Capsicum -- 9.x merge in sight

Ivan Voras ivoras at freebsd.org
Sun Jan 23 03:28:27 UTC 2011


On 22.1.2011 16:25, Robert Watson wrote:
>
> Dear all:
>
> As many of you will now have heard, the Computer Laboratory at the
> University of Cambridge and Google have been collaborating for the last
> few years on a security research project called Capsicum. It consists of
> a set of extensions to the POSIX API adding a new "capability mode",
> "capabilities", "process descriptors", and several other additions
> required to implement a capability-oriented sandbox model in UNIX. These

Hello,

How is Capsicum positioned, from user & admin perspective, when compared 
to the MAC work on FreeBSD and SELinux on Linux? Is one the superset of 
another, will one obsolete another?

 > The current plan is *not* to merge
 > libcapsicum, a userspace library used by certain applications to
 > construct sandboxes, as we feel the API remains insufficiently mature at
 > this point.

I vaguely remember that the MAC work has never gotten as popular on 
FreeBSD as SELinux on Linux because it lacked user-oriented tools and 
documentation - is there a danger Capsicum will end up the same?




More information about the freebsd-arch mailing list