| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2024-02-17 | xz: Use stricter pledge(2) and Landlock sandbox. | Lasse Collin | 1 | -0/+4 | |
| This makes these sandboxing methods stricter when no files are created or deleted. That is, it's a middle ground between the initial sandbox and the strictest single-file-to-stdout sandbox: this allows opening files for reading but output has to go to stdout. | |||||
| 2024-02-17 | xz: Move sandboxing code to sandbox.c and improve Landlock sandbox. | Lasse Collin | 1 | -0/+39 | |
| Landlock is now always used just like pledge(2) is: first in more permissive mode and later (under certain common conditions) in a strict mode that doesn't allow opening more files. I put pledge(2) first in sandbox.c because it's the simplest API to use and still somewhat fine-grained for basic applications. So it's the simplest thing to understand for anyone reading sandbox.c. | |||||
 |
index : xz.git | |
| XZ Utils | Lasse Collin |
| aboutsummaryrefslogtreecommitdiff |