diff --git a/src/commands/decompress.rs b/src/commands/decompress.rs index 0885f8c..bbfc0ef 100644 --- a/src/commands/decompress.rs +++ b/src/commands/decompress.rs @@ -319,7 +319,7 @@ fn execute_decompression( ) -> crate::Result> { // init landlock sandbox to restrict file system write access to output_dir - landlock::init_sandbox(output_dir); + landlock::init_sandbox(Some(output_dir)); if is_smart_unpack { return smart_unpack(unpack_fn, output_dir, output_file_path, question_policy); diff --git a/src/commands/list.rs b/src/commands/list.rs index 4fafec7..5042958 100644 --- a/src/commands/list.rs +++ b/src/commands/list.rs @@ -27,7 +27,7 @@ pub fn list_archive_contents( // Initialize landlock sandbox with empty write path // This allows only read access to the filesystem - //landlock::init_sandbox(None); + landlock::init_sandbox(None); let reader = fs::File::open(archive_path)?; diff --git a/src/utils/landlock.rs b/src/utils/landlock.rs index e7f256c..f9d11a5 100644 --- a/src/utils/landlock.rs +++ b/src/utils/landlock.rs @@ -77,7 +77,7 @@ fn restrict_paths(hierarchies: &[&str]) -> Result) { if std::env::var("CI").is_ok() { return; @@ -85,21 +85,27 @@ pub fn init_sandbox(allowed_dir: &Path) { if is_landlock_supported() { + let status = if let Some(allowed_dir) = allowed_dir { + let path_str = allowed_dir.to_str().expect("Cannot convert path"); + restrict_paths(&[path_str]) + } else { + restrict_paths(&[]) + }; - let path_str = allowed_dir.to_str().expect("Cannot convert path"); - - match restrict_paths(&[path_str]) { - Ok(status) => { + match status { + Ok(_status) => { //check } - Err(e) => { + Err(_e) => { //log warning std::process::exit(EXIT_FAILURE); } } } else { -// warn!("Landlock is NOT supported on this platform or kernel (<5.19)."); + // warn!("Landlock is NOT supported on this platform or kernel (<5.19)."); } + + }