complete disable-sandbox option

2025-07-18 23:50:35 +00:00 · 2025-07-12 17:25:25 +02:00 · 2025-07-12 17:25:25 +02:00 · 78b993c500
commit 78b993c500
parent 7f0d1e72ec
3 changed files with 11 additions and 3 deletions
--- a/src/cli/args.rs
+++ b/src/cli/args.rs
@ -51,7 +51,7 @@ pub struct CliArgs {

    /// Disable the sandbox feature
    #[arg(long, global = true)]
-    pub no_sandbox: bool,
+    pub disable_sandbox: bool,

    // Ouch and claps subcommands
    #[command(subcommand)]
--- a/src/commands/decompress.rs
+++ b/src/commands/decompress.rs
@ -40,6 +40,7 @@ pub struct DecompressOptions<'a> {
    pub quiet: bool,
    pub password: Option<&'a [u8]>,
    pub remove: bool,
+    pub disable_sandbox: bool,
 }

 /// Decompress a file
@ -80,6 +81,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
            options.question_policy,
            options.is_output_dir_provided,
            options.is_smart_unpack,
+            options.disable_sandbox,
        )? {
            files
        } else {
@ -169,6 +171,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
                options.question_policy,
                options.is_output_dir_provided,
                options.is_smart_unpack,
+                options.disable_sandbox,
            )? {
                files
            } else {
@ -204,6 +207,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
                options.question_policy,
                options.is_output_dir_provided,
                options.is_smart_unpack,
+                options.disable_sandbox,
            )? {
                files
            } else {
@ -237,6 +241,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
                options.question_policy,
                options.is_output_dir_provided,
                options.is_smart_unpack,
+                options.disable_sandbox,
            )? {
                files
            } else {
@ -280,6 +285,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
                options.question_policy,
                options.is_output_dir_provided,
                options.is_smart_unpack,
+                options.disable_sandbox,
            )? {
                files
            } else {
@ -316,6 +322,7 @@ fn execute_decompression(
    question_policy: QuestionPolicy,
    is_output_dir_provided: bool,
    is_smart_unpack: bool,
+    disable_sandbox: bool,
 ) -> crate::Result<ControlFlow<(), usize>> {

    // init landlock sandbox to restrict file system write access to output_dir
@ -330,7 +337,7 @@ fn execute_decompression(
    //} else {
    //}
    
-    //landlock::init_sandbox(&[output_dir]);
+    landlock::init_sandbox(&[output_dir], disable_sandbox);
    

    if is_smart_unpack {
--- a/src/commands/mod.rs
+++ b/src/commands/mod.rs
@ -216,6 +216,7 @@ pub fn run(
                            <[u8] as ByteSlice>::from_os_str(str).expect("convert password to bytes failed")
                        }),
                        remove,
+                        disable_sandbox: args.disable_sandbox,
                    })
                })
        }
@ -257,7 +258,7 @@ pub fn run(
                    args.password
                        .as_deref()
                        .map(|str| <[u8] as ByteSlice>::from_os_str(str).expect("convert password to bytes failed")),
-                    args.no_sandbox,
+                    args.disable_sandbox,
                )?;

            }