[clang] [llvm] [clang] Allow enabling sandbox for direct `-cc1` invocations (PR #174653)
Ben Langmuir via cfe-commits
cfe-commits at lists.llvm.org
Wed Jan 7 09:53:34 PST 2026
================
@@ -264,8 +265,10 @@ int clang_main(int Argc, char **Argv, const llvm::ToolContext &ToolContext) {
}
// Handle -cc1 integrated tools.
- if (Args.size() >= 2 && StringRef(Args[1]).starts_with("-cc1"))
+ if (Args.size() >= 2 && StringRef(Args[1]).starts_with("-cc1")) {
+ auto EnableSandbox = llvm::sys::sandbox::scopedEnable();
----------------
benlangmuir wrote:
For some reason I thought you reverted the change to handle this in CC1Command, which is why I thought we were missing a case.
Your point about crash recovery is convincing, so I suggest for now at least we just add a comment here to say that the integrated cc1 is handled in `CC1Command::Execute` in order to handle crash recovery correctly. Otherwise LGTM
https://github.com/llvm/llvm-project/pull/174653
More information about the cfe-commits
mailing list