Bitcoin Core  22.99.0
P2P Digital Currency
Enumerations | Functions
syscall_sandbox.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Enumerations

enum  SyscallSandboxPolicy {
  SyscallSandboxPolicy::INITIALIZATION, SyscallSandboxPolicy::INITIALIZATION_DNS_SEED, SyscallSandboxPolicy::INITIALIZATION_LOAD_BLOCKS, SyscallSandboxPolicy::INITIALIZATION_MAP_PORT,
  SyscallSandboxPolicy::MESSAGE_HANDLER, SyscallSandboxPolicy::NET, SyscallSandboxPolicy::NET_ADD_CONNECTION, SyscallSandboxPolicy::NET_HTTP_SERVER,
  SyscallSandboxPolicy::NET_HTTP_SERVER_WORKER, SyscallSandboxPolicy::NET_OPEN_CONNECTION, SyscallSandboxPolicy::SCHEDULER, SyscallSandboxPolicy::TOR_CONTROL,
  SyscallSandboxPolicy::TX_INDEX, SyscallSandboxPolicy::VALIDATION_SCRIPT_CHECK, SyscallSandboxPolicy::SHUTOFF
}
 

Functions

void SetSyscallSandboxPolicy (SyscallSandboxPolicy syscall_policy)
 Force the current thread (and threads created from the current thread) into a restricted-service operating mode where only a subset of all syscalls are available. More...
 

Enumeration Type Documentation

◆ SyscallSandboxPolicy

enum SyscallSandboxPolicy
strong
Enumerator
INITIALIZATION 
INITIALIZATION_DNS_SEED 
INITIALIZATION_LOAD_BLOCKS 
INITIALIZATION_MAP_PORT 
MESSAGE_HANDLER 
NET 
NET_ADD_CONNECTION 
NET_HTTP_SERVER 
NET_HTTP_SERVER_WORKER 
NET_OPEN_CONNECTION 
SCHEDULER 
TOR_CONTROL 
TX_INDEX 
VALIDATION_SCRIPT_CHECK 
SHUTOFF 

Definition at line 8 of file syscall_sandbox.h.

Function Documentation

◆ SetSyscallSandboxPolicy()

void SetSyscallSandboxPolicy ( SyscallSandboxPolicy  syscall_policy)

Force the current thread (and threads created from the current thread) into a restricted-service operating mode where only a subset of all syscalls are available.

Subsequent calls to this function can reduce the abilities further, but abilities can never be regained.

This function is a no-op unless SetupSyscallSandbox(...) has been called.

SetupSyscallSandbox(...) is called during bitcoind initialization if Bitcoin Core was compiled with seccomp-bpf support (–with-seccomp) and the parameter -sandbox=<mode> was passed to bitcoind.

This experimental feature is available under Linux x86_64 only.

Definition at line 826 of file syscall_sandbox.cpp.

Here is the call graph for this function:
Here is the caller graph for this function: