1 files changed, 25 insertions, 2 deletions

diff --git a/src/xz/main.c b/src/xz/main.c
index 5608229d54c5..af550c4585d9 100644
--- a/src/xz/main.c
+++ b/src/xz/main.c
@@ -205,10 +205,31 @@ main(int argc, char **argv)
 	if (opt_mode != MODE_LIST)
 		signals_init();
 
+#ifdef ENABLE_SANDBOX
+	// Set a flag that sandboxing is allowed if all these are true:
+	//   - --files or --files0 wasn't used.
+	//   - There is exactly one input file or we are reading from stdin.
+	//   - We won't create any files: output goes to stdout or --test
+	//     or --list was used. Note that --test implies opt_stdout = true
+	//     but --list doesn't.
+	//
+	// This is obviously not ideal but it was easy to implement and
+	// it covers the most common use cases.
+	//
+	// TODO: Make sandboxing work for other situations too.
+	if (args.files_name == NULL && args.arg_count == 1
+			&& (opt_stdout || strcmp("-", args.arg_names[0]) == 0
+				|| opt_mode == MODE_LIST))
+		io_allow_sandbox();
+#endif
+
 	// coder_run() handles compression, decompression, and testing.
 	// list_file() is for --list.
-	void (*run)(const char *filename) = opt_mode == MODE_LIST
-			 ? &list_file : &coder_run;
+	void (*run)(const char *filename) = &coder_run;
+#ifdef HAVE_DECODERS
+	if (opt_mode == MODE_LIST)
+		run = &list_file;
+#endif
 
 	// Process the files given on the command line. Note that if no names
 	// were given, args_parse() gave us a fake "-" filename.
@@ -267,6 +288,7 @@ main(int argc, char **argv)
 			(void)fclose(args.files_file);
 	}
 
+#ifdef HAVE_DECODERS
 	// All files have now been handled. If in --list mode, display
 	// the totals before exiting. We don't have signal handlers
 	// enabled in --list mode, so we don't need to check user_abort.
@@ -274,6 +296,7 @@ main(int argc, char **argv)
 		assert(!user_abort);
 		list_totals();
 	}
+#endif
 
 #ifndef NDEBUG
 	coder_free();