diff --git a/makefile b/makefile
index ace156c..d571813 100644
--- a/makefile
+++ b/makefile
@@ -3,19 +3,18 @@
 
 # Linux using GCC
 CXX=c++
-CXXFLAGS=-O2 -Wno-logical-op-parentheses -Wno-switch -Wno-dangling-else
+CXXFLAGS?=-O2 -Wno-switch -Wno-dangling-else
 LIBFLAGS=-fPIC
+LIBS=-lpthread -lseccomp
 DEFINES=-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DRAR_SMP
-STRIP=strip
 AR=ar
-LDFLAGS=-pthread
+LDFLAGS+=
 DESTDIR=/usr
 
 # Linux using LCC
 #CXX=lcc
 #CXXFLAGS=-O2
 #DEFINES=-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-#STRIP=strip
 #AR=ar
 #DESTDIR=/usr
 
@@ -24,7 +23,6 @@ DESTDIR=/usr
 #CXXFLAGS=-O2
 #LIBFLAGS=
 #DEFINES=-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DRAR_SMP
-#STRIP=strip
 #AR=ar
 #LDFLAGS=-pthread
 #DESTDIR=/usr
@@ -33,7 +31,6 @@ DESTDIR=/usr
 #CXX=aCC
 #CXXFLAGS=-AA +O2 +Onolimit
 #DEFINES=-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-#STRIP=strip
 #AR=ar
 #DESTDIR=/usr
 
@@ -41,7 +38,6 @@ DESTDIR=/usr
 #CXX=g++
 #CXXFLAGS=-O2 
 #DEFINES=-DBIG_ENDIAN -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_BSD_COMPAT -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1
-#STRIP=strip
 #AR=ar
 #DESTDIR=/usr
 
@@ -49,7 +45,6 @@ DESTDIR=/usr
 #CXX=CC
 #CXXFLAGS=-O2 -mips3 -woff 1234,1156,3284 -LANG:std
 #DEFINES=-DBIG_ENDIAN -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_BSD_COMPAT -Dint64=int64_t
-#STRIP=strip
 #AR=ar
 #DESTDIR=/usr
 
@@ -58,7 +53,6 @@ DESTDIR=/usr
 #CXXFLAGS=-O -qinline -qro -qroconst -qmaxmem=16384 -qcpluscmt
 #DEFINES=-D_LARGE_FILES -D_LARGE_FILE_API
 #LIBS=-lbsd
-#STRIP=strip
 #AR=ar
 #DESTDIR=/usr
 
@@ -66,7 +60,6 @@ DESTDIR=/usr
 #CXX=CC
 #CXXFLAGS=-fast -erroff=wvarhidemem
 #DEFINES=-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-#STRIP=strip
 #AR=ar
 #DESTDIR=/usr
 
@@ -74,14 +67,12 @@ DESTDIR=/usr
 #CXX=g++
 #CXXFLAGS=-O3 -mcpu=v9 -mtune=ultrasparc -m32
 #DEFINES=-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-#STRIP=/usr/ccs/bin/strip
 #AR=/usr/ccs/bin/ar
 #DESTDIR=/usr
 
 # Tru64 5.1B using GCC3
 #CXX=g++
 #CXXFLAGS=-O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_XOPEN_SOURCE=500
-#STRIP=strip
 #AR=ar
 #LDFLAGS=-rpath /usr/local/gcc/lib
 #DESTDIR=/usr
@@ -89,7 +80,6 @@ DESTDIR=/usr
 # Tru64 5.1B using DEC C++
 #CXX=cxx
 #CXXFLAGS=-O4 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Dint64=long
-#STRIP=strip
 #AR=ar
 #LDFLAGS=
 #DESTDIR=/usr
@@ -97,7 +87,6 @@ DESTDIR=/usr
 # QNX 6.x using GCC
 #CXX=g++
 #CXXFLAGS=-O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -fexceptions
-#STRIP=strip
 #AR=ar
 #LDFLAGS=-fexceptions
 #DESTDIR=/usr
@@ -107,7 +96,6 @@ DESTDIR=/usr
 #CXX=arm-linux-g++
 #CXXFLAGS=-O2
 #DEFINES=-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
-#STRIP=arm-linux-strip
 #AR=arm-linux-ar
 #LDFLAGS=-static
 #DESTDIR=/usr
@@ -142,22 +130,18 @@ clean:
 	@rm -f $(OBJECTS) $(UNRAR_OBJ) $(LIB_OBJ)
 	@rm -f unrar libunrar.*
 
-unrar:	clean $(OBJECTS) $(UNRAR_OBJ)
-	@rm -f unrar
+unrar:	$(OBJECTS) $(UNRAR_OBJ)
 	$(LINK) -o unrar $(LDFLAGS) $(OBJECTS) $(UNRAR_OBJ) $(LIBS)	
-	$(STRIP) unrar
 
 sfx:	WHAT=SFX_MODULE
 sfx:	clean $(OBJECTS)
 	@rm -f default.sfx
 	$(LINK) -o default.sfx $(LDFLAGS) $(OBJECTS)
-	$(STRIP) default.sfx
 
 lib:	WHAT=RARDLL
 lib:	CXXFLAGS+=$(LIBFLAGS)
-lib:	clean $(OBJECTS) $(LIB_OBJ)
-	@rm -f libunrar.*
-	$(LINK) -shared -o libunrar.so $(LDFLAGS) $(OBJECTS) $(LIB_OBJ)
+lib:	$(OBJECTS) $(LIB_OBJ)
+	$(LINK) -shared -o libunrar.so $(LDFLAGS) $(OBJECTS) $(LIB_OBJ) $(LIBS)
 	$(AR) rcs libunrar.a $(OBJECTS) $(LIB_OBJ)
 
 install-unrar:
diff --git a/rar.cpp b/rar.cpp
index 34b4b27..e4d0540 100644
--- a/rar.cpp
+++ b/rar.cpp
@@ -1,3 +1,8 @@
+#ifdef __linux__
+#include <seccomp.h>
+#include <sys/ioctl.h>
+#endif
+
 #include "rar.hpp"
 
 #if !defined(RARDLL)
@@ -32,9 +37,112 @@ int main(int argc, char *argv[])
   POWER_MODE ShutdownOnClose=POWERMODE_KEEP;
 #endif
 
-  try 
+#ifdef __linux__
+#warning compiling seccomp support
+
+  scmp_filter_ctx ctx;
+  int rc = 0;
+
+  ctx = seccomp_init(SCMP_ACT_KILL_PROCESS);
+  //ctx = seccomp_init(SCMP_ACT_LOG);
+  if (ctx) {
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(access), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(brk), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chmod), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clone), 0);
+#ifdef __SNR_clone2
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clone2), 0);
+#endif
+#ifdef __SNR_clone3
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(clone3), 0);
+#endif
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(dup2), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(eventfd2), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit_group), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmod), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fcntl), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fdatasync), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fstat), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fsync), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(futex), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getdents), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getdents64), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getegid), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(geteuid), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getgid), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpgrp), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getpid), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getppid), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getrandom), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getrusage), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(gettid), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(gettimeofday), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getuid), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(link), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(lseek), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(madvise), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mkdir), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mmap), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(mprotect), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(munmap), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(newfstatat), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(pipe), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(readv), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rename), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(restart_syscall), 0);
+#ifdef __SNR_rseq
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rseq), 0);
+#endif
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigaction), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigreturn), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(select), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(set_robust_list), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sigreturn), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(stat), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(sysinfo), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(umask), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(unlink), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(utimensat), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(writev), 0);
+
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(kill), 1, SCMP_A1(SCMP_CMP_EQ, SIGTSTP));
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TIOCGWINSZ));
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TCGETS));
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TCSETSW));
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, TCSETSF));
+#ifdef FIONREAD
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, FIONREAD));
+#endif
+#ifdef FIONWRITE
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, FIONWRITE));
+#endif
+#ifdef FIONSPACE
+    rc |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, SCMP_A1(SCMP_CMP_EQ, FIONSPACE));
+#endif
+
+    //mprintf(L"rc=%d Adding seccomp rules... ", rc);
+    if (seccomp_load(ctx) == 0) {
+      //mprintf(L"OK.\n");
+    } else {
+      //mprintf(L"FAIL.\n");
+    }
+    seccomp_release(ctx);
+  } else {
+    mprintf(L"seccomp failed\n");
+  }
+#endif
+
+  try
   {
-  
+
     CommandData *Cmd=new CommandData;
 #ifdef SFX_MODULE
     wcsncpyz(Cmd->Command,L"X",ASIZE(Cmd->Command));