xz: Disable sandbox when recursive mode is used.

The sandbox is very restrictive when one file is being encoded/decoded
to standard out. In recursive mode, processing a directory requires
opening sub-files and sub-directories which would not be allowed under
the sandbox.

diff --git a/src/xz/main.c b/src/xz/main.c
index 72731788aa19a7a03462d9f32deda99a89003d0b..5913469b2fae23fc08f242db593c855cdf991791 100644 (file)
--- a/src/xz/main.c
+++ b/src/xz/main.c
@@ -455,7 +455,8 @@ main(int argc, char **argv)
        // TODO: Make sandboxing work for other situations too.
        if (args.files_name == NULL && args.arg_count == 1
                        && (opt_stdout || strcmp("-", args.arg_names[0]) == 0
-                               || opt_mode == MODE_LIST))
+                               || opt_mode == MODE_LIST)
+                               && !opt_recursive)
                io_allow_sandbox();
 #endif