xz: Move sandboxing code to sandbox.c and improve Landlock sandbox.

Landlock is now always used just like pledge(2) is: first in more permissive mode and later (under certain common conditions) in a strict mode that doesn't allow opening more files. I put pledge(2) first in sandbox.c because it's the simplest API to use and still somewhat fine-grained for basic applications. So it's the simplest thing to understand for anyone reading sandbox.c.
author: Lasse Collin <lasse.collin@tukaani.org> 2024-02-17 23:07:35 +0200
committer: Lasse Collin <lasse.collin@tukaani.org> 2024-02-17 23:07:35 +0200
commit: 374868d81d473ab56556a1cfd6b1b36a1fab348b (patch)
tree: 195da6ba1f931c4ec7783832428ea3c2bbcac2b5 /src/xz/private.h
parent: xz: Tweak comments. (diff)
download: xz-374868d81d473ab56556a1cfd6b1b36a1fab348b.tar.xz
1 files changed, 1 insertions, 5 deletions
diff --git a/src/xz/private.h b/src/xz/private.h
index 0ab2ab4e..b370472e 100644
--- a/src/xz/private.h
+++ b/src/xz/private.h
@@ -51,11 +51,6 @@
 #	define STDERR_FILENO (fileno(stderr))
 #endif
 
-#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE) \
-		|| defined(HAVE_LINUX_LANDLOCK_H)
-#	define ENABLE_SANDBOX 1
-#endif
-
 // Handling SIGTSTP keeps time-keeping for progress indicator correct
 // if xz is stopped. It requires use of clock_gettime() as that is
 // async-signal safe in POSIX. Require also SIGALRM support since
@@ -75,6 +70,7 @@
 #include "hardware.h"
 #include "file_io.h"
 #include "options.h"
+#include "sandbox.h"
 #include "signals.h"
 #include "suffix.h"
 #include "util.h"
author	Lasse Collin <lasse.collin@tukaani.org>	2024-02-17 23:07:35 +0200
committer	Lasse Collin <lasse.collin@tukaani.org>	2024-02-17 23:07:35 +0200
commit	374868d81d473ab56556a1cfd6b1b36a1fab348b (patch)
tree	195da6ba1f931c4ec7783832428ea3c2bbcac2b5 /src/xz/private.h
parent	xz: Tweak comments. (diff)
download	xz-374868d81d473ab56556a1cfd6b1b36a1fab348b.tar.xz