From 32e2ffc39374f61bb2435da507f285459985df9e Mon Sep 17 00:00:00 2001
From: fanquake <fanquake@gmail.com>
Date: Thu, 4 May 2023 12:07:26 +0100
Subject: Remove the syscall sandbox

After initially being merged in #20487, it's no-longer clear that an
internal syscall sandboxing mechanism is something that Bitcoin Core
should have/maintain, especially when compared to better
maintained/supported alterantives, i.e firejail.

Note that given where it's used, the sandbox also gets dragged into the
kernel.

There is some related discussion in #24771.

This should not require any sort of deprecation, as this was only ever
an opt-in, experimental feature.

Closes #24771.
---
 src/httpserver.cpp | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'src/httpserver.cpp')

diff --git a/src/httpserver.cpp b/src/httpserver.cpp
index 128c4e3c56..42f4ec5833 100644
--- a/src/httpserver.cpp
+++ b/src/httpserver.cpp
@@ -18,7 +18,6 @@
 #include <shutdown.h>
 #include <sync.h>
 #include <util/strencodings.h>
-#include <util/syscall_sandbox.h>
 #include <util/threadnames.h>
 #include <util/translation.h>
 
@@ -297,7 +296,6 @@ static void http_reject_request_cb(struct evhttp_request* req, void*)
 static void ThreadHTTP(struct event_base* base)
 {
     util::ThreadRename("http");
-    SetSyscallSandboxPolicy(SyscallSandboxPolicy::NET_HTTP_SERVER);
     LogPrint(BCLog::HTTP, "Entering http event loop\n");
     event_base_dispatch(base);
     // Event loop will be interrupted by InterruptHTTPServer()
@@ -350,7 +348,6 @@ static bool HTTPBindAddresses(struct evhttp* http)
 static void HTTPWorkQueueRun(WorkQueue<HTTPClosure>* queue, int worker_num)
 {
     util::ThreadRename(strprintf("httpworker.%i", worker_num));
-    SetSyscallSandboxPolicy(SyscallSandboxPolicy::NET_HTTP_SERVER_WORKER);
     queue->Run();
 }
 
-- 
cgit v1.2.3