Add syscall sandboxing (seccomp-bpf)

2025-11-12 23:18:14 +01:00 · 2021-10-01 13:53:59 +00:00
parent e69cbac628
commit 4747da3a5b
27 changed files with 1125 additions and 1 deletions
--- a/src/bitcoind.cpp
+++ b/src/bitcoind.cpp
@@ -19,6 +19,7 @@
 #include <shutdown.h>
 #include <util/check.h>
 #include <util/strencodings.h>
+#include <util/syscall_sandbox.h>
 #include <util/system.h>
 #include <util/threadnames.h>
 #include <util/tokenpipe.h>
@@ -238,6 +239,7 @@ static bool AppInit(NodeContext& node, int argc, char* argv[])
        daemon_ep.Close();
    }
 #endif
+    SetSyscallSandboxPolicy(SyscallSandboxPolicy::SHUTOFF);
    if (fRet) {
        WaitForShutdown();
    }