A TrustedBSD "voluntary sandbox" policy.
Robert Watson
rwatson at FreeBSD.org
Fri Nov 16 08:29:07 PST 2007
On Thu, 8 Nov 2007, Andrea Campi wrote:
> On Wed, Nov 07, 2007 at 10:20:28PM -0500, dexterclarke at Safe-mail.net wrote:
>
>> I'm considering developing a policy/module for TrustedBSD loosely based on
>> the systrace concept - A process loads a policy and then executes another
>> program in a sandbox with fine grained control over what that program can
>> do.
> ...
>> Please note that the 'policy' given on the command line is purely for the
>> sake of example, no syntax or semantics have been decided upon.
>
> Can't comment on the implementation or wider issues, but if you pursue this,
> please have a look at how MacOS Leopard does it (Seatbelt). Would be nice to
> converge on both syntax (a Schema dialect) and tools names / command line
> args--or if converging is not possible, at least know where and why and make
> a conscious decision.
FYI, Seatbelt is based on the Mac OS X port of the TrustedBSD MAC Framework,
which while it has some significant changes (some now present in the 8-CURRENT
branch of FreeBSD), may well be a good starting point. Last I checked, the
source for Seatbelt wasn't yet available, but there was hope it would be
available in the near future. A port of the policy to FreeBSD sounds like it
would be very interesting to do, and might provide a nice starting point
rather than having to write up a policy from scratch.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-hackers
mailing list