Add syscall sandboxing (seccomp-bpf)

author: practicalswift <practicalswift@users.noreply.github.com> 2021-10-01 13:53:59 +0000
committer: practicalswift <practicalswift@users.noreply.github.com> 2021-10-01 13:51:10 +0000
commit: 4747da3a5b639b5a336b737e7e3cbf060cf2efcf (patch)
tree: c375c8eff3a7f4b02f66247b52dfee286e7fcbae /src/torcontrol.cpp
parent: e69cbac628bfdca4a8e4ead821190eaf5b6b3d07 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/torcontrol.cpp b/src/torcontrol.cpp
index bb296456ba..6d215ede6f 100644
--- a/src/torcontrol.cpp
+++ b/src/torcontrol.cpp
@@ -14,6 +14,7 @@
 #include <netbase.h>
 #include <util/readwritefile.h>
 #include <util/strencodings.h>
+#include <util/syscall_sandbox.h>
 #include <util/system.h>
 #include <util/thread.h>
 #include <util/time.h>
@@ -585,6 +586,7 @@ static std::thread torControlThread;
 
 static void TorControlThread(CService onion_service_target)
 {
+    SetSyscallSandboxPolicy(SyscallSandboxPolicy::TOR_CONTROL);
     TorController ctrl(gBase, gArgs.GetArg("-torcontrol", DEFAULT_TOR_CONTROL), onion_service_target);
 
     event_base_dispatch(gBase);
author	practicalswift <practicalswift@users.noreply.github.com>	2021-10-01 13:53:59 +0000
committer	practicalswift <practicalswift@users.noreply.github.com>	2021-10-01 13:51:10 +0000
commit	4747da3a5b639b5a336b737e7e3cbf060cf2efcf (patch)
tree	c375c8eff3a7f4b02f66247b52dfee286e7fcbae /src/torcontrol.cpp
parent	e69cbac628bfdca4a8e4ead821190eaf5b6b3d07 (diff)