syscall_sandbox.h File Reference

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Enumerations
enum class	SyscallSandboxPolicy {   INITIALIZATION , INITIALIZATION_DNS_SEED , INITIALIZATION_LOAD_BLOCKS , INITIALIZATION_MAP_PORT ,   MESSAGE_HANDLER , NET , NET_ADD_CONNECTION , NET_HTTP_SERVER ,   NET_HTTP_SERVER_WORKER , NET_OPEN_CONNECTION , SCHEDULER , TOR_CONTROL ,   TX_INDEX , VALIDATION_SCRIPT_CHECK , SHUTOFF }

Functions
void	SetSyscallSandboxPolicy (SyscallSandboxPolicy syscall_policy)
	Force the current thread (and threads created from the current thread) into a restricted-service operating mode where only a subset of all syscalls are available. More...

Enumeration Type Documentation

SyscallSandboxPolicy

enum SyscallSandboxPolicy

strong

Enumerator
INITIALIZATION
INITIALIZATION_DNS_SEED
INITIALIZATION_LOAD_BLOCKS
INITIALIZATION_MAP_PORT
MESSAGE_HANDLER
NET
NET_ADD_CONNECTION
NET_HTTP_SERVER
NET_HTTP_SERVER_WORKER
NET_OPEN_CONNECTION
SCHEDULER
TOR_CONTROL
TX_INDEX
VALIDATION_SCRIPT_CHECK
SHUTOFF

Definition at line 8 of file syscall_sandbox.h.

Function Documentation

SetSyscallSandboxPolicy()

void SetSyscallSandboxPolicy

(

SyscallSandboxPolicy

syscall_policy

)

Force the current thread (and threads created from the current thread) into a restricted-service operating mode where only a subset of all syscalls are available.

Subsequent calls to this function can reduce the abilities further, but abilities can never be regained.

This function is a no-op unless SetupSyscallSandbox(...) has been called.

SetupSyscallSandbox(...) is called during bitcoind initialization if Bitcoin Core was compiled with seccomp-bpf support (–with-seccomp) and the parameter -sandbox=<mode> was passed to bitcoind.

This experimental feature is available under Linux x86_64 only.

Definition at line 835 of file syscall_sandbox.cpp.

Here is the call graph for this function:

Here is the caller graph for this function: