Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
ゆめ 2024-11-23 12:03:14 -06:00
parent dc619349d4
commit 366504eec7
No known key found for this signature in database
3 changed files with 6 additions and 6 deletions

View file

@ -95,7 +95,7 @@ AppArmor is a Mandatory Access Control Linux security module that can be used to
It is much more secure than Docker and I recommend using AppArmor instead of Docker for isolation, mainly because: It is much more secure than Docker and I recommend using AppArmor instead of Docker for isolation, mainly because:
- Docker is not designed for security but for convenience. - Docker is not designed for security but for convenience.
- Docker only creates a new namespace but do not actually police the actions of the task. - Docker only creates a new namespace but do not actually police the actions of the task and will expose much more kernel interfaces to the task.
- There is no dynamic privilege reduction in Docker, so if the image parsing is compromised at the very least your whole container is compromised. - There is no dynamic privilege reduction in Docker, so if the image parsing is compromised at the very least your whole container is compromised.
- AFAIK there are no known bypasses for AppArmor, but there are known bypasses for Docker. - AFAIK there are no known bypasses for AppArmor, but there are known bypasses for Docker.

View file

@ -72,10 +72,10 @@ profile yumechi-no-kuni-proxy-worker @{prog_path} {
deny network (bind) udp, deny network (bind) udp,
/{,usr/}{,local/}{,s}bin/@{prog} ixr, /{,usr/}{,local/}{,s}bin/@{prog} ixr,
owner /var/lib/@{prog}/{,bin}/@{prog} ixr, owner /var/lib/@{prog}/{,bin/}@{prog} ixr,
signal (send, receive) set=int,term,kill peer=yume-proxy-workers//serve, signal (send, receive) set=(int, term, kill) peer=yume-proxy-workers//serve,
signal (send) set=int,term,kill,usr1 peer=yume-proxy-workers//serve//image, signal (send) set=(int, term, kill, usr1) peer=yume-proxy-workers//serve//image,
^image { ^image {

View file

@ -822,10 +822,10 @@ pub struct App<C: UpstreamClient, S: Sandboxing> {
} }
#[cfg(feature = "env-local")] #[cfg(feature = "env-local")]
/// Register cancel handler for threads that has ran away for some reason /// Register cancel handler for threads that has ran away for some reason and multiple dirty terminations has occurred
/// ///
/// This should only happen when some kind of malformed input is happening that causes the image parser to hang /// This should only happen when some kind of malformed input is happening that causes the image parser to hang
/// without triggering the resource limits. /// without triggering the resource limits, as a last resort.
#[allow(unsafe_code)] #[allow(unsafe_code)]
pub fn register_cancel_handler() { pub fn register_cancel_handler() {
static STRIKES: AtomicU64 = AtomicU64::new(0); static STRIKES: AtomicU64 = AtomicU64::new(0);