From 32e2ffc39374f61bb2435da507f285459985df9e Mon Sep 17 00:00:00 2001
From: fanquake <fanquake@gmail.com>
Date: Thu, 4 May 2023 12:07:26 +0100
Subject: Remove the syscall sandbox

After initially being merged in #20487, it's no-longer clear that an
internal syscall sandboxing mechanism is something that Bitcoin Core
should have/maintain, especially when compared to better
maintained/supported alterantives, i.e firejail.

Note that given where it's used, the sandbox also gets dragged into the
kernel.

There is some related discussion in #24771.

This should not require any sort of deprecation, as this was only ever
an opt-in, experimental feature.

Closes #24771.
---
 src/bitcoind.cpp | 2 --
 1 file changed, 2 deletions(-)

(limited to 'src/bitcoind.cpp')

diff --git a/src/bitcoind.cpp b/src/bitcoind.cpp
index c561f9aa14..e2224befef 100644
--- a/src/bitcoind.cpp
+++ b/src/bitcoind.cpp
@@ -24,7 +24,6 @@
 #include <util/check.h>
 #include <util/exception.h>
 #include <util/strencodings.h>
-#include <util/syscall_sandbox.h>
 #include <util/syserror.h>
 #include <util/threadnames.h>
 #include <util/tokenpipe.h>
@@ -242,7 +241,6 @@ static bool AppInit(NodeContext& node)
         daemon_ep.Close();
     }
 #endif
-    SetSyscallSandboxPolicy(SyscallSandboxPolicy::SHUTOFF);
     return fRet;
 }
 
-- 
cgit v1.2.3