diff options
| author | Lasse Collin <lasse.collin@tukaani.org> | 2015-03-31 22:19:34 +0300 |
|---|---|---|
| committer | Lasse Collin <lasse.collin@tukaani.org> | 2015-03-31 22:19:34 +0300 |
| commit | 1238381143a9a7ce84839c2582ccd56ff750a440 (patch) | |
| tree | 83f309268f623840648babfdf2e64a7f5cce5167 /src/xz/file_io.h | |
| parent | Fix bugs and otherwise improve ax_check_capsicum.m4. (diff) | |
| download | xz-1238381143a9a7ce84839c2582ccd56ff750a440.tar.xz | |
xz: Add support for sandboxing with Capsicum.
The sandboxing is used conditionally as described in main.c.
This isn't optimal but it was much easier to implement than
a full sandboxing solution and it still covers the most common
use cases where xz is writing to standard output. This should
have practically no effect on performance even with small files
as fork() isn't needed.
C and locale libraries can open files as needed. This has been
fine in the past, but it's a problem with things like Capsicum.
io_sandbox_enter() tries to ensure that various locale-related
files have been loaded before cap_enter() is called, but it's
possible that there are other similar problems which haven't
been seen yet.
Currently Capsicum is available on FreeBSD 10 and later
and there is a port to Linux too.
Thanks to Loganaden Velvindron for help.
Diffstat (limited to 'src/xz/file_io.h')
| -rw-r--r-- | src/xz/file_io.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/xz/file_io.h b/src/xz/file_io.h index 2de33792..6722aef8 100644 --- a/src/xz/file_io.h +++ b/src/xz/file_io.h @@ -80,6 +80,12 @@ extern void io_write_to_user_abort_pipe(void); extern void io_no_sparse(void); +#ifdef ENABLE_SANDBOX +/// \brief main() calls this if conditions for sandboxing have been met. +extern void io_allow_sandbox(void); +#endif + + /// \brief Open the source file extern file_pair *io_open_src(const char *src_name); |