Skip to content

Instantly share code, notes, and snippets.

@pfigel
Last active November 18, 2017 02:36
Show Gist options
  • Save pfigel/5aa5ca53b1589ff403b6dadad447e5bf to your computer and use it in GitHub Desktop.
Save pfigel/5aa5ca53b1589ff403b6dadad447e5bf to your computer and use it in GitHub Desktop.
ImageMagick policy.xml for Mastodon. Requires ImageMagick >= 7.0.4-7
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policymap [
<!ELEMENT policymap (policy)+>
<!ATTLIST policymap xmlns CDATA #FIXED ''>
<!ELEMENT policy EMPTY>
<!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
]>
<policymap>
<policy domain="resource" name="memory" value="256MiB" />
<policy domain="resource" name="map" value="256MiB" />
<policy domain="resource" name="width" value="8KP" />
<policy domain="resource" name="height" value="8KP" />
<policy domain="resource" name="area" value="16KP" />
<policy domain="resource" name="disk" value="512MB" />
<policy domain="resource" name="file" value="512" />
<policy domain="resource" name="thread" value="2" />
<policy domain="resource" name="time" value="120" />
<policy domain="system" name="precision" value="6" />
<policy domain="system" name="max-memory-request" value="256MB" />
<policy domain="system" name="memory-map" value="anonymous" />
<policy domain="cache" name="memory-map" value="anonymous" />
<policy domain="system" name="shred" value="1" />
<policy domain="delegate" rights="none" pattern="*" />
<policy domain="coder" rights="none" pattern="*" />
<policy domain="coder" rights="read | write" pattern="{GIF,JPEG,PNG,WEBP}" />
<!-- in order to avoid to get image with password text -->
<policy domain="path" rights="none" pattern="@*" />
<!-- replace value with a random passphrase -->
<policy domain="cache" name="shared-secret" value="passphrase" stealth="true" />
</policymap>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment