Remove the syscall sandbox

After initially being merged in #20487, it's no-longer clear that an internal syscall sandboxing mechanism is something that Bitcoin Core should have/maintain, especially when compared to better maintained/supported alterantives, i.e firejail. Note that given where it's used, the sandbox also gets dragged into the kernel. There is some related discussion in #24771. This should not require any sort of deprecation, as this was only ever an opt-in, experimental feature. Closes #24771.
2025-10-10 19:43:13 +02:00 · 2023-05-04 12:07:26 +01:00
parent b3db18a012
commit 32e2ffc393
28 changed files with 5 additions and 1175 deletions
--- a/test/functional/feature_notifications.py
+++ b/test/functional/feature_notifications.py
@@ -30,9 +30,6 @@ class NotificationsTest(BitcoinTestFramework):
    def set_test_params(self):
        self.num_nodes = 2
        self.setup_clean_chain = True
-        # The experimental syscall sandbox feature (-sandbox) is not compatible with -alertnotify,
-        # -blocknotify, -walletnotify or -shutdownnotify (which all invoke execve).
-        self.disable_syscall_sandbox = True

    def setup_network(self):
        self.wallet = ''.join(chr(i) for i in range(FILE_CHAR_START, FILE_CHAR_END) if chr(i) not in FILE_CHARS_DISALLOWED)