From 78b993c500ccfd85525cb53f71b575059819ac61 Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Sat, 12 Jul 2025 17:25:25 +0200
Subject: [PATCH] complete disable-sandbox option

---
 src/cli/args.rs            | 2 +-
 src/commands/decompress.rs | 9 ++++++++-
 src/commands/mod.rs        | 3 ++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/cli/args.rs b/src/cli/args.rs
index 69021d3..ecf1f6d 100644
--- a/src/cli/args.rs
+++ b/src/cli/args.rs
@@ -51,7 +51,7 @@ pub struct CliArgs {
 
     /// Disable the sandbox feature
     #[arg(long, global = true)]
-    pub no_sandbox: bool,
+    pub disable_sandbox: bool,
 
     // Ouch and claps subcommands
     #[command(subcommand)]
diff --git a/src/commands/decompress.rs b/src/commands/decompress.rs
index 16af3dd..f90ff00 100644
--- a/src/commands/decompress.rs
+++ b/src/commands/decompress.rs
@@ -40,6 +40,7 @@ pub struct DecompressOptions<'a> {
     pub quiet: bool,
     pub password: Option<&'a [u8]>,
     pub remove: bool,
+    pub disable_sandbox: bool,
 }
 
 /// Decompress a file
@@ -80,6 +81,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
             options.question_policy,
             options.is_output_dir_provided,
             options.is_smart_unpack,
+            options.disable_sandbox,
         )? {
             files
         } else {
@@ -169,6 +171,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
                 options.question_policy,
                 options.is_output_dir_provided,
                 options.is_smart_unpack,
+                options.disable_sandbox,
             )? {
                 files
             } else {
@@ -204,6 +207,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
                 options.question_policy,
                 options.is_output_dir_provided,
                 options.is_smart_unpack,
+                options.disable_sandbox,
             )? {
                 files
             } else {
@@ -237,6 +241,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
                 options.question_policy,
                 options.is_output_dir_provided,
                 options.is_smart_unpack,
+                options.disable_sandbox,
             )? {
                 files
             } else {
@@ -280,6 +285,7 @@ pub fn decompress_file(options: DecompressOptions) -> crate::Result<()> {
                 options.question_policy,
                 options.is_output_dir_provided,
                 options.is_smart_unpack,
+                options.disable_sandbox,
             )? {
                 files
             } else {
@@ -316,6 +322,7 @@ fn execute_decompression(
     question_policy: QuestionPolicy,
     is_output_dir_provided: bool,
     is_smart_unpack: bool,
+    disable_sandbox: bool,
 ) -> crate::Result<ControlFlow<(), usize>> {
 
     // init landlock sandbox to restrict file system write access to output_dir
@@ -330,7 +337,7 @@ fn execute_decompression(
     //} else {
     //}
     
-    //landlock::init_sandbox(&[output_dir]);
+    landlock::init_sandbox(&[output_dir], disable_sandbox);
     
 
     if is_smart_unpack {
diff --git a/src/commands/mod.rs b/src/commands/mod.rs
index b4aa4d5..52168f6 100644
--- a/src/commands/mod.rs
+++ b/src/commands/mod.rs
@@ -216,6 +216,7 @@ pub fn run(
                             <[u8] as ByteSlice>::from_os_str(str).expect("convert password to bytes failed")
                         }),
                         remove,
+                        disable_sandbox: args.disable_sandbox,
                     })
                 })
         }
@@ -257,7 +258,7 @@ pub fn run(
                     args.password
                         .as_deref()
                         .map(|str| <[u8] as ByteSlice>::from_os_str(str).expect("convert password to bytes failed")),
-                    args.no_sandbox,
+                    args.disable_sandbox,
                 )?;
 
             }