marcel/familienarchiv
1
0
Fork 0
Code Issues 102 Pull Requests Actions Packages Projects Releases Wiki Activity

security(ocr): run OCR container as non-root user (CIS Docker §4.1) #611

Merged
marcel merged 12 commits from feat/issue-459-ocr-non-root into main 2026-05-17 19:06:47 +02:00
Conversation 31 Commits 12 Files Changed 9 +2
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 581ba01d8d - Show all commits

2
ocr-service/main.py
View File

@@ -56,6 +56,8 @@ async def lifespan(app: FastAPI):
"""Load lightweight models at startup. Surya loads lazily on first request.""" """Load lightweight models at startup. Surya loads lazily on first request."""
global _models_ready global _models_ready
if os.getuid() == 0:
logger.warning("Running as root — CIS Docker §4.1 violation")
logger.info("Loading Kraken model at startup (Surya loads lazily on first OCR request)...") logger.info("Loading Kraken model at startup (Surya loads lazily on first OCR request)...")
kraken_engine.load_models() kraken_engine.load_models()
load_spell_checker() load_spell_checker()