Remove old code from Landlock Make

2025-07-06 11:18:30 +00:00 · 2022-11-02 00:55:05 -07:00 · 2022-11-02 00:55:05 -07:00 · bd6069deb5
commit bd6069deb5
parent e9735a7738
1 changed files with 25 additions and 67 deletions
--- a/third_party/make/job.c
+++ b/third_party/make/job.c
@ -2160,30 +2160,6 @@ child_execute_job (struct childbase *child,
    {
      errno = 0;
      if (sandboxed)
-        {
-          if (!strict && argv[0][0] == '/' && IsDynamicExecutable (argv[0]))
-            {
-              /*
-               * weaken sandbox if user is using dynamic shared lolbjects
-               */
-              RETURN_ON_ERROR (Unveil ("/bin", "rx"));
-              RETURN_ON_ERROR (Unveil ("/lib", "rx"));
-              RETURN_ON_ERROR (Unveil ("/lib64", "rx"));
-              RETURN_ON_ERROR (Unveil ("/usr/bin", "rx"));
-              RETURN_ON_ERROR (Unveil ("/usr/lib", "rx"));
-              RETURN_ON_ERROR (Unveil ("/usr/lib64", "rx"));
-              RETURN_ON_ERROR (Unveil ("/usr/local/lib", "rx"));
-              RETURN_ON_ERROR (Unveil ("/usr/local/lib64", "rx"));
-              RETURN_ON_ERROR (Unveil ("/etc/ld-musl-x86_64.path", "r"));
-              RETURN_ON_ERROR (Unveil ("/etc/ld.so.conf", "r"));
-              RETURN_ON_ERROR (Unveil ("/etc/ld.so.cache", "r"));
-              RETURN_ON_ERROR (Unveil ("/etc/ld.so.conf.d", "r"));
-              RETURN_ON_ERROR (Unveil ("/etc/ld.so.preload", "r"));
-              RETURN_ON_ERROR (Unveil ("/usr/include", "r"));
-              RETURN_ON_ERROR (Unveil ("/usr/share/locale", "r"));
-              RETURN_ON_ERROR (Unveil ("/usr/share/locale-langpack", "r"));
-            }
-          else
        {
          /*
           * permit launching actually portable executables
@ -2214,7 +2190,6 @@ child_execute_job (struct childbase *child,
              free (t);
            }
          }
-            }

          /* Unveil executable.  */
          RETURN_ON_ERROR (Unveil (argv[0], "rx"));
@ -2223,23 +2198,6 @@ child_execute_job (struct childbase *child,
          if (c->tmpdir)
            RETURN_ON_ERROR (Unveil (c->tmpdir, "rwcx"));

-          /* Unveil lazy mode files.  */
-          if (!strict)
-            {
-              RETURN_ON_ERROR (Unveil ("/tmp", "rwc"));
-              RETURN_ON_ERROR (Unveil ("/dev/zero", "r"));
-              RETURN_ON_ERROR (Unveil ("/dev/null", "rw"));
-              RETURN_ON_ERROR (Unveil ("/dev/full", "rw"));
-              RETURN_ON_ERROR (Unveil ("/dev/stdin", "rw"));
-              RETURN_ON_ERROR (Unveil ("/dev/stdout", "rw"));
-              RETURN_ON_ERROR (Unveil ("/dev/stderr", "rw"));
-              RETURN_ON_ERROR (Unveil ("/etc/hosts", "r"));
-            }
-
-          /* Unveil .PLEDGE = tmppath.  */
-          if (!strict && promises && (~ipromises & (1ul << PROMISE_TMPPATH)))
-            RETURN_ON_ERROR (Unveil ("/tmp", "rwc"));
-
          /* Unveil .PLEDGE = vminfo.  */
          if (promises && (~ipromises & (1ul << PROMISE_VMINFO)))
            {