Add syscall sandboxing (seccomp-bpf)

2026-04-18 03:27:41 +02:00 · 2021-10-01 13:53:59 +00:00
parent e69cbac628
commit 4747da3a5b
27 changed files with 1125 additions and 1 deletions
--- a/src/scheduler.cpp
+++ b/src/scheduler.cpp
@@ -5,6 +5,7 @@
 #include <scheduler.h>

 #include <random.h>
+#include <util/syscall_sandbox.h>
 #include <util/time.h>

 #include <assert.h>
@@ -24,6 +25,7 @@ CScheduler::~CScheduler()

 void CScheduler::serviceQueue()
 {
+    SetSyscallSandboxPolicy(SyscallSandboxPolicy::SCHEDULER);
    WAIT_LOCK(newTaskMutex, lock);
    ++nThreadsServicingQueue;