From 366504eec7bcad3977424a0e5c7a77814318fd2c Mon Sep 17 00:00:00 2001 From: eternal-flame-AD Date: Sat, 23 Nov 2024 12:03:14 -0600 Subject: [PATCH] Docs Signed-off-by: eternal-flame-AD --- README.md | 2 +- mac/apparmor/yumechi-no-kuni-proxy-worker | 6 +++--- src/lib.rs | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ff10559..c19b73e 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ AppArmor is a Mandatory Access Control Linux security module that can be used to It is much more secure than Docker and I recommend using AppArmor instead of Docker for isolation, mainly because: - Docker is not designed for security but for convenience. -- Docker only creates a new namespace but do not actually police the actions of the task. +- Docker only creates a new namespace but do not actually police the actions of the task and will expose much more kernel interfaces to the task. - There is no dynamic privilege reduction in Docker, so if the image parsing is compromised at the very least your whole container is compromised. - AFAIK there are no known bypasses for AppArmor, but there are known bypasses for Docker. diff --git a/mac/apparmor/yumechi-no-kuni-proxy-worker b/mac/apparmor/yumechi-no-kuni-proxy-worker index f4e7516..eb65d3e 100644 --- a/mac/apparmor/yumechi-no-kuni-proxy-worker +++ b/mac/apparmor/yumechi-no-kuni-proxy-worker @@ -72,10 +72,10 @@ profile yumechi-no-kuni-proxy-worker @{prog_path} { deny network (bind) udp, /{,usr/}{,local/}{,s}bin/@{prog} ixr, - owner /var/lib/@{prog}/{,bin}/@{prog} ixr, + owner /var/lib/@{prog}/{,bin/}@{prog} ixr, - signal (send, receive) set=int,term,kill peer=yume-proxy-workers//serve, - signal (send) set=int,term,kill,usr1 peer=yume-proxy-workers//serve//image, + signal (send, receive) set=(int, term, kill) peer=yume-proxy-workers//serve, + signal (send) set=(int, term, kill, usr1) peer=yume-proxy-workers//serve//image, ^image { diff --git a/src/lib.rs b/src/lib.rs index ad6c5c5..1f960a5 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -822,10 +822,10 @@ pub struct App { } #[cfg(feature = "env-local")] -/// Register cancel handler for threads that has ran away for some reason +/// Register cancel handler for threads that has ran away for some reason and multiple dirty terminations has occurred /// /// This should only happen when some kind of malformed input is happening that causes the image parser to hang -/// without triggering the resource limits. +/// without triggering the resource limits, as a last resort. #[allow(unsafe_code)] pub fn register_cancel_handler() { static STRIKES: AtomicU64 = AtomicU64::new(0);