<policymap> <!-- Set some basic system resource limits --> <policy domain="resource" name="time" value="60" /> <policy domain="module" rights="none" pattern="URL" /> <policy domain="filter" rights="none" pattern="*" /> <!-- Ideally, we would restrict ImageMagick to only accessing its own disk-backed pixel cache as well as Mastodon-created Tempfiles. However, those paths depend on the operating system and environment variables, so they can only be known at runtime. Furthermore, those paths are not necessarily shared across Mastodon processes, so even creating a policy.xml at runtime is impractical. For the time being, only disable indirect reads. --> <policy domain="path" rights="none" pattern="@*" /> <!-- Disallow any coder by default, and only enable ones required by Mastodon --> <policy domain="coder" rights="none" pattern="*" /> <policy domain="coder" rights="read | write" pattern="{JPEG,PNG,GIF,WEBP,HEIC,AVIF}" /> <policy domain="coder" rights="write" pattern="{HISTOGRAM,RGB,INFO}" /> </policymap>