fix edge cases

src/commands/decompress.rs

@@ -319,6 +319,8 @@ fn execute_decompression(
 ) -> crate::Result<ControlFlow<(), usize>> {
 
     // init landlock sandbox to restrict file system write access to output_dir
+    // The output directory iseither specified with the -d option or the current working directory is used
+    // TODO: restrict acess to the current working directory to allow only creating new files
     landlock::init_sandbox(Some(output_dir));
 
     if is_smart_unpack {
@@ -384,6 +386,9 @@ fn smart_unpack(
         nice_directory_display(temp_dir_path)
     ));
 
+    //first attempt to restict to the tmp file and allow only to rename it in the parent 
+    //landlock::init_sandbox(Some(temp_dir_path));
+
     let files = unpack_fn(temp_dir_path)?;
 
     let root_contains_only_one_element = fs::read_dir(temp_dir_path)?.take(2).count() == 1;

src/commands/list.rs

@@ -25,9 +25,8 @@ pub fn list_archive_contents(
     password: Option<&[u8]>,
 ) -> crate::Result<()> {
 
-    // Initialize landlock sandbox with empty write path
+    // Initialize landlock sandbox with write access restricted to /tmp as required by some formats
-    // This allows only read access to the filesystem
+    landlock::init_sandbox(Some(Path::new("/tmp")));
-    landlock::init_sandbox(None);
 
     let reader = fs::File::open(archive_path)?;