complete decompress and list commands

src/commands/decompress.rs

@@ -319,7 +319,7 @@ fn execute_decompression(
 ) -> crate::Result<ControlFlow<(), usize>> {
 
     // init landlock sandbox to restrict file system write access to output_dir
-    landlock::init_sandbox(output_dir);
+    landlock::init_sandbox(Some(output_dir));
 
     if is_smart_unpack {
         return smart_unpack(unpack_fn, output_dir, output_file_path, question_policy);

src/commands/list.rs

@@ -27,7 +27,7 @@ pub fn list_archive_contents(
 
     // Initialize landlock sandbox with empty write path
     // This allows only read access to the filesystem
-    //landlock::init_sandbox(None);
+    landlock::init_sandbox(None);
 
     let reader = fs::File::open(archive_path)?;
 

src/utils/landlock.rs

@@ -77,7 +77,7 @@ fn restrict_paths(hierarchies: &[&str]) -> Result<RestrictionStatus, MyRestrictE
 }
 
 
-pub fn init_sandbox(allowed_dir: &Path) {
+pub fn init_sandbox(allowed_dir: Option<&Path>) {
 
     if std::env::var("CI").is_ok() {
        return;
@@ -85,21 +85,27 @@ pub fn init_sandbox(allowed_dir: &Path) {
 
 
     if is_landlock_supported() {
-
+        let status = if let Some(allowed_dir) = allowed_dir {
             let path_str = allowed_dir.to_str().expect("Cannot convert path");
+            restrict_paths(&[path_str])
+        } else {
+            restrict_paths(&[])
+        };
 
-        match restrict_paths(&[path_str]) {
-            Ok(status) => {
+        match status {
+            Ok(_status) => {
                 //check
             }
-            Err(e) => {
+            Err(_e) => {
                 //log warning
                 std::process::exit(EXIT_FAILURE);
             }
         }
     } else {
-//        warn!("Landlock is NOT supported on this platform or kernel (<5.19).");
+        // warn!("Landlock is NOT supported on this platform or kernel (<5.19).");
     }
 
+
+
 }