[clang] [llvm] [llvm][clang] Sandbox filesystem reads (PR #165350)
Ben Langmuir via llvm-commits
llvm-commits at lists.llvm.org
Thu Nov 6 15:10:02 PST 2025
================
@@ -399,10 +422,14 @@ void RealFileSystem::printImpl(raw_ostream &OS, PrintType Type,
IntrusiveRefCntPtr<FileSystem> vfs::getRealFileSystem() {
static IntrusiveRefCntPtr<FileSystem> FS =
makeIntrusiveRefCnt<RealFileSystem>(true);
+ sys::sandbox::violationIfEnabled();
----------------
benlangmuir wrote:
We should document that this and `createPhysicalFileSystem` can only be used outside the sandbox. I think it is a bit less obvious than for the low level operations.
https://github.com/llvm/llvm-project/pull/165350
More information about the llvm-commits
mailing list