mirror of https://git.tukaani.org/xz.git
xzdec: Tweak coding style and comments.
This commit is contained in:
parent
408b6adb2a
commit
2739db9810
|
@ -313,10 +313,12 @@ sandbox_enter(int src_fd)
|
||||||
STDIN_FILENO, cap_rights_clear(&rights)))
|
STDIN_FILENO, cap_rights_clear(&rights)))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights, CAP_WRITE)))
|
if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
|
||||||
|
CAP_WRITE)))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights, CAP_WRITE)))
|
if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights,
|
||||||
|
CAP_WRITE)))
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
#elif defined(HAVE_PLEDGE)
|
#elif defined(HAVE_PLEDGE)
|
||||||
|
@ -325,6 +327,7 @@ sandbox_enter(int src_fd)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
(void)src_fd;
|
(void)src_fd;
|
||||||
|
|
||||||
#elif defined(HAVE_LINUX_LANDLOCK)
|
#elif defined(HAVE_LINUX_LANDLOCK)
|
||||||
int landlock_abi = syscall(SYS_landlock_create_ruleset,
|
int landlock_abi = syscall(SYS_landlock_create_ruleset,
|
||||||
(void *)NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
|
(void *)NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
|
||||||
|
@ -351,6 +354,7 @@ sandbox_enter(int src_fd)
|
||||||
}
|
}
|
||||||
|
|
||||||
(void)src_fd;
|
(void)src_fd;
|
||||||
|
|
||||||
#else
|
#else
|
||||||
# error ENABLE_SANDBOX is defined but no sandboxing method was found.
|
# error ENABLE_SANDBOX is defined but no sandboxing method was found.
|
||||||
#endif
|
#endif
|
||||||
|
@ -367,6 +371,7 @@ error:
|
||||||
if (errno == ENOSYS)
|
if (errno == ENOSYS)
|
||||||
return;
|
return;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
my_errorf("Failed to enable the sandbox");
|
my_errorf("Failed to enable the sandbox");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
@ -390,8 +395,14 @@ main(int argc, char **argv)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_LINUX_LANDLOCK
|
#ifdef HAVE_LINUX_LANDLOCK
|
||||||
// Prevent the process from gaining new privileges. The return
|
// Prevent the process from gaining new privileges. This must be done
|
||||||
// is ignored to keep compatibility with old kernels.
|
// before landlock_restrict_self(2) but since we will never need new
|
||||||
|
// privileges, this call can be done here already.
|
||||||
|
//
|
||||||
|
// This is supported since Linux 3.5. Ignore the return value to
|
||||||
|
// keep compatibility with old kernels. landlock_restrict_self(2)
|
||||||
|
// will fail if the no_new_privs attribute isn't set, thus if prctl()
|
||||||
|
// fails here the error will still be detected when it matters.
|
||||||
(void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
|
(void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -438,19 +449,18 @@ main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#ifdef ENABLE_SANDBOX
|
#ifdef ENABLE_SANDBOX
|
||||||
// Enable the sandbox for the last file. When the
|
// Enable the strict sandbox for the last file.
|
||||||
// strict sandbox is enabled the process can no
|
// Then the process can no longer open additional
|
||||||
// longer open additional files. It is likely that
|
// files. The typical xzdec use case is to decompress
|
||||||
// the most common way to use xzdec is to
|
// a single file so this way the strictest sandboxing
|
||||||
// decompress a single file, so this fully protects
|
// is used in most cases.
|
||||||
// most use cases.
|
|
||||||
if (optind == argc - 1)
|
if (optind == argc - 1)
|
||||||
sandbox_enter(fileno(src_file));
|
sandbox_enter(fileno(src_file));
|
||||||
#endif
|
#endif
|
||||||
uncompress(&strm, src_file, src_name);
|
uncompress(&strm, src_file, src_name);
|
||||||
|
|
||||||
if (src_file != stdin)
|
if (src_file != stdin)
|
||||||
fclose(src_file);
|
(void)fclose(src_file);
|
||||||
} while (++optind < argc);
|
} while (++optind < argc);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue