mirror of
https://github.com/YunoHost-Apps/paperless-ngx_ynh.git
synced 2024-09-03 19:56:33 +02:00
Implement imagemagick policy for convert
calls
This commit is contained in:
parent
5d15ed7abc
commit
731ed07a25
4 changed files with 36 additions and 1 deletions
23
conf/policy.xml
Normal file
23
conf/policy.xml
Normal file
|
@ -0,0 +1,23 @@
|
|||
<policymap>
|
||||
<!-- temporary path must be a preexisting writable directory -->
|
||||
<policy domain="resource" name="temporary-path" value="__DATA_DIR__/imagemagick"/>
|
||||
<policy domain="resource" name="memory" value="256MiB"/>
|
||||
<policy domain="resource" name="list-length" value="32"/>
|
||||
<policy domain="resource" name="width" value="8KP"/>
|
||||
<policy domain="resource" name="height" value="8KP"/>
|
||||
<policy domain="resource" name="map" value="512MiB"/>
|
||||
<policy domain="resource" name="area" value="16KP"/>
|
||||
<policy domain="resource" name="disk" value="1GiB"/>
|
||||
<policy domain="resource" name="file" value="768"/>
|
||||
<policy domain="resource" name="thread" value="2"/>
|
||||
<policy domain="resource" name="time" value="120"/>
|
||||
<policy domain="module" rights="none" pattern="URL" />
|
||||
<policy domain="coder" rights="read | write" pattern="{MSVG,MVG,PS,PDF,RSVG,SVG,XPS}" />
|
||||
<policy domain="filter" rights="none" pattern="*" />
|
||||
<policy domain="path" rights="none" pattern="-"/> <!-- don't read/write from/to stdin/stdout -->
|
||||
<policy domain="path" rights="none" pattern="/etc/*"/> <!-- don't read sensitive paths -->
|
||||
<policy domain="path" rights="none" pattern="@*"/> <!-- indirect reads not permitted -->
|
||||
<policy domain="cache" name="memory-map" value="anonymous"/>
|
||||
<policy domain="cache" name="synchronize" value="true"/>
|
||||
<policy domain="system" name="shred" value="1"/>
|
||||
</policymap>
|
|
@ -70,7 +70,7 @@ ram.runtime = "350M"
|
|||
[resources.install_dir]
|
||||
|
||||
[resources.data_dir]
|
||||
subdirs = ["consume", "data", "media"]
|
||||
subdirs = ["consume", "data", "media", "imagemagick"]
|
||||
|
||||
[resources.permissions]
|
||||
main.url = "/"
|
||||
|
|
|
@ -103,6 +103,12 @@ ynh_add_config --template="paperless.conf.example" --destination="$install_dir/p
|
|||
chmod 400 "$install_dir/paperless.conf"
|
||||
chown $app:$app "$install_dir/paperless.conf"
|
||||
|
||||
# ImageMagick configuration
|
||||
mkdir -p "$install_dir/.config/ImageMagick"
|
||||
ynh_add_config --template="policy.xml" --destination="$install_dir/.config/ImageMagick/policy.xml"
|
||||
chmod 400 "$install_dir/.config/ImageMagick/policy.xml"
|
||||
chown -R $app:$app "$install_dir/.config"
|
||||
|
||||
#=================================================
|
||||
# SETUP THE DATABASE
|
||||
#=================================================
|
||||
|
|
|
@ -128,6 +128,12 @@ ynh_add_config --template="paperless.conf.example" --destination="$install_dir/p
|
|||
chmod 400 "$install_dir/paperless.conf"
|
||||
chown $app:$app "$install_dir/paperless.conf"
|
||||
|
||||
# ImageMagick configuration
|
||||
mkdir -p "$install_dir/.config/ImageMagick"
|
||||
ynh_add_config --template="policy.xml" --destination="$install_dir/.config/ImageMagick/policy.xml"
|
||||
chmod 400 "$install_dir/.config/ImageMagick/policy.xml"
|
||||
chown -R $app:$app "$install_dir/.config"
|
||||
|
||||
#=================================================
|
||||
# SETUP THE DATABASE
|
||||
#=================================================
|
||||
|
|
Loading…
Reference in a new issue