You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 lines
1.0 KiB
27 lines
1.0 KiB
<policymap> |
|
<!-- Set some basic system resource limits --> |
|
<policy domain="resource" name="time" value="60" /> |
|
|
|
<policy domain="module" rights="none" pattern="URL" /> |
|
|
|
<policy domain="filter" rights="none" pattern="*" /> |
|
|
|
<!-- |
|
Ideally, we would restrict ImageMagick to only accessing its own |
|
disk-backed pixel cache as well as Mastodon-created Tempfiles. |
|
|
|
However, those paths depend on the operating system and environment |
|
variables, so they can only be known at runtime. |
|
|
|
Furthermore, those paths are not necessarily shared across Mastodon |
|
processes, so even creating a policy.xml at runtime is impractical. |
|
|
|
For the time being, only disable indirect reads. |
|
--> |
|
<policy domain="path" rights="none" pattern="@*" /> |
|
|
|
<!-- Disallow any coder by default, and only enable ones required by Mastodon --> |
|
<policy domain="coder" rights="none" pattern="*" /> |
|
<policy domain="coder" rights="read | write" pattern="{JPEG,PNG,GIF,WEBP,HEIC,AVIF}" /> |
|
<policy domain="coder" rights="write" pattern="{HISTOGRAM,RGB,INFO}" /> |
|
</policymap>
|
|
|