diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-12 02:26:25 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-12 02:26:25 +0100 |
| commit | dd28dcf3d620a4ac7d0a1532b812213cf094cd3c (patch) | |
| tree | a3fa8c8ef446de2bcc2f317bceb4bca868f7e0f0 /modules/profiles/templates/imagemagick-policy.xml.epp | |
| parent | Move webdav into profiles. (diff) | |
| download | webdav_server-dd28dcf3d620a4ac7d0a1532b812213cf094cd3c.tar.gz webdav_server-dd28dcf3d620a4ac7d0a1532b812213cf094cd3c.tar.xz | |
Revert "Move webdav into profiles."
It actually reverts the non-need for the nginx module webdav_ext. Since
Omnifocus requires PROPFIND.
This reverts commit edf6ffe8b399679ba28cc5e558a6838919dd1ee8.
Diffstat (limited to '')
| -rw-r--r-- | modules/profiles/templates/imagemagick-policy.xml.epp | 89 |
1 files changed, 0 insertions, 89 deletions
diff --git a/modules/profiles/templates/imagemagick-policy.xml.epp b/modules/profiles/templates/imagemagick-policy.xml.epp deleted file mode 100644 index cbea9e9..0000000 --- a/modules/profiles/templates/imagemagick-policy.xml.epp +++ /dev/null @@ -1,89 +0,0 @@ -<%- | Array[Hash] $policies | -%> -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE policymap [ - <!ELEMENT policymap (policy)*> - <!ATTLIST policymap xmlns CDATA #FIXED ''> - <!ELEMENT policy EMPTY> - <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED - name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED - stealth NMTOKEN #IMPLIED value CDATA #IMPLIED> -]> -<!-- - Configure ImageMagick policies. - - Domains include system, delegate, coder, filter, path, or resource. - - Rights include none, read, write, execute and all. Use | to combine them, - for example: "read | write" to permit read from, or write to, a path. - - Use a glob expression as a pattern. - - Suppose we do not want users to process MPEG video images: - - <policy domain="delegate" rights="none" pattern="mpeg:decode" /> - - Here we do not want users reading images from HTTP: - - <policy domain="coder" rights="none" pattern="HTTP" /> - - The /repository file system is restricted to read only. We use a glob - expression to match all paths that start with /repository: - - <policy domain="path" rights="read" pattern="/repository/*" /> - - Lets prevent users from executing any image filters: - - <policy domain="filter" rights="none" pattern="*" /> - - Any large image is cached to disk rather than memory: - - <policy domain="resource" name="area" value="1GP"/> - - Use the default system font unless overwridden by the application: - - <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/> - - Define arguments for the memory, map, area, width, height and disk resources - with SI prefixes (.e.g 100MB). In addition, resource policies are maximums - for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB - exceeds policy maximum so memory limit is 1GB). - - Rules are processed in order. Here we want to restrict ImageMagick to only - read or write a small subset of proven web-safe image types: - - <policy domain="delegate" rights="none" pattern="*" /> - <policy domain="filter" rights="none" pattern="*" /> - <policy domain="coder" rights="none" pattern="*" /> - <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" /> ---> -<policymap> - <!-- Sample policies --> - <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> --> - <!-- <policy domain="resource" name="memory" value="2GiB"/> --> - <!-- <policy domain="resource" name="map" value="4GiB"/> --> - <!-- <policy domain="resource" name="width" value="10KP"/> --> - <!-- <policy domain="resource" name="height" value="10KP"/> --> - <!-- <policy domain="resource" name="list-length" value="128"/> --> - <!-- <policy domain="resource" name="area" value="100MP"/> --> - <!-- <policy domain="resource" name="disk" value="16EiB"/> --> - <!-- <policy domain="resource" name="file" value="768"/> --> - <!-- <policy domain="resource" name="thread" value="4"/> --> - <!-- <policy domain="resource" name="throttle" value="0"/> --> - <!-- <policy domain="resource" name="time" value="3600"/> --> - <!-- <policy domain="coder" rights="none" pattern="MVG" /> --> - <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> --> - <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> --> - <!-- <policy domain="path" rights="none" pattern="@*" /> --> - <!-- <policy domain="cache" name="memory-map" value="anonymous"/> --> - <!-- <policy domain="cache" name="synchronize" value="True"/> --> - <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> --> - <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> --> - <!-- <policy domain="system" name="shred" value="2"/> --> - <!-- <policy domain="system" name="precision" value="6"/> --> - <!-- <policy domain="system" name="font" value="/path/to/unicode-font.ttf"/> --> - <!-- Below policies generated from puppet --> - <% $policies.map |$policy| { %> - <policy domain="<%= $policy['domain'] %>" rights="<%= $policy['rights'] %>" pattern="<%= $policy['pattern'] %>" /> - <%- } %> -</policymap> -<!-- NOTE File managed by puppet, any manual changes will be overwritten. --> |