aboutsummaryrefslogtreecommitdiff
path: root/src/xz/private.h
diff options
context:
space:
mode:
authorLasse Collin <lasse.collin@tukaani.org>2023-10-09 22:07:52 +0300
committerLasse Collin <lasse.collin@tukaani.org>2023-10-22 19:03:52 +0300
commit8276c7f41c671eee4aa3239490658b23dcfd3021 (patch)
tree0ea5a10ee423725d55b888281678784da2bb5aac /src/xz/private.h
parentCMake: Edit threading related messages. (diff)
downloadxz-8276c7f41c671eee4aa3239490658b23dcfd3021.tar.xz
xz: Support basic sandboxing with Linux Landlock (ABI versions 1-3).
It is enabled only when decompressing one file to stdout, similar to how Capsicum is used. Landlock was added in Linux 5.13.
Diffstat (limited to 'src/xz/private.h')
-rw-r--r--src/xz/private.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/xz/private.h b/src/xz/private.h
index ddcc103c..b822b944 100644
--- a/src/xz/private.h
+++ b/src/xz/private.h
@@ -52,7 +52,8 @@
# define STDERR_FILENO (fileno(stderr))
#endif
-#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE)
+#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE) \
+ || defined(HAVE_LINUX_LANDLOCK_H)
# define ENABLE_SANDBOX 1
#endif