From 4747da3a5b639b5a336b737e7e3cbf060cf2efcf Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Fri, 1 Oct 2021 13:53:59 +0000
Subject: Add syscall sandboxing (seccomp-bpf)

---
 src/torcontrol.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/torcontrol.cpp')

diff --git a/src/torcontrol.cpp b/src/torcontrol.cpp
index bb296456ba..6d215ede6f 100644
--- a/src/torcontrol.cpp
+++ b/src/torcontrol.cpp
@@ -14,6 +14,7 @@
 #include <netbase.h>
 #include <util/readwritefile.h>
 #include <util/strencodings.h>
+#include <util/syscall_sandbox.h>
 #include <util/system.h>
 #include <util/thread.h>
 #include <util/time.h>
@@ -585,6 +586,7 @@ static std::thread torControlThread;
 
 static void TorControlThread(CService onion_service_target)
 {
+    SetSyscallSandboxPolicy(SyscallSandboxPolicy::TOR_CONTROL);
     TorController ctrl(gBase, gArgs.GetArg("-torcontrol", DEFAULT_TOR_CONTROL), onion_service_target);
 
     event_base_dispatch(gBase);
-- 
cgit v1.2.3