On 3/9/21 11:58 am, Andrew Gregory wrote: > On 08/30/21 at 11:37am, Remi Gacogne wrote: >> --- >> lib/libalpm/alpm.h | 10 ++ >> lib/libalpm/alpm_sandbox.c | 341 +++++++++++++++++++++++++++++++++++++ >> lib/libalpm/alpm_sandbox.h | 31 ++++ >> lib/libalpm/dload.c | 83 ++++++++- >> lib/libalpm/handle.c | 20 +++ >> lib/libalpm/handle.h | 2 + >> lib/libalpm/meson.build | 1 + >> meson.build | 11 +- >> src/pacman/conf.c | 23 ++- >> src/pacman/conf.h | 2 + >> src/pacman/pacman-conf.c | 6 + >> 11 files changed, 526 insertions(+), 4 deletions(-) >> create mode 100644 lib/libalpm/alpm_sandbox.c >> create mode 100644 lib/libalpm/alpm_sandbox.h > > This is a lot. Let's focus on the portable user switching first; if that gets > merged we can look at adding the extra Linux-specific stuff.
I was just writing the same thing! Other general comments: Rename alpm_sandbox.c to sandbox.c. We don't need the prefix for a file inside the library. Split out the libseccomp setup to sandbox-linux.c. I realise we mostly support Linux, but this will save this file becoming a mass of #ifdef if other operating systems add something similar. Allan
