From 8276c7f41c671eee4aa3239490658b23dcfd3021 Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Mon, 9 Oct 2023 22:07:52 +0300
Subject: xz: Support basic sandboxing with Linux Landlock (ABI versions 1-3).

It is enabled only when decompressing one file to stdout,
similar to how Capsicum is used.

Landlock was added in Linux 5.13.
---
 src/xz/private.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/xz/private.h')

diff --git a/src/xz/private.h b/src/xz/private.h
index ddcc103c..b822b944 100644
--- a/src/xz/private.h
+++ b/src/xz/private.h
@@ -52,7 +52,8 @@
 #	define STDERR_FILENO (fileno(stderr))
 #endif
 
-#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE)
+#if defined(HAVE_CAP_RIGHTS_LIMIT) || defined(HAVE_PLEDGE) \
+		|| defined(HAVE_LINUX_LANDLOCK_H)
 #	define ENABLE_SANDBOX 1
 #endif
 
-- 
cgit v1.2.3