Merge bitcoin/bitcoin#24690: util: Add inotify_rm_watch to syscall sandbox (AllowFileSystem)

f05a4cdf5a0363e1c12f00c034afb60e7ea0c775 util: Add inotify_rm_watch to syscall sandbox (AllowFileSystem) (Hennadii Stepanov)

Pull request description:

  This PR fixes the current master (3297f5c11c72dd83479ff8335e047555e3f8cb3b) when running `bitcoin-qt` on Ubuntu 22.04 and quitting:
  ```
  $ ./src/qt/bitcoin-qt -signet -sandbox=log-and-abort
  Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.
  ERROR: The syscall "inotify_rm_watch" (syscall number 255) is not allowed by the syscall sandbox in thread "main". Please report.
  terminate called without an active exception
  Aborted (core dumped)
  ```

  Also see https://github.com/bitcoin/bitcoin/pull/24659#discussion_r835747166

ACKs for top commit:
  fanquake:
    ACK f05a4cdf5a0363e1c12f00c034afb60e7ea0c775 - checked that qt is using this in it's filesystem watcher code.

Tree-SHA512: 9c7920a25422cd3a040bc1cbc487c12c3dc2b91358c3757f1030d6a1ff12c18c688a8e5b7466f683da88a5e4f5f15d442975660022d706e47021253c24c58f4a

1 files changed, 1 insertions, 0 deletions

diff --git a/src/util/syscall_sandbox.cpp b/src/util/syscall_sandbox.cpp
index efc58914b6..a05efac602 100644
--- a/src/util/syscall_sandbox.cpp
+++ b/src/util/syscall_sandbox.cpp
@@ -592,6 +592,7 @@ public:
         allowed_syscalls.insert(__NR_getcwd);          // get current working directory
         allowed_syscalls.insert(__NR_getdents);        // get directory entries
         allowed_syscalls.insert(__NR_getdents64);      // get directory entries
+        allowed_syscalls.insert(__NR_inotify_rm_watch);// remove an existing watch from an inotify instance
         allowed_syscalls.insert(__NR_linkat);          // create relative to a directory file descriptor
         allowed_syscalls.insert(__NR_lstat);           // get file status
         allowed_syscalls.insert(__NR_mkdir);           // create a directory