diff options
| author | Andrew Chow <github@achow101.com> | 2023-06-27 17:48:15 -0400 |
|---|---|---|
| committer | Andrew Chow <github@achow101.com> | 2023-06-27 18:19:21 -0400 |
| commit | caff95a0237facddb46fbbdf87e31ff6294b8c70 (patch) | |
| tree | fd3d4ff0920d2e0cd73c47301531f50544909fdf /src/rpc | |
| parent | 5cce4d293e8065ddd69838c7279fa5b4ddcc2daa (diff) | |
| parent | 32e2ffc39374f61bb2435da507f285459985df9e (diff) | |
Merge bitcoin/bitcoin#27896: Remove the syscall sandbox
32e2ffc39374f61bb2435da507f285459985df9e Remove the syscall sandbox (fanquake)
Pull request description:
After initially being merged in #20487, it's no-longer clear that an internal syscall sandboxing mechanism is something that Bitcoin Core should have/maintain, especially when compared to better maintained/supported alterantives, i.e [firejail](https://github.com/netblue30/firejail).
There is more related discussion in #24771.
Note that given where it's used, the sandbox also gets dragged into the kernel.
If it's removed, this should not require any sort of deprecation, as this was only ever an opt-in, experimental feature.
Closes #24771.
ACKs for top commit:
davidgumberg:
crACK https://github.com/bitcoin/bitcoin/pull/27896/commits/32e2ffc39374f61bb2435da507f285459985df9e
achow101:
ACK 32e2ffc39374f61bb2435da507f285459985df9e
dergoegge:
ACK 32e2ffc39374f61bb2435da507f285459985df9e
Tree-SHA512: 8cf71c5623bb642cb515531d4a2545d806e503b9d57bfc15a996597632b06103d60d985fd7f843a3c1da6528bc38d0298d6b8bcf0be6f851795a8040d71faf16
Diffstat (limited to 'src/rpc')
| -rw-r--r-- | src/rpc/node.cpp | 25 |
1 files changed, 0 insertions, 25 deletions
diff --git a/src/rpc/node.cpp b/src/rpc/node.cpp index 45d46d223b..3828401642 100644 --- a/src/rpc/node.cpp +++ b/src/rpc/node.cpp @@ -21,7 +21,6 @@ #include <univalue.h> #include <util/any.h> #include <util/check.h> -#include <util/syscall_sandbox.h> #include <stdint.h> #ifdef HAVE_MALLOC_INFO @@ -70,27 +69,6 @@ static RPCHelpMan setmocktime() }; } -#if defined(USE_SYSCALL_SANDBOX) -static RPCHelpMan invokedisallowedsyscall() -{ - return RPCHelpMan{ - "invokedisallowedsyscall", - "\nInvoke a disallowed syscall to trigger a syscall sandbox violation. Used for testing purposes.\n", - {}, - RPCResult{RPCResult::Type::NONE, "", ""}, - RPCExamples{ - HelpExampleCli("invokedisallowedsyscall", "") + HelpExampleRpc("invokedisallowedsyscall", "")}, - [&](const RPCHelpMan& self, const JSONRPCRequest& request) -> UniValue { - if (!Params().IsTestChain()) { - throw std::runtime_error("invokedisallowedsyscall is used for testing only."); - } - TestDisallowedSandboxCall(); - return UniValue::VNULL; - }, - }; -} -#endif // USE_SYSCALL_SANDBOX - static RPCHelpMan mockscheduler() { return RPCHelpMan{"mockscheduler", @@ -428,9 +406,6 @@ void RegisterNodeRPCCommands(CRPCTable& t) {"hidden", &echo}, {"hidden", &echojson}, {"hidden", &echoipc}, -#if defined(USE_SYSCALL_SANDBOX) - {"hidden", &invokedisallowedsyscall}, -#endif // USE_SYSCALL_SANDBOX }; for (const auto& c : commands) { t.appendCommand(c.name, &c); |