Capsicum -- 9.x merge in sight
Ivan Voras
ivoras at freebsd.org
Sun Jan 23 03:28:27 UTC 2011
On 22.1.2011 16:25, Robert Watson wrote:
>
> Dear all:
>
> As many of you will now have heard, the Computer Laboratory at the
> University of Cambridge and Google have been collaborating for the last
> few years on a security research project called Capsicum. It consists of
> a set of extensions to the POSIX API adding a new "capability mode",
> "capabilities", "process descriptors", and several other additions
> required to implement a capability-oriented sandbox model in UNIX. These
Hello,
How is Capsicum positioned, from user & admin perspective, when compared
to the MAC work on FreeBSD and SELinux on Linux? Is one the superset of
another, will one obsolete another?
> The current plan is *not* to merge
> libcapsicum, a userspace library used by certain applications to
> construct sandboxes, as we feel the API remains insufficiently mature at
> this point.
I vaguely remember that the MAC work has never gotten as popular on
FreeBSD as SELinux on Linux because it lacked user-oriented tools and
documentation - is there a danger Capsicum will end up the same?
More information about the freebsd-arch
mailing list