On 3/9/21 11:58 am, Andrew Gregory wrote:
On 08/30/21 at 11:37am, Remi Gacogne wrote:
--- lib/libalpm/alpm.h | 10 ++ lib/libalpm/alpm_sandbox.c | 341 +++++++++++++++++++++++++++++++++++++ lib/libalpm/alpm_sandbox.h | 31 ++++ lib/libalpm/dload.c | 83 ++++++++- lib/libalpm/handle.c | 20 +++ lib/libalpm/handle.h | 2 + lib/libalpm/meson.build | 1 + meson.build | 11 +- src/pacman/conf.c | 23 ++- src/pacman/conf.h | 2 + src/pacman/pacman-conf.c | 6 + 11 files changed, 526 insertions(+), 4 deletions(-) create mode 100644 lib/libalpm/alpm_sandbox.c create mode 100644 lib/libalpm/alpm_sandbox.h
This is a lot. Let's focus on the portable user switching first; if that gets merged we can look at adding the extra Linux-specific stuff.
I was just writing the same thing! Other general comments: Rename alpm_sandbox.c to sandbox.c. We don't need the prefix for a file inside the library. Split out the libseccomp setup to sandbox-linux.c. I realise we mostly support Linux, but this will save this file becoming a mass of #ifdef if other operating systems add something similar. Allan