From 6b4b815b9488dc444f0bcfdab41b626f57dbd613 Mon Sep 17 00:00:00 2001
From: Jia Tan <jiat0218@gmail.com>
Date: Wed, 1 Nov 2023 14:58:24 +0800
Subject: [PATCH] xz: Disable sandbox when recursive mode is used.

The sandbox is very restrictive when one file is being encoded/decoded
to standard out. In recursive mode, processing a directory requires
opening sub-files and sub-directories which would not be allowed under
the sandbox.
---
 src/xz/main.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/xz/main.c b/src/xz/main.c
index 72731788..5913469b 100644
--- a/src/xz/main.c
+++ b/src/xz/main.c
@@ -455,7 +455,8 @@ main(int argc, char **argv)
 	// TODO: Make sandboxing work for other situations too.
 	if (args.files_name == NULL && args.arg_count == 1
 			&& (opt_stdout || strcmp("-", args.arg_names[0]) == 0
-				|| opt_mode == MODE_LIST))
+				|| opt_mode == MODE_LIST)
+				&& !opt_recursive)
 		io_allow_sandbox();
 #endif