diff options
author | Jia Tan <jiat0218@gmail.com> | 2024-02-26 23:02:06 +0800 |
---|---|---|
committer | Jia Tan <jiat0218@gmail.com> | 2024-02-26 23:27:44 +0800 |
commit | 328c52da8a2bbb81307644efdb58db2c422d9ba7 (patch) | |
tree | caf438280ef7b833814ab606e8696a17c517fec1 /src | |
parent | Tests: Add test_microlzma to .gitignore and CMakeLists.txt. (diff) | |
download | xz-328c52da8a2bbb81307644efdb58db2c422d9ba7.tar.xz |
Build: Fix Linux Landlock feature test in Autotools and CMake builds.
The previous Linux Landlock feature test assumed that having the
linux/landlock.h header file was enough. The new feature tests also
requires that prctl() and the required Landlock system calls are
supported.
Diffstat (limited to 'src')
-rw-r--r-- | src/xz/sandbox.c | 2 | ||||
-rw-r--r-- | src/xz/sandbox.h | 2 | ||||
-rw-r--r-- | src/xzdec/xzdec.c | 8 |
3 files changed, 6 insertions, 6 deletions
diff --git a/src/xz/sandbox.c b/src/xz/sandbox.c index 3b3069c8..5bd22737 100644 --- a/src/xz/sandbox.c +++ b/src/xz/sandbox.c @@ -109,7 +109,7 @@ sandbox_enable_strict_if_allowed(int src_fd lzma_attribute((__unused__)), } -#elif defined(HAVE_LINUX_LANDLOCK_H) +#elif defined(HAVE_LINUX_LANDLOCK) ////////////// // Landlock // diff --git a/src/xz/sandbox.h b/src/xz/sandbox.h index f41b4725..98b9862a 100644 --- a/src/xz/sandbox.h +++ b/src/xz/sandbox.h @@ -9,7 +9,7 @@ // /////////////////////////////////////////////////////////////////////////////// -#if defined(HAVE_PLEDGE) || defined(HAVE_LINUX_LANDLOCK_H) \ +#if defined(HAVE_PLEDGE) || defined(HAVE_LINUX_LANDLOCK) \ || defined(HAVE_CAP_RIGHTS_LIMIT) # define ENABLE_SANDBOX 1 #endif diff --git a/src/xzdec/xzdec.c b/src/xzdec/xzdec.c index 6fd0be39..ef8c80f3 100644 --- a/src/xzdec/xzdec.c +++ b/src/xzdec/xzdec.c @@ -24,14 +24,14 @@ # include <sys/capsicum.h> #endif -#ifdef HAVE_LINUX_LANDLOCK_H +#ifdef HAVE_LINUX_LANDLOCK # include <linux/landlock.h> # include <sys/prctl.h> # include <sys/syscall.h> #endif #if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE) \ - || defined(HAVE_LINUX_LANDLOCK_H) + || defined(HAVE_LINUX_LANDLOCK) # define ENABLE_SANDBOX 1 #endif @@ -325,7 +325,7 @@ sandbox_enter(int src_fd) goto error; (void)src_fd; -#elif defined(HAVE_LINUX_LANDLOCK_H) +#elif defined(HAVE_LINUX_LANDLOCK) int landlock_abi = syscall(SYS_landlock_create_ruleset, (void *)NULL, 0, LANDLOCK_CREATE_RULESET_VERSION); @@ -389,7 +389,7 @@ main(int argc, char **argv) } #endif -#ifdef HAVE_LINUX_LANDLOCK_H +#ifdef HAVE_LINUX_LANDLOCK // Prevent the process from gaining new privileges. The return // is ignored to keep compatibility with old kernels. (void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); |