Bitcoin Core
25.99.0
P2P Digital Currency
|
#include <util/syscall_sandbox.h>
Go to the source code of this file.
Functions | |
void | SetSyscallSandboxPolicy (SyscallSandboxPolicy syscall_policy) |
Force the current thread (and threads created from the current thread) into a restricted-service operating mode where only a subset of all syscalls are available. More... | |
void SetSyscallSandboxPolicy | ( | SyscallSandboxPolicy | syscall_policy | ) |
Force the current thread (and threads created from the current thread) into a restricted-service operating mode where only a subset of all syscalls are available.
Subsequent calls to this function can reduce the abilities further, but abilities can never be regained.
This function is a no-op unless SetupSyscallSandbox(...) has been called.
SetupSyscallSandbox(...) is called during bitcoind initialization if Bitcoin Core was compiled with seccomp-bpf support (–with-seccomp) and the parameter -sandbox=<mode> was passed to bitcoind.
This experimental feature is available under Linux x86_64 only.
Definition at line 835 of file syscall_sandbox.cpp.