diff options
| author | fanquake <fanquake@gmail.com> | 2023-05-04 12:07:26 +0100 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2023-06-16 10:38:19 +0100 |
| commit | 32e2ffc39374f61bb2435da507f285459985df9e (patch) | |
| tree | 44103a701bd14b0c77163db5d557215d40842210 /src/init.cpp | |
| parent | b3db18a0126bc4181d2a0880c27f45d203d06179 (diff) | |
Remove the syscall sandbox
After initially being merged in #20487, it's no-longer clear that an
internal syscall sandboxing mechanism is something that Bitcoin Core
should have/maintain, especially when compared to better
maintained/supported alterantives, i.e firejail.
Note that given where it's used, the sandbox also gets dragged into the
kernel.
There is some related discussion in #24771.
This should not require any sort of deprecation, as this was only ever
an opt-in, experimental feature.
Closes #24771.
Diffstat (limited to 'src/init.cpp')
| -rw-r--r-- | src/init.cpp | 41 |
1 files changed, 1 insertions, 40 deletions
diff --git a/src/init.cpp b/src/init.cpp index 38e1dbb4a2..0036959fef 100644 --- a/src/init.cpp +++ b/src/init.cpp @@ -79,7 +79,6 @@ #include <util/moneystr.h> #include <util/strencodings.h> #include <util/string.h> -#include <util/syscall_sandbox.h> #include <util/syserror.h> #include <util/thread.h> #include <util/threadnames.h> @@ -627,10 +626,6 @@ void SetupServerArgs(ArgsManager& argsman) hidden_args.emplace_back("-daemonwait"); #endif -#if defined(USE_SYSCALL_SANDBOX) - argsman.AddArg("-sandbox=<mode>", "Use the experimental syscall sandbox in the specified mode (-sandbox=log-and-abort or -sandbox=abort). Allow only expected syscalls to be used by bitcoind. Note that this is an experimental new feature that may cause bitcoind to exit or crash unexpectedly: use with caution. In the \"log-and-abort\" mode the invocation of an unexpected syscall results in a debug handler being invoked which will log the incident and terminate the program (without executing the unexpected syscall). In the \"abort\" mode the invocation of an unexpected syscall results in the entire process being killed immediately by the kernel without executing the unexpected syscall.", ArgsManager::ALLOW_ANY, OptionsCategory::OPTIONS); -#endif // USE_SYSCALL_SANDBOX - // Add the hidden options argsman.AddHiddenArgs(hidden_args); } @@ -841,7 +836,7 @@ bool AppInitBasicSetup(const ArgsManager& args, std::atomic<int>& exit_status) return true; } -bool AppInitParameterInteraction(const ArgsManager& args, bool use_syscall_sandbox) +bool AppInitParameterInteraction(const ArgsManager& args) { const CChainParams& chainparams = Params(); // ********************************************************* Step 2: parameter interactions @@ -986,40 +981,6 @@ bool AppInitParameterInteraction(const ArgsManager& args, bool use_syscall_sandb if (args.GetIntArg("-rpcserialversion", DEFAULT_RPC_SERIALIZE_VERSION) > 1) return InitError(Untranslated("Unknown rpcserialversion requested.")); -#if defined(USE_SYSCALL_SANDBOX) - if (args.IsArgSet("-sandbox") && !args.IsArgNegated("-sandbox")) { - const std::string sandbox_arg{args.GetArg("-sandbox", "")}; - bool log_syscall_violation_before_terminating{false}; - if (sandbox_arg == "log-and-abort") { - log_syscall_violation_before_terminating = true; - } else if (sandbox_arg == "abort") { - // log_syscall_violation_before_terminating is false by default. - } else { - return InitError(Untranslated("Unknown syscall sandbox mode (-sandbox=<mode>). Available modes are \"log-and-abort\" and \"abort\".")); - } - // execve(...) is not allowed by the syscall sandbox. - const std::vector<std::string> features_using_execve{ - "-alertnotify", - "-blocknotify", - "-signer", - "-startupnotify", - "-walletnotify", - }; - for (const std::string& feature_using_execve : features_using_execve) { - if (!args.GetArg(feature_using_execve, "").empty()) { - return InitError(Untranslated(strprintf("The experimental syscall sandbox feature (-sandbox=<mode>) is incompatible with %s (which uses execve).", feature_using_execve))); - } - } - if (!SetupSyscallSandbox(log_syscall_violation_before_terminating)) { - return InitError(Untranslated("Installation of the syscall sandbox failed.")); - } - if (use_syscall_sandbox) { - SetSyscallSandboxPolicy(SyscallSandboxPolicy::INITIALIZATION); - } - LogPrintf("Experimental syscall sandbox enabled (-sandbox=%s): bitcoind will terminate if an unexpected (not allowlisted) syscall is invoked.\n", sandbox_arg); - } -#endif // USE_SYSCALL_SANDBOX - // Also report errors from parsing before daemonization { KernelNotifications notifications{}; |