[pacman-dev] [PATCH] Add optional sandboxing when downloading files
Allan McRae
allan at archlinux.org
Fri Sep 3 02:47:46 UTC 2021
On 3/9/21 11:58 am, Andrew Gregory wrote:
> On 08/30/21 at 11:37am, Remi Gacogne wrote:
>> ---
>> lib/libalpm/alpm.h | 10 ++
>> lib/libalpm/alpm_sandbox.c | 341 +++++++++++++++++++++++++++++++++++++
>> lib/libalpm/alpm_sandbox.h | 31 ++++
>> lib/libalpm/dload.c | 83 ++++++++-
>> lib/libalpm/handle.c | 20 +++
>> lib/libalpm/handle.h | 2 +
>> lib/libalpm/meson.build | 1 +
>> meson.build | 11 +-
>> src/pacman/conf.c | 23 ++-
>> src/pacman/conf.h | 2 +
>> src/pacman/pacman-conf.c | 6 +
>> 11 files changed, 526 insertions(+), 4 deletions(-)
>> create mode 100644 lib/libalpm/alpm_sandbox.c
>> create mode 100644 lib/libalpm/alpm_sandbox.h
>
> This is a lot. Let's focus on the portable user switching first; if that gets
> merged we can look at adding the extra Linux-specific stuff.
I was just writing the same thing!
Other general comments:
Rename alpm_sandbox.c to sandbox.c. We don't need the prefix for a file
inside the library.
Split out the libseccomp setup to sandbox-linux.c. I realise we mostly
support Linux, but this will save this file becoming a mass of #ifdef if
other operating systems add something similar.
Allan
More information about the pacman-dev
mailing list