" pattern="*" />
|
||||
<policy domain="module" rights="none" pattern="*" />
|
||||
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||
<!-- indirect reads not permitted -->
|
||||
<policy domain="cache" name="memory-map" value="anonymous" />
|
||||
<policy domain="cache" name="synchronize" value="true" />
|
||||
<policy domain="system" name="precision" value="6" />
|
||||
<policy domain="system" name="shred" value="1" />
|
||||
</policymap>
|
Loading…
Reference in a new issue