init: Disable syscall sandbox in the bitcoin-qt process

author: MarcoFalke <falke.marco@gmail.com> 2022-04-04 14:38:56 +0200
committer: MarcoFalke <falke.marco@gmail.com> 2022-04-05 13:29:42 +0200
commit: fa0c2aa826282fe40d2ce7becb4eb6d4814447a3 (patch)
tree: c15b8a6ace737186d030d0ad35506016ae0a6c22 /src/init.cpp
parent: 24c6b20c14303831531b19641350516ab401041a (diff)
download: bitcoin-fa0c2aa826282fe40d2ce7becb4eb6d4814447a3.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/init.cpp b/src/init.cpp
index f934fd751d..4215b70156 100644
--- a/src/init.cpp
+++ b/src/init.cpp
@@ -792,7 +792,7 @@ bool AppInitBasicSetup(const ArgsManager& args)
     return true;
 }
 
-bool AppInitParameterInteraction(const ArgsManager& args)
+bool AppInitParameterInteraction(const ArgsManager& args, bool use_syscall_sandbox)
 {
     const CChainParams& chainparams = Params();
     // ********************************************************* Step 2: parameter interactions
@@ -1058,6 +1058,9 @@ bool AppInitParameterInteraction(const ArgsManager& args)
         if (!SetupSyscallSandbox(log_syscall_violation_before_terminating)) {
             return InitError(Untranslated("Installation of the syscall sandbox failed."));
         }
+        if (use_syscall_sandbox) {
+            SetSyscallSandboxPolicy(SyscallSandboxPolicy::INITIALIZATION);
+        }
         LogPrintf("Experimental syscall sandbox enabled (-sandbox=%s): bitcoind will terminate if an unexpected (not allowlisted) syscall is invoked.\n", sandbox_arg);
     }
 #endif // USE_SYSCALL_SANDBOX
author	MarcoFalke <falke.marco@gmail.com>	2022-04-04 14:38:56 +0200
committer	MarcoFalke <falke.marco@gmail.com>	2022-04-05 13:29:42 +0200
commit	fa0c2aa826282fe40d2ce7becb4eb6d4814447a3 (patch)
tree	c15b8a6ace737186d030d0ad35506016ae0a6c22 /src/init.cpp
parent	24c6b20c14303831531b19641350516ab401041a (diff)
download	bitcoin-fa0c2aa826282fe40d2ce7becb4eb6d4814447a3.tar.xz