8cf00cd1a6
Add a Sandbox class for running untrusted external programs like ffmpeg or exiftool inside a sandbox. This uses Linux namespaces to run the process in an isolated container, much like a Docker container. Unlike a Docker container, we can use it to sandbox programs when Danbooru itself is already running inside a Docker container. This is also more restrictive than Docker in several ways: * It has a system call filter that is more restrictive and more customizable than Docker's filter by default. Even if the process breaks out of the container, the syscall filter will limit what it can do, even if it escalates to root. * It blocks the use of setuid binaries, so the process can't use things like sudo to escalate to root inside the sandbox. * It blocks all network access inside the sandbox by default. * All files in the container are read-only by default. The sandboxed process can only communicate by writing to stdout. See app/logical/sandbox.rb for more details. This isn't actually enabled yet. It will be rolled out progressively to ensure it doesn't break things.
Environments
This directory contains environment-specific Rails configuration. This lets us have different configuration settings in development, test, and production modes.
Universal Rails configuration goes in config/application.rb or in config/initializers.