yume/yumechi-no-kuni-proxy-worker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Docs

Browse source 
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
ゆめ 2024-11-23 12:03:14 -06:00
parent dc619349d4
commit 366504eec7
No known key found for this signature in database
3 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -95,7 +95,7 @@ AppArmor is a Mandatory Access Control Linux security module that can be used to
It is much more secure than Docker and I recommend using AppArmor instead of Docker for isolation, mainly because:
- Docker is not designed for security but for convenience.
- Docker only creates a new namespace but do not actually police the actions of the task.
- Docker only creates a new namespace but do not actually police the actions of the task and will expose much more kernel interfaces to the task.
- There is no dynamic privilege reduction in Docker, so if the image parsing is compromised at the very least your whole container is compromised.
- AFAIK there are no known bypasses for AppArmor, but there are known bypasses for Docker.

6
mac/apparmor/yumechi-no-kuni-proxy-worker
View file

@ -72,10 +72,10 @@ profile yumechi-no-kuni-proxy-worker @{prog_path} {
deny network (bind) udp,
/{,usr/}{,local/}{,s}bin/@{prog} ixr,
owner /var/lib/@{prog}/{,bin}/@{prog} ixr,
owner /var/lib/@{prog}/{,bin/}@{prog} ixr,
signal (send, receive) set=int,term,kill peer=yume-proxy-workers//serve,
signal (send) set=int,term,kill,usr1 peer=yume-proxy-workers//serve//image,
signal (send, receive) set=(int, term, kill) peer=yume-proxy-workers//serve,
signal (send) set=(int, term, kill, usr1) peer=yume-proxy-workers//serve//image,
^image {

4
src/lib.rs
View file

@ -822,10 +822,10 @@ pub struct App<C: UpstreamClient, S: Sandboxing> {
}
#[cfg(feature = "env-local")]
/// Register cancel handler for threads that has ran away for some reason
/// Register cancel handler for threads that has ran away for some reason and multiple dirty terminations has occurred
///
/// This should only happen when some kind of malformed input is happening that causes the image parser to hang
/// without triggering the resource limits.
/// without triggering the resource limits, as a last resort.
#[allow(unsafe_code)]
pub fn register_cancel_handler() {
static STRIKES: AtomicU64 = AtomicU64::new(0);