Commit graph

32 commits

Author SHA1 Message Date
W. J. van der Laan
9e530c6352
Merge bitcoin/bitcoin#20487: Add syscall sandboxing using seccomp-bpf (Linux secure computing mode)
4747da3a5b Add syscall sandboxing (seccomp-bpf) (practicalswift)

Pull request description:

  Add experimental syscall sandboxing using seccomp-bpf (Linux secure computing mode).

  Enable filtering of system calls using seccomp-bpf: allow only explicitly allowlisted (expected) syscalls to be called.

  The syscall sandboxing implemented in this PR is an experimental feature currently available only under Linux x86-64.

  To enable the experimental syscall sandbox the `-sandbox=<mode>` option must be passed to `bitcoind`:

  ```
    -sandbox=<mode>
         Use the experimental syscall sandbox in the specified mode
         (-sandbox=log-and-abort or -sandbox=abort). Allow only expected
         syscalls to be used by bitcoind. Note that this is an
         experimental new feature that may cause bitcoind to exit or crash
         unexpectedly: use with caution. In the "log-and-abort" mode the
         invocation of an unexpected syscall results in a debug handler
         being invoked which will log the incident and terminate the
         program (without executing the unexpected syscall). In the
         "abort" mode the invocation of an unexpected syscall results in
         the entire process being killed immediately by the kernel without
         executing the unexpected syscall.
  ```

  The allowed syscalls are defined on a per thread basis.

  I've used this feature since summer 2020 and I find it to be a helpful testing/debugging addition which makes it much easier to reason about the actual capabilities required of each type of thread in Bitcoin Core.

  ---

  Quick start guide:

  ```
  $ ./configure
  $ src/bitcoind -regtest -debug=util -sandbox=log-and-abort
  …
  2021-06-09T12:34:56Z Experimental syscall sandbox enabled (-sandbox=log-and-abort): bitcoind will terminate if an unexpected (not allowlisted) syscall is invoked.
  …
  2021-06-09T12:34:56Z Syscall filter installed for thread "addcon"
  2021-06-09T12:34:56Z Syscall filter installed for thread "dnsseed"
  2021-06-09T12:34:56Z Syscall filter installed for thread "net"
  2021-06-09T12:34:56Z Syscall filter installed for thread "msghand"
  2021-06-09T12:34:56Z Syscall filter installed for thread "opencon"
  2021-06-09T12:34:56Z Syscall filter installed for thread "init"
  …
  # A simulated execve call to show the sandbox in action:
  2021-06-09T12:34:56Z ERROR: The syscall "execve" (syscall number 59) is not allowed by the syscall sandbox in thread "msghand". Please report.
  …
  Aborted (core dumped)
  $
  ```

  ---

  [About seccomp and seccomp-bpf](https://en.wikipedia.org/wiki/Seccomp):

  > In computer security, seccomp (short for secure computing mode) is a facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), and read() and write() to already-open file descriptors. Should it attempt any other system calls, the kernel will terminate the process with SIGKILL or SIGSYS. In this sense, it does not virtualize the system's resources but isolates the process from them entirely.
  >
  > […]
  >
  > seccomp-bpf is an extension to seccomp that allows filtering of system calls using a configurable policy implemented using Berkeley Packet Filter rules. It is used by OpenSSH and vsftpd as well as the Google Chrome/Chromium web browsers on Chrome OS and Linux. (In this regard seccomp-bpf achieves similar functionality, but with more flexibility and higher performance, to the older systrace—which seems to be no longer supported for Linux.)

ACKs for top commit:
  laanwj:
    Code review and lightly tested ACK 4747da3a5b

Tree-SHA512: e1c28e323eb4409a46157b7cc0fc29a057ba58d1ee2de268962e2ade28ebd4421b5c2536c64a3af6e9bd3f54016600fec88d016adb49864b63edea51ad838e17
2021-10-04 22:45:43 +02:00
practicalswift
4747da3a5b Add syscall sandboxing (seccomp-bpf) 2021-10-01 13:51:10 +00:00
Samuel Dobson
bccd1d942d Remove -rescan startup parameter 2021-09-30 12:06:27 +13:00
MarcoFalke
fa0b916971
scripted-diff: Use generate* from TestFramework
-BEGIN VERIFY SCRIPT-
 sed --regexp-extended -i \
     's/((self\.)?(nodes\[[^]]+\]|[a-z_]*(wallet|node)[0-9a-z_]*))\.(generate(|toaddress|block|todescriptor)(\(|, ))/self.\5\1, /g' \
     $(git grep -l generate ./test | grep -v 'test_framework/' | grep -v 'feature_rbf')
-END VERIFY SCRIPT-
2021-09-02 10:34:35 +02:00
fanquake
961f5813ba
test: use f-strings in feature_notifications.py 2021-08-18 12:39:19 +08:00
MarcoFalke
fa4aec2b26
test: Fix feature_notifications.py intermittent issue 2021-04-26 08:22:46 +02:00
Maayan Keshet
06e1fb0b17 Add new format string placeholders for walletnotify to include relevant block information for transactions 2021-03-15 18:45:36 +02:00
Andrew Chow
7c71c627d2 Setup wallets with descriptors for feature_notifications 2021-01-27 12:52:46 -05:00
MarcoFalke
fa0074e2d8
scripted-diff: Bump copyright headers
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./
-END VERIFY SCRIPT-
2020-12-31 09:45:41 +01:00
Wladimir J. van der Laan
83363f7b62
Merge #20167: test: Add test for -blockversion
fa9b48549c test: Add test for -blockversion (MarcoFalke)
fa7fb0e442 test: Default blockversion to 4 in feature_block (MarcoFalke)
fa2b778d0c test: Remove unused -blockversion from tests (MarcoFalke)

Pull request description:

  `-blockversion` is currently untested, as in: The setting could be made a no-op without any tests failing. Fix that by adding an explicit test for it. Also, related minor cleanups.

ACKs for top commit:
  guggero:
    ACK fa9b48549c.

Tree-SHA512: 1b2e792f7ed0ec1db163476ee8a938f8f7cb3691f797c721bbe55fdeed92487c2ff83b55467440096917999406c86430cb3a615383cefb4f621828309ff6a1e7
2020-10-27 10:57:57 +01:00
Prayank
4b16c61461 scripted-diff: test: Replace uses of (dis)?connect_nodes global
-BEGIN VERIFY SCRIPT-

 # max-depth=0 excludes test/functional/test_framework/...
 FILES=$(git grep -l --max-depth 0 "connect_nodes" test/functional)

 # Replace (dis)?connect_nodes(self.nodes[a], b) with self.(dis)?connect_nodes(a, b)
 sed -i 's/\b\(dis\)\?connect_nodes(self\.nodes\[\(.*\)\]/self.\1connect_nodes(\2/g' $FILES

 # Remove imports in the middle of a line
 sed -i 's/\(dis\)\?connect_nodes, //g' $FILES
 sed -i 's/, \(dis\)\?connect_nodes//g' $FILES

 # Remove imports on a line by themselves
 sed -i '/^\s*\(dis\)\?connect_nodes,\?$/d' $FILES
 sed -i '/^from test_framework\.util import connect_nodes$/d' $FILES

-END VERIFY SCRIPT-

Co-authored-by: Elliott Jin <elliott.jin@gmail.com>
2020-10-20 00:42:00 -07:00
MarcoFalke
fa2b778d0c
test: Remove unused -blockversion from tests 2020-10-16 13:01:07 +02:00
Russell Yanofsky
c1585bca8d test: Get rid of default wallet hacks
- Get rid of hardcoded wallet "" names and -wallet="" args
- Get rid of setup_nodes (-wallet, -nowallet, -disablewallet) argument rewriting

Motivation:

- Simplify test framework behavior so it's easier to write new tests without
  having arguments mangled by the framework
- Make tests more readable, replacing unexplained "" string literals with
  default_wallet_name references
- Make it trivial to update default wallet name and wallet data filename for
  sqlite #19077 testing
- Stop relying on -wallet arguments to create wallets, so it is easy to change
  -wallet option in the future to only load existing wallets not create new
  ones (to avoid accidental wallet creation, and encourage use of wallet
  encryption and descriptor features)
2020-09-29 04:35:01 -04:00
Benoit Verret
637d8bce74 Change FILE_CHAR_BLOCKLIST to FILE_CHARS_DISALLOWED
Blocklist is ambiguous. It could mean a list of blocks.

Example: "blocknotify" in the same file refers to Bitcoin blocks.
2020-09-06 12:15:04 -04:00
Seleme Topuz
1343c86c7c test: Update wait_until usage in tests not to use the one from utils
Replace "wait_until()" usage from utils, with the ones from BitcoinTestFramework and P2PInterface.
closes #19080
2020-08-26 18:01:59 +02:00
MarcoFalke
fa195d4eba
test: Add missing sync_blocks 2020-06-16 15:05:05 -04:00
TrentZ
6fc641644f
change blacklist to blocklist
Let's use a more appropriate and clear word and discard the usage of the blacklist. Blocklist is clear. Happy for everyone.
2020-06-09 15:08:41 -05:00
Russell Yanofsky
b604c5c8b5 wallet: Minimal fix to restore conflicted transaction notifications
This fix is a based on the fix by Antoine Riard <ariard@student.42.fr> in
https://github.com/bitcoin/bitcoin/pull/18600.

Unlike that PR, which implements some new behavior, this just restores previous
wallet notification and status behavior for transactions removed from the
mempool because they conflict with transactions in a block. The behavior was
accidentally changed in two `CWallet::BlockConnected` updates:
a31be09bfd and
7e89994133 from
https://github.com/bitcoin/bitcoin/pull/16624, causing issue
https://github.com/bitcoin/bitcoin/issues/18325.

The change here could be improved and replaced with a more comprehensive
cleanup, so it includes a detailed comment explaining future considerations.

Fixes #18325

Co-authored-by: Antoine Riard <ariard@student.42.fr>
2020-05-15 09:23:55 -04:00
Russell Yanofsky
f963a68051 test: Add test for conflicted wallet tx notifications
Add test coverage for conflicted wallet transaction notifications so we improve
current behavior and avoid future regressions

https://github.com/bitcoin/bitcoin/pull/9240 - accidental break
https://github.com/bitcoin/bitcoin/issues/9479 - bug report
https://github.com/bitcoin/bitcoin/pull/9371 - fix
https://github.com/bitcoin/bitcoin/pull/16624 - accidental break
https://github.com/bitcoin/bitcoin/issues/18325 - bug report
https://github.com/bitcoin/bitcoin/pull/18600 - potential fix
2020-05-04 22:27:19 -04:00
João Barbosa
4e9efac678 test: Check wallet name in -walletnotify script 2020-01-31 17:43:26 -05:00
MarcoFalke
fa3b9ee8b2
scripted-diff: test: Replace connect_nodes_bi with connect_nodes
-BEGIN VERIFY SCRIPT-
sed -i --regexp-extended -e 's/connect_nodes_bi\(self.nodes,\s*(.),\s*/connect_nodes(self.nodes[\1], /g' $(git grep -l connect_nodes_bi)
sed -i --regexp-extended -e 's/connect_nodes_bi(,| )/connect_nodes\1/g'                                  $(git grep -l connect_nodes_bi)
-END VERIFY SCRIPT-
2019-09-17 13:08:21 -04:00
MarcoFalke
1111bb91f5
test: Reformat python imports to aid scripted diff 2019-09-17 12:56:56 -04:00
MarcoFalke
faa7cdf764
scripted-diff: Update copyright in ./test
-BEGIN VERIFY SCRIPT-
./contrib/devtools/copyright_header.py update ./test/
-END VERIFY SCRIPT-
2019-03-02 10:58:35 -05:00
Wladimir J. van der Laan
ef362f2773 rpc/gui: Remove 'Unknown block versions being mined' warning
Due to miners inserting garbage into the version numbers, the current
version signalling has become completely useless. This removes the
"unknown block versions" warning which has the tendency to scare
users unnecessarily (and might get them to "update" to something
bad).

It preserves the warning in the logs. Whether this is desirable can
be a point of discussion.
2019-02-25 15:59:02 +01:00
Chun Kuan Lee
ca6d86c322 tests: Stop node before removing the notification file 2018-10-12 05:57:58 +08:00
MarcoFalke
faa4043c66
qa: Run more tests with wallet disabled 2018-09-25 18:08:08 -04:00
Chun Kuan Lee
67654b6405 tests: write the notification to different files to avoid race condition 2018-09-25 04:58:06 +08:00
MarcoFalke
fac9539836
qa: Run all tests even if wallet is not compiled 2018-09-10 17:53:21 -04:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
practicalswift
634bd97001 Explicitly specify encoding when opening text files in Python code 2018-06-12 21:34:52 +02:00
MarcoFalke
fab9095d40
qa: Windows fixups for functional tests 2018-04-08 12:44:43 -04:00
Anthony Towns
ca6523d0c8 [tests] Rename feature_* functional tests. 2018-01-25 09:44:29 +10:00
Renamed from test/functional/notifications.py (Browse further)