-
3a5ae573
by Allan McRae at 2025-10-10T19:05:23+10:00
Revert commits providing a default sandboxuser
Reverts commits 7ccf316ceb767ddbd2c967a529551a8c1a78a53e and
692f7a2cfec0eb8e96e682d536631034abea4d61.
-
25b64206
by Allan McRae at 2025-10-10T19:05:23+10:00
Record calling user ID in handle
This will be used to check for permissions when deciding to enable
features that require root access (e.g. sandboxing).
Signed-off-by: Allan McRae <allan@archlinux.org>
-
18e96ca3
by Allan McRae at 2025-10-10T19:05:23+10:00
Add utility function to check whether the sandbox should be used
Signed-off-by: Allan McRae <allan@archlinux.org>
-
2ae63606
by Allan McRae at 2025-10-10T19:05:23+10:00
Only use temporary directories for downloading when in the sandbox
Completely separating the sandbox and non-sandbox download setup
provides more flexibility for non-root users of libalpm, and
provides a proper "fix" for leftover download directories with
interupted downloads when not using the sandbox.
Signed-off-by: Allan McRae <allan@archlinux.org>
-
0fd09020
by morganamilo at 2025-10-10T19:05:23+10:00
libalpm: set errno and log when setting up temp download dir
Before:
% pacman -Syy
:: Synchronising package databases...
error: failed to synchronize all databases (unexpected error)
After:
% pacman -Syy
:: Synchronising package databases...
error: failed to create temporary download directory /var/lib/pacman/sync/download-P77oXs: Permission denied
error: failed to synchronize all databases (failed to retrieve some files)
Signed-off-by: Allan McRae <allan@archlinux.org>
-
c18e472e
by morganamilo at 2025-10-10T19:05:23+10:00
libalpm: add new errno for download initialization
The error string "failed to retrieve some files" implies that the
download may have begun and some files may have been partially
downloaded.
If we know no download actually took place we can be more clear about
this.
Signed-off-by: Allan McRae <allan@archlinux.org>
-
77611e7f
by Remi Gacogne at 2025-10-10T19:05:23+10:00
libalpm: Better error messages when landlock setup fails
As suggested by @l0kod in the comments of #167.
Signed-off-by: Allan McRae <allan@archlinux.org>
-
4f1561c3
by Remi Gacogne at 2025-10-10T19:05:23+10:00
libalpm: Capitalize "Landlock"
Signed-off-by: Allan McRae <allan@archlinux.org>
-
12a4efa0
by Remi Gacogne at 2025-10-10T19:05:23+10:00
libalpm: Failure to setup Landlock is an error
Signed-off-by: Allan McRae <allan@archlinux.org>
-
ba95143b
by Remi Gacogne at 2025-10-10T19:05:23+10:00
libalpm: Add an error message for seccomp setup failures
Signed-off-by: Allan McRae <allan@archlinux.org>
-
46461dc6
by Allan McRae at 2025-10-10T19:05:23+10:00
Remove sandbox "tests"
Landlock and syscall filtering never worked under fakeroot, so we were
effectively only testing the download directory creation with these
tests. Remove these tests so that we can make sandbox setup failures
into errors. While this reduced CI on that code path, it is also
likely the primary code path used by pacman developers, so will have
limited impact.
Signed-off-by: Allan McRae <allan@archlinux.org>
-
933cd290
by Allan McRae at 2025-10-10T19:05:23+10:00
Remove old TESTS file
Signed-off-by: Allan McRae <allan@archlinux.org>
-
eede4c36
by Remi Gacogne at 2025-10-10T19:05:23+10:00
libalpm: Failure to enable Landlock or seccomp is a download error
Signed-off-by: Allan McRae <allan@archlinux.org>
-
ee9a2d88
by Remi Gacogne at 2025-10-10T19:05:23+10:00
Add finegrained configuration and CLI options to control sandboxing
Add the "DisableSandboxFilesystem" and "DisableSandboxSyscalls"
configuration options to disable Landlock and syscall filtering
respectively. The "DisableSandbox" option becomes an alias for
disabling both the finegrained options. Also add similar command
line options.
Signed-off-by: Allan McRae <allan@archlinux.org>