diff options
Diffstat (limited to 'config/imagemagick/policy.xml')
| -rw-r--r-- | config/imagemagick/policy.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/config/imagemagick/policy.xml b/config/imagemagick/policy.xml new file mode 100644 index 000000000..1052476b3 --- /dev/null +++ b/config/imagemagick/policy.xml @@ -0,0 +1,27 @@ +<policymap> + <!-- Set some basic system resource limits --> + <policy domain="resource" name="time" value="60" /> + + <policy domain="module" rights="none" pattern="URL" /> + + <policy domain="filter" rights="none" pattern="*" /> + + <!-- + Ideally, we would restrict ImageMagick to only accessing its own + disk-backed pixel cache as well as Mastodon-created Tempfiles. + + However, those paths depend on the operating system and environment + variables, so they can only be known at runtime. + + Furthermore, those paths are not necessarily shared across Mastodon + processes, so even creating a policy.xml at runtime is impractical. + + For the time being, only disable indirect reads. + --> + <policy domain="path" rights="none" pattern="@*" /> + + <!-- Disallow any coder by default, and only enable ones required by Mastodon --> + <policy domain="coder" rights="none" pattern="*" /> + <policy domain="coder" rights="read | write" pattern="{PNG,JPEG,GIF,HEIC,WEBP}" /> + <policy domain="coder" rights="write" pattern="{HISTOGRAM,RGB,INFO}" /> +</policymap> |