Bitcoin Core
25.99.0
P2P Digital Currency
|
Go to the source code of this file.
Enumerations | |
enum class | SyscallSandboxPolicy { INITIALIZATION , INITIALIZATION_DNS_SEED , INITIALIZATION_LOAD_BLOCKS , INITIALIZATION_MAP_PORT , MESSAGE_HANDLER , NET , NET_ADD_CONNECTION , NET_HTTP_SERVER , NET_HTTP_SERVER_WORKER , NET_OPEN_CONNECTION , SCHEDULER , TOR_CONTROL , TX_INDEX , VALIDATION_SCRIPT_CHECK , SHUTOFF } |
Functions | |
void | SetSyscallSandboxPolicy (SyscallSandboxPolicy syscall_policy) |
Force the current thread (and threads created from the current thread) into a restricted-service operating mode where only a subset of all syscalls are available. More... | |
|
strong |
Definition at line 8 of file syscall_sandbox.h.
void SetSyscallSandboxPolicy | ( | SyscallSandboxPolicy | syscall_policy | ) |
Force the current thread (and threads created from the current thread) into a restricted-service operating mode where only a subset of all syscalls are available.
Subsequent calls to this function can reduce the abilities further, but abilities can never be regained.
This function is a no-op unless SetupSyscallSandbox(...) has been called.
SetupSyscallSandbox(...) is called during bitcoind initialization if Bitcoin Core was compiled with seccomp-bpf support (–with-seccomp) and the parameter -sandbox=<mode> was passed to bitcoind.
This experimental feature is available under Linux x86_64 only.
Definition at line 835 of file syscall_sandbox.cpp.