8cf00cd1a6
Add a Sandbox class for running untrusted external programs like ffmpeg or exiftool inside a sandbox. This uses Linux namespaces to run the process in an isolated container, much like a Docker container. Unlike a Docker container, we can use it to sandbox programs when Danbooru itself is already running inside a Docker container. This is also more restrictive than Docker in several ways: * It has a system call filter that is more restrictive and more customizable than Docker's filter by default. Even if the process breaks out of the container, the syscall filter will limit what it can do, even if it escalates to root. * It blocks the use of setuid binaries, so the process can't use things like sudo to escalate to root inside the sandbox. * It blocks all network access inside the sandbox by default. * All files in the container are read-only by default. The sandboxed process can only communicate by writing to stdout. See app/logical/sandbox.rb for more details. This isn't actually enabled yet. It will be rolled out progressively to ensure it doesn't break things.
Config
This directory contains configuration files for Danbooru.
To configure your Danbooru instance, copy danbooru_default_config.rb to danbooru_local_config.rb and edit it. See danbooru_default_config.rb for details.
The only file here that end users need to be concerned about is danbooru_default_config.rb. The rest of the files here are internal Rails-related configuration files that end users shouldn't need to edit.