util: Add inotify_rm_watch to syscall sandbox (AllowFileSystem) #24690

pull hebasto wants to merge 1 commits into bitcoin:master from hebasto:220328-sys changing 1 files +1 −0
  1. hebasto commented at 7:17 AM on March 28, 2022: member

    This PR fixes the current master (3297f5c11c72dd83479ff8335e047555e3f8cb3b) when running bitcoin-qt on Ubuntu 22.04 and quitting:

    $ ./src/qt/bitcoin-qt -signet -sandbox=log-and-abort
Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.
ERROR: The syscall "inotify_rm_watch" (syscall number 255) is not allowed by the syscall sandbox in thread "main". Please report.
terminate called without an active exception
Aborted (core dumped)

    Also see #24659 (review)

  2. util: Add inotify_rm_watch to syscall sandbox (AllowFileSystem) f05a4cdf5a
  3. hebasto cross-referenced this on Mar 28, 2022 from issue util: add linkat to syscall sandbox (AllowFileSystem) by fanquake
  4. hebasto commented at 7:20 AM on March 28, 2022: member

    Backport into 23.x?

  5. MarcoFalke commented at 7:23 AM on March 28, 2022: member

    So this only happens in the GUI, not bitcoind?

    I always wondered how to add GUI-specific syscalls to the sandbox.

  6. MarcoFalke added the label Utils/log/libs on Mar 28, 2022
  7. MarcoFalke added the label Needs backport (23.x) on Mar 28, 2022
  8. hebasto commented at 7:26 AM on March 28, 2022: member

    So this only happens in the GUI, not bitcoind?

    Correct. Btw, #24536 and #24659 were GUI only as well.

  9. jonatack cross-referenced this on Mar 28, 2022 from issue 23.x backports by jonatack
  10. fanquake approved
  11. fanquake commented at 9:18 AM on March 30, 2022: member

    ACK f05a4cdf5a0363e1c12f00c034afb60e7ea0c775 - checked that qt is using this in it's filesystem watcher code.

  12. fanquake merged this on Mar 30, 2022
  13. fanquake closed this on Mar 30, 2022
  14. jonatack commented at 10:34 AM on March 30, 2022: contributor

    Backported to v23 in #24512.

  15. fanquake removed the label Needs backport (23.x) on Mar 30, 2022
  16. jonatack referenced this in commit c5cc0e5865 on Mar 30, 2022
  17. hebasto deleted the branch on Mar 30, 2022
  18. hebasto referenced this in commit e4ed65830f on Mar 31, 2022
  19. jonatack referenced this in commit 174af33d5d on Mar 31, 2022
  20. laanwj commented at 10:14 AM on March 31, 2022: member

    I always wondered how to add GUI-specific syscalls to the sandbox.

    I think ideally we'd add a separate profile for the GUI thread, so that the GUI specific syscalls (which is pretty much an open uncontainable set and pit of despair, given the tree of dependencies) don't clutter the more contained bitcoind ones.

    Another option would be to not sandbox Qt's threads at all. Maybe that is the best.

  21. laanwj commented at 10:17 AM on March 31, 2022: member

    open uncontainable set and pit of despair

    To illustrate: Qt indirectly uses the graphics driver (at for non-statically linked builds which link against the OS). There's no saying what it might do and might depend on the hardware.

  22. fanquake referenced this in commit c243e08351 on Mar 31, 2022
  23. sidhujag referenced this in commit 393dc49055 on Apr 3, 2022
  24. MarcoFalke cross-referenced this on Apr 4, 2022 from issue Disable the syscall sandbox for bitcoin-qt and remove gui-related syscalls by MarcoFalke
  25. laanwj referenced this in commit c5c4fb3182 on Apr 6, 2022
  26. bitcoin locked this on Mar 31, 2023
Contributors
hebastoMarcoFalkefanquakejonatacklaanwj
Labels
Utils/log/libs
Linked (view graph)
#24512 23.x backports#24536 Syscall Sandbox Termination#24659 util: add linkat to syscall sandbox (AllowFileSystem)#24758 Disable the syscall sandbox for bitcoin-qt and remove gui-related syscalls
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-19 06:53 UTC