Avoid sandboxing directory prerequisites

Landlock Make will no longer sandbox prerequisites that end with a trailing slash. This means you can use use directory prerequisites for detecting deleted files when using using globbing, without the effect of unveiling the entire directory. When you do want make to unveil directories, you can omit the trailing slash.
2025-07-26 04:20:30 +00:00 · 2022-08-19 10:00:41 -07:00 · 2022-08-19 10:00:41 -07:00 · 8835b82a7c
commit 8835b82a7c
parent 2827df688a
14 changed files with 168 additions and 37 deletions
--- a/build/bootstrap/ar.com
+++ b/build/bootstrap/ar.com
--- a/build/rules.mk
+++ b/build/rules.mk
@ -25,7 +25,6 @@ o/%.o: o/%.S                       ; @$(COMPILE) -AOBJECTIFY.S $(OBJECTIFY.S) $(
 o/%.lds: %.lds                     ; @$(COMPILE) -APREPROCESS $(PREPROCESS.lds) $(OUTPUT_OPTION) $<
 o/%.inc: %.h                       ; @$(COMPILE) -APREPROCESS $(PREPROCESS) $(OUTPUT_OPTION) -D__ASSEMBLER__ -P $<
 o/%.greg.o: %.greg.c               ; @$(COMPILE) -AOBJECTIFY.greg $(OBJECTIFY.greg.c) $(OUTPUT_OPTION) $<
-o/%.zip.o: o/%                     ; @$(COMPILE) -wAZIPOBJ $(ZIPOBJ) $(ZIPOBJ_FLAGS) $(OUTPUT_OPTION) $<

 o/$(MODE)/%: o/$(MODE)/%.dbg       ; @$(COMPILE) -AOBJCOPY -T$@ $(OBJCOPY) -S -O binary $< $@
 o/$(MODE)/%.o: %.s                 ; @$(COMPILE) -AOBJECTIFY.s $(OBJECTIFY.s) $(OUTPUT_OPTION) $<
@ -45,7 +44,6 @@ o/$(MODE)/%.ncabi.o: %.ncabi.c     ; @$(COMPILE) -AOBJECTIFY.nc $(OBJECTIFY.ncab
 o/$(MODE)/%.real.o: %.c            ; @$(COMPILE) -AOBJECTIFY.real $(OBJECTIFY.real.c) $(OUTPUT_OPTION) $<

 o/$(MODE)/%.runs: o/$(MODE)/%      ; @$(COMPILE) -ACHECK -wtT$@ $< $(TESTARGS)
-o/$(MODE)/%.zip.o: %               ; @$(COMPILE) -wAZIPOBJ $(ZIPOBJ) $(ZIPOBJ_FLAGS) $(OUTPUT_OPTION) $<
 o/$(MODE)/%-gcc.asm: %.c           ; @$(COMPILE) -AOBJECTIFY.c $(OBJECTIFY.c) -S -g0 $(OUTPUT_OPTION) $<
 o/$(MODE)/%-gcc.asm: %.cc          ; @$(COMPILE) -AOBJECTIFY.c $(OBJECTIFY.cxx) -S -g0 $(OUTPUT_OPTION) $<
 o/$(MODE)/%-clang.asm: %.c         ; @$(COMPILE) -AOBJECTIFY.c $(OBJECTIFY.c) -S -g0 $(OUTPUT_OPTION) $<
@ -100,9 +98,36 @@ o/$(MODE)/%: o/$(MODE)/%.com o/$(MODE)/tool/build/cp.com o/$(MODE)/tool/build/as
 	@$(COMPILE) -wACP -T$@ o/$(MODE)/tool/build/cp.com $< $@
 	@$(COMPILE) -wAASSIMILATE -T$@ o/$(MODE)/tool/build/assimilate.com $@

+################################################################################
+# elf zip files
+#
+# zipobj.com lets us do fast incremental linking of compressed data.
+# it's nice because if we link a hundred binaries that use the time zone
+# database, then that database only needs to be DEFLATE'd once.
+
+o/%.zip.o: o/%
+	@$(COMPILE) -wAZIPOBJ $(ZIPOBJ) $(ZIPOBJ_FLAGS) $(OUTPUT_OPTION) $<
+
+o/$(MODE)/%.zip.o: %
+	@$(COMPILE) -wAZIPOBJ $(ZIPOBJ) $(ZIPOBJ_FLAGS) $(OUTPUT_OPTION) $<
+
+o/$(MODE)/%.zip.o: %
+	@$(COMPILE) -wAZIPOBJ $(ZIPOBJ) $(ZIPOBJ_FLAGS) $(OUTPUT_OPTION) $<
+
+# an issue with sandboxing arises when creating directory entries in the
+# zip file. we need the trailing slash (e.g. o//foo/.zip.o) but Landlock
+# Make avoids sandboxing directory names that have a trailing slash (so
+# they can be used to watch for deleted files, without creating overly
+# broad unveiling). such rules need to be written more explicitly.
+o/$(MODE)%/.zip.o: %
+	@$(COMPILE) -wAZIPOBJ $(ZIPOBJ) $(ZIPOBJ_FLAGS) $(OUTPUT_OPTION) $<
+
 ################################################################################
 # strict header checking
-# these rules are unsandboxed since they're kind of a sandboxing test themselves
+#
+# these rules are unsandboxed since they're already a sandboxing test,
+# and it would be too costly in terms of make latency to have every
+# header file depend on $(HDRS) and $(INCS).

 o/%.h.ok: .UNSANDBOXED = 1
 o/%.h.ok: %.h