Docs

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>

README.md

@@ -95,7 +95,7 @@ AppArmor is a Mandatory Access Control Linux security module that can be used to
 It is much more secure than Docker and I recommend using AppArmor instead of Docker for isolation, mainly because:
 
 - Docker is not designed for security but for convenience.
-- Docker only creates a new namespace but do not actually police the actions of the task.
+- Docker only creates a new namespace but do not actually police the actions of the task and will expose much more kernel interfaces to the task.
 - There is no dynamic privilege reduction in Docker, so if the image parsing is compromised at the very least your whole container is compromised.
 - AFAIK there are no known bypasses for AppArmor, but there are known bypasses for Docker.
 

mac/apparmor/yumechi-no-kuni-proxy-worker

@@ -72,7 +72,7 @@ profile yumechi-no-kuni-proxy-worker @{prog_path} {
         deny network (bind) udp,
 
         /{,usr/}{,local/}{,s}bin/@{prog} ixr,
-        owner /var/lib/@{prog}/{,bin}/@{prog} ixr,
+        owner /var/lib/@{prog}/{,bin/}@{prog} ixr,
 
         signal (send, receive) set=int,term,kill peer=yume-proxy-workers//serve,
         signal (send) set=int,term,kill,usr1 peer=yume-proxy-workers//serve//image,

src/lib.rs

@@ -822,10 +822,10 @@ pub struct App<C: UpstreamClient, S: Sandboxing> {
 }
 
 #[cfg(feature = "env-local")]
-/// Register cancel handler for threads that has ran away for some reason
+/// Register cancel handler for threads that has ran away for some reason and multiple dirty terminations has occurred
 ///
 /// This should only happen when some kind of malformed input is happening that causes the image parser to hang
-/// without triggering the resource limits.
+/// without triggering the resource limits, as a last resort.
 #[allow(unsafe_code)]
 pub fn register_cancel_handler() {
     static STRIKES: AtomicU64 = AtomicU64::new(0);