aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJia Tan <jiat0218@gmail.com>2024-02-26 23:02:06 +0800
committerJia Tan <jiat0218@gmail.com>2024-02-26 23:27:44 +0800
commit328c52da8a2bbb81307644efdb58db2c422d9ba7 (patch)
treecaf438280ef7b833814ab606e8696a17c517fec1 /src
parentTests: Add test_microlzma to .gitignore and CMakeLists.txt. (diff)
downloadxz-328c52da8a2bbb81307644efdb58db2c422d9ba7.tar.xz
Build: Fix Linux Landlock feature test in Autotools and CMake builds.
The previous Linux Landlock feature test assumed that having the linux/landlock.h header file was enough. The new feature tests also requires that prctl() and the required Landlock system calls are supported.
Diffstat (limited to 'src')
-rw-r--r--src/xz/sandbox.c2
-rw-r--r--src/xz/sandbox.h2
-rw-r--r--src/xzdec/xzdec.c8
3 files changed, 6 insertions, 6 deletions
diff --git a/src/xz/sandbox.c b/src/xz/sandbox.c
index 3b3069c8..5bd22737 100644
--- a/src/xz/sandbox.c
+++ b/src/xz/sandbox.c
@@ -109,7 +109,7 @@ sandbox_enable_strict_if_allowed(int src_fd lzma_attribute((__unused__)),
}
-#elif defined(HAVE_LINUX_LANDLOCK_H)
+#elif defined(HAVE_LINUX_LANDLOCK)
//////////////
// Landlock //
diff --git a/src/xz/sandbox.h b/src/xz/sandbox.h
index f41b4725..98b9862a 100644
--- a/src/xz/sandbox.h
+++ b/src/xz/sandbox.h
@@ -9,7 +9,7 @@
//
///////////////////////////////////////////////////////////////////////////////
-#if defined(HAVE_PLEDGE) || defined(HAVE_LINUX_LANDLOCK_H) \
+#if defined(HAVE_PLEDGE) || defined(HAVE_LINUX_LANDLOCK) \
|| defined(HAVE_CAP_RIGHTS_LIMIT)
# define ENABLE_SANDBOX 1
#endif
diff --git a/src/xzdec/xzdec.c b/src/xzdec/xzdec.c
index 6fd0be39..ef8c80f3 100644
--- a/src/xzdec/xzdec.c
+++ b/src/xzdec/xzdec.c
@@ -24,14 +24,14 @@
# include <sys/capsicum.h>
#endif
-#ifdef HAVE_LINUX_LANDLOCK_H
+#ifdef HAVE_LINUX_LANDLOCK
# include <linux/landlock.h>
# include <sys/prctl.h>
# include <sys/syscall.h>
#endif
#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE) \
- || defined(HAVE_LINUX_LANDLOCK_H)
+ || defined(HAVE_LINUX_LANDLOCK)
# define ENABLE_SANDBOX 1
#endif
@@ -325,7 +325,7 @@ sandbox_enter(int src_fd)
goto error;
(void)src_fd;
-#elif defined(HAVE_LINUX_LANDLOCK_H)
+#elif defined(HAVE_LINUX_LANDLOCK)
int landlock_abi = syscall(SYS_landlock_create_ruleset,
(void *)NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
@@ -389,7 +389,7 @@ main(int argc, char **argv)
}
#endif
-#ifdef HAVE_LINUX_LANDLOCK_H
+#ifdef HAVE_LINUX_LANDLOCK
// Prevent the process from gaining new privileges. The return
// is ignored to keep compatibility with old kernels.
(void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);