mirror of
https://git.asonix.dog/asonix/pict-rs
synced 2024-11-10 06:25:00 +00:00
Add imagemagick policy file for docker
Add note about imagemagick policy to readme
This commit is contained in:
parent
468103a7cc
commit
b73dce91b2
6 changed files with 56 additions and 2 deletions
|
|
@ -9,7 +9,7 @@ _a simple image hosting service_
|
||||||
## Usage
|
## Usage
|
||||||
### Running
|
### Running
|
||||||
```
|
```
|
||||||
pict-rs 0.3.0-alpha.5
|
pict-rs 0.3.0-alpha.8
|
||||||
|
|
||||||
USAGE:
|
USAGE:
|
||||||
pict-rs [FLAGS] [OPTIONS] --path <path>
|
pict-rs [FLAGS] [OPTIONS] --path <path>
|
||||||
|
|
@ -59,7 +59,9 @@ $ wget https://git.asonix.dog/asonix/pict-rs/raw/branch/master/docker/prod/docke
|
||||||
$ sudo docker-compose up -d
|
$ sudo docker-compose up -d
|
||||||
```
|
```
|
||||||
###### Note
|
###### Note
|
||||||
pict-rs makes use of the system's temporary folder. This is generally `/tmp` on linux
|
- pict-rs makes use of the system's temporary folder. This is generally `/tmp` on linux
|
||||||
|
- pict-rs makes use of a default imagemagick security policy at
|
||||||
|
`/usr/local/lib/ImageMagick-$VERSION/config-Q16HDRI/policy.xml`
|
||||||
|
|
||||||
#### Docker Development
|
#### Docker Development
|
||||||
The development system loads a rust environment inside a docker container with the neccessary
|
The development system loads a rust environment inside a docker container with the neccessary
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
<policymap>
|
||||||
|
<policy domain="resource" name="memory" value="256MiB" />
|
||||||
|
<policy domain="resource" name="list-length" value="32" />
|
||||||
|
<policy domain="resource" name="width" value="10KP" />
|
||||||
|
<policy domain="resource" name="height" value="10KP" />
|
||||||
|
<policy domain="resource" name="map" value="512MiB" />
|
||||||
|
<policy domain="resource" name="area" value="16KP" />
|
||||||
|
<policy domain="resource" name="disk" value="1GiB" />
|
||||||
|
<policy domain="resource" name="file" value="768" />
|
||||||
|
<policy domain="resource" name="thread" value="2" />
|
||||||
|
<policy domain="coder" rights="none" pattern="*" />
|
||||||
|
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||||
|
<policy domain="filter" rights="none" pattern="*" />
|
||||||
|
<policy domain="path" rights="none" pattern="@*" />
|
||||||
|
<policy domain="delegate" rights="none" pattern="*" />
|
||||||
|
<policy domain="module" rights="none" pattern="*" />
|
||||||
|
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||||
|
<!-- indirect reads not permitted -->
|
||||||
|
<policy domain="cache" name="memory-map" value="anonymous" />
|
||||||
|
<policy domain="cache" name="synchronize" value="true" />
|
||||||
|
<policy domain="system" name="precision" value="6" />
|
||||||
|
<policy domain="system" name="shred" value="1" />
|
||||||
|
</policymap>
|
||||||
|
|
@ -219,6 +219,8 @@ ENV \
|
||||||
RUN \
|
RUN \
|
||||||
chown pictrs:pictrs /mnt
|
chown pictrs:pictrs /mnt
|
||||||
|
|
||||||
|
COPY root/ /
|
||||||
|
|
||||||
VOLUME /mnt
|
VOLUME /mnt
|
||||||
WORKDIR /opt/pict-rs
|
WORKDIR /opt/pict-rs
|
||||||
USER pictrs
|
USER pictrs
|
||||||
|
|
|
||||||
|
|
@ -220,6 +220,8 @@ ENV \
|
||||||
RUN \
|
RUN \
|
||||||
chown pictrs:pictrs /mnt
|
chown pictrs:pictrs /mnt
|
||||||
|
|
||||||
|
COPY root/ /
|
||||||
|
|
||||||
VOLUME /mnt
|
VOLUME /mnt
|
||||||
WORKDIR /opt/pict-rs
|
WORKDIR /opt/pict-rs
|
||||||
USER pictrs
|
USER pictrs
|
||||||
|
|
|
||||||
|
|
@ -220,6 +220,8 @@ ENV \
|
||||||
RUN \
|
RUN \
|
||||||
chown pictrs:pictrs /mnt
|
chown pictrs:pictrs /mnt
|
||||||
|
|
||||||
|
COPY root/ /
|
||||||
|
|
||||||
VOLUME /mnt
|
VOLUME /mnt
|
||||||
WORKDIR /opt/pict-rs
|
WORKDIR /opt/pict-rs
|
||||||
USER pictrs
|
USER pictrs
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
<policymap>
|
||||||
|
<policy domain="resource" name="memory" value="256MiB" />
|
||||||
|
<policy domain="resource" name="list-length" value="32" />
|
||||||
|
<policy domain="resource" name="width" value="10KP" />
|
||||||
|
<policy domain="resource" name="height" value="10KP" />
|
||||||
|
<policy domain="resource" name="map" value="512MiB" />
|
||||||
|
<policy domain="resource" name="area" value="16KP" />
|
||||||
|
<policy domain="resource" name="disk" value="1GiB" />
|
||||||
|
<policy domain="resource" name="file" value="768" />
|
||||||
|
<policy domain="resource" name="thread" value="2" />
|
||||||
|
<policy domain="coder" rights="none" pattern="*" />
|
||||||
|
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||||
|
<policy domain="filter" rights="none" pattern="*" />
|
||||||
|
<policy domain="path" rights="none" pattern="@*" />
|
||||||
|
<policy domain="delegate" rights="none" pattern="*" />
|
||||||
|
<policy domain="module" rights="none" pattern="*" />
|
||||||
|
<policy domain="module" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
|
||||||
|
<!-- indirect reads not permitted -->
|
||||||
|
<policy domain="cache" name="memory-map" value="anonymous" />
|
||||||
|
<policy domain="cache" name="synchronize" value="true" />
|
||||||
|
<policy domain="system" name="precision" value="6" />
|
||||||
|
<policy domain="system" name="shred" value="1" />
|
||||||
|
</policymap>
|
||||||
Loading…
Reference in a new issue