]> git.ipfire.org Git - thirdparty/xz.git/commit
projects / thirdparty / xz.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7312dfb) | patch
xz: Move sandboxing code to sandbox.c and improve Landlock sandbox.
authorLasse Collin <lasse.collin@tukaani.org>
Sat, 17 Feb 2024 21:07:35 +0000 (23:07 +0200)
committerLasse Collin <lasse.collin@tukaani.org>
Sat, 17 Feb 2024 21:07:35 +0000 (23:07 +0200)
commit374868d81d473ab56556a1cfd6b1b36a1fab348b
tree195da6ba1f931c4ec7783832428ea3c2bbcac2b5tree
parent7312dfbb02197c7f990c7a3cefd027a9387d1473commit | diff
xz: Move sandboxing code to sandbox.c and improve Landlock sandbox.

Landlock is now always used just like pledge(2) is: first in more
permissive mode and later (under certain common conditions) in
a strict mode that doesn't allow opening more files.

I put pledge(2) first in sandbox.c because it's the simplest API
to use and still somewhat fine-grained for basic applications.
So it's the simplest thing to understand for anyone reading sandbox.c.
CMakeLists.txt diff | blob | blame | history
src/xz/Makefile.am diff | blob | blame | history
src/xz/file_io.c diff | blob | blame | history
src/xz/file_io.h diff | blob | blame | history
src/xz/main.c diff | blob | blame | history
src/xz/private.h diff | blob | blame | history
src/xz/sandbox.c [new file with mode: 0644] blob
src/xz/sandbox.h [new file with mode: 0644] blob
Mirror of https://github.com/tukaani-project/xz.git