diff options
author | Lasse Collin <lasse.collin@tukaani.org> | 2023-10-09 22:07:52 +0300 |
---|---|---|
committer | Lasse Collin <lasse.collin@tukaani.org> | 2023-10-22 19:03:52 +0300 |
commit | 8276c7f41c671eee4aa3239490658b23dcfd3021 (patch) | |
tree | 0ea5a10ee423725d55b888281678784da2bb5aac /src/xz/private.h | |
parent | CMake: Edit threading related messages. (diff) | |
download | xz-8276c7f41c671eee4aa3239490658b23dcfd3021.tar.xz |
xz: Support basic sandboxing with Linux Landlock (ABI versions 1-3).
It is enabled only when decompressing one file to stdout,
similar to how Capsicum is used.
Landlock was added in Linux 5.13.
Diffstat (limited to 'src/xz/private.h')
-rw-r--r-- | src/xz/private.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/xz/private.h b/src/xz/private.h index ddcc103c..b822b944 100644 --- a/src/xz/private.h +++ b/src/xz/private.h @@ -52,7 +52,8 @@ # define STDERR_FILENO (fileno(stderr)) #endif -#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE) +#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE) \ + || defined(HAVE_LINUX_LANDLOCK_H) # define ENABLE_SANDBOX 1 #endif |