From ab24786d2acaa727870946a6b6e77dfcabeeb105 Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Sun, 17 May 2026 16:47:18 +0200
Subject: [PATCH] =?UTF-8?q?security(ocr):=20harden=20compose=20=E2=80=94?=
 =?UTF-8?q?=20fix=20cache=20volume=20path,=20add=20read=5Fonly=20+=20cap?=
 =?UTF-8?q?=5Fdrop?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Move ocr_cache mount from /root/.cache to /app/cache (correct path for
non-root user). Add HF_HOME so Hugging Face resolves to the same path.
Add runtime hardening: read_only, tmpfs /tmp (512 MB cap), cap_drop ALL,
no-new-privileges.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 docker-compose.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 2a3b7407..c256fa39 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -87,8 +87,9 @@ services:
     memswap_limit: 12g
     volumes:
       - ocr_models:/app/models
-      - ocr_cache:/root/.cache  # Hugging Face / ketos model download cache — prevents re-downloads on container recreate
+      - ocr_cache:/app/cache
     environment:
+      HF_HOME: /app/cache
       KRAKEN_MODEL_PATH: /app/models/german_kurrent.mlmodel
       TRAINING_TOKEN: "${OCR_TRAINING_TOKEN:-}"
       OCR_CONFIDENCE_THRESHOLD: "0.3"
@@ -106,6 +107,12 @@ services:
       timeout: 5s
       retries: 12
       start_period: 120s
+    read_only: true
+    tmpfs:
+      - /tmp:size=512m   # training endpoints write ZIPs to /tmp; 512 MB covers typical batches (20–50 images)
+    cap_drop: [ALL]
+    security_opt:
+      - no-new-privileges:true
 
   # --- Backend: Spring Boot ---
   backend: