highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-11-10 22:18:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove the syscall sandbox

Browse Source 
After initially being merged in #20487, it's no-longer clear that an
internal syscall sandboxing mechanism is something that Bitcoin Core
should have/maintain, especially when compared to better
maintained/supported alterantives, i.e firejail.

Note that given where it's used, the sandbox also gets dragged into the
kernel.

There is some related discussion in #24771.

This should not require any sort of deprecation, as this was only ever
an opt-in, experimental feature.

Closes #24771.
This commit is contained in:
fanquake
2023-05-04 12:07:26 +01:00
parent b3db18a012
commit 32e2ffc393
28 changed files with 5 additions and 1175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/torcontrol.cpp
View File

@@ -16,7 +16,6 @@
#include <netbase.h>
#include <util/readwritefile.h>
#include <util/strencodings.h>
#include <util/syscall_sandbox.h>
#include <util/thread.h>
#include <util/time.h>
@@ -653,7 +652,6 @@ static std::thread torControlThread;
static void TorControlThread(CService onion_service_target)
{
SetSyscallSandboxPolicy(SyscallSandboxPolicy::TOR_CONTROL);
TorController ctrl(gBase, gArgs.GetArg("-torcontrol", DEFAULT_TOR_CONTROL), onion_service_target);
event_base_dispatch(gBase);