Problem ImageMagick: override policy.xml path in docker, but default settings persist

  docker, heroku, imagemagick

I’m using ImageProcessing that uses MiniMagick to get thumbnail from a specific page from a pdf file. I have a code to get the position and width that I need to make the crop, but each time I try to open the file and transform it I get this error:

convert-im6.q16: attempt to perform an operation not allowed by the security policy PDF' @ error/constitute.c/IsCoderAuthorized/408.

I already know that it is because the file named policy.xml. I tried to put this line at etc/ImageMagick-6/policy.xml

<policy domain="coder" rights="read|write" pattern="PDF" />

But my problem is that I am using docker and the production server is Heroku, then if I try to change manually the policy file in the container (using vim for example) the change doesn’t persist.

Another alternative that I tried was to create my own policy file at the project’s root and set an environment variablewith the configuration’s location: MAGICK_CONFIGURE_PATH

I tried with MAGICK_CONFIGURE_PATH='/app/.magick/' and MAGICK_CONFIGURE_PATH='/app/.magick/:/etc/ImageMagick-6/' separately at my env file.

But when I use identify -list policy after build (docker-compose build) I get both policies, the default one and the custom one:

Path: /polux/.magick/policy.xml
  Policy: Resource
    name: disk
    value: 1GiB
  Policy: Resource
    name: map
    value: 512MiB
  Policy: Resource
    name: memory
    value: 256MiB
  Policy: Resource
    name: area
    value: 128MB
  Policy: Resource
    name: height
    value: 16KP
  Policy: Resource
    name: width
    value: 16KP
  Policy: Delegate
    rights: None
    pattern: URL
  Policy: Delegate
    rights: None
    pattern: HTTPS
  Policy: Delegate
    rights: None
    pattern: HTTP
  Policy: Path
    rights: None
    pattern: @*
  Policy: Coder
    rights: None
    pattern: PS
  Policy: Coder
    rights: None
    pattern: PS2
  Policy: Coder
    rights: None
    pattern: PS3
  Policy: Coder
    rights: None
    pattern: EPS
  Policy: Coder
    rights: Read Write
    pattern: PDF
  Policy: Coder
    rights: None
    pattern: XPS

Path: /etc/ImageMagick-6/policy.xml
  Policy: Resource
    name: memory
    value: 256MiB
  Policy: Resource
    name: map
    value: 512MiB
  Policy: Resource
    name: width
    value: 16KP
  Policy: Resource
    name: height
    value: 16KP
  Policy: Resource
    name: area
    value: 128MB
  Policy: Resource
    name: disk
    value: 1GiB
  Policy: Delegate
    rights: None
    pattern: URL
  Policy: Delegate
    rights: None
    pattern: HTTPS
  Policy: Delegate
    rights: None
    pattern: HTTP
  Policy: Path
    rights: None
    pattern: @*
  Policy: Coder
    rights: None
    pattern: PS
  Policy: Coder
    rights: None
    pattern: PS2
  Policy: Coder
    rights: None
    pattern: PS3
  Policy: Coder
    rights: None
    pattern: EPS
  Policy: Coder
    rights: None
    pattern: PDF
  Policy: Coder
    rights: None
    pattern: XPS

Path: [built-in]
  Policy: Undefined
    rights: None

Then, when I try to make the thumbnail, I get the permission error mentioned before.

My actual code to make the thumbnail:

filename = ‘sample.pdf’
if File.exists?(filename) 
    file = File.open(filename) 
    pages = PDFTextProcessor.process(file, [3]) # page 3 in the pdf 

else 
    puts "Cannot open file '#{filename}' (or no file given)" 

end


width = 200 
target_x = 0 
target_y = 0

magick = ImageProcessing::MiniMagick.source(filename) 

magick.crop(target_x, target_y, width, width). convert("png").call # error here

Thank you

Source: Docker Questions

LEAVE A COMMENT