diff options
| author | fanquake <fanquake@gmail.com> | 2023-05-04 12:07:26 +0100 |
|---|---|---|
| committer | fanquake <fanquake@gmail.com> | 2023-06-16 10:38:19 +0100 |
| commit | 32e2ffc39374f61bb2435da507f285459985df9e (patch) | |
| tree | 44103a701bd14b0c77163db5d557215d40842210 /src/mapport.cpp | |
| parent | b3db18a0126bc4181d2a0880c27f45d203d06179 (diff) | |
| download | bitcoin-32e2ffc39374f61bb2435da507f285459985df9e.tar.xz | |
Remove the syscall sandbox
After initially being merged in #20487, it's no-longer clear that an
internal syscall sandboxing mechanism is something that Bitcoin Core
should have/maintain, especially when compared to better
maintained/supported alterantives, i.e firejail.
Note that given where it's used, the sandbox also gets dragged into the
kernel.
There is some related discussion in #24771.
This should not require any sort of deprecation, as this was only ever
an opt-in, experimental feature.
Closes #24771.
Diffstat (limited to 'src/mapport.cpp')
| -rw-r--r-- | src/mapport.cpp | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/src/mapport.cpp b/src/mapport.cpp index 118827901a..08b365db4b 100644 --- a/src/mapport.cpp +++ b/src/mapport.cpp @@ -14,7 +14,6 @@ #include <net.h> #include <netaddress.h> #include <netbase.h> -#include <util/syscall_sandbox.h> #include <util/thread.h> #include <util/threadinterrupt.h> @@ -219,7 +218,6 @@ static bool ProcessUpnp() static void ThreadMapPort() { - SetSyscallSandboxPolicy(SyscallSandboxPolicy::INITIALIZATION_MAP_PORT); bool ok; do { ok = false; |