[clang] [llvm] [clang] Allow enabling sandbox for direct `-cc1` invocations (PR #174653)
Ben Langmuir via cfe-commits
cfe-commits at lists.llvm.org
Tue Jan 6 13:41:37 PST 2026
================
@@ -264,8 +265,10 @@ int clang_main(int Argc, char **Argv, const llvm::ToolContext &ToolContext) {
}
// Handle -cc1 integrated tools.
- if (Args.size() >= 2 && StringRef(Args[1]).starts_with("-cc1"))
+ if (Args.size() >= 2 && StringRef(Args[1]).starts_with("-cc1")) {
+ auto EnableSandbox = llvm::sys::sandbox::scopedEnable();
----------------
benlangmuir wrote:
Should this move into `ExecuteCC1Tool`? IIUC your current patch has the opposite problem as the original and it will only apply when `-cc1` is executed in its own execution, whereas on some platforms, or with `-fintegrated-cc1` the default is to call `ExecuteCC1Tool` directly from the driver if possible.
https://github.com/llvm/llvm-project/pull/174653
More information about the cfe-commits
mailing list