[Status Update] Capsicum adaptation project: Week 7
Robert N. M. Watson
rwatson at FreeBSD.org
Thu Jul 14 20:33:12 UTC 2011
BTW, it might be useful to also send out your status reports on the Capsicum mailing list -- I think folks there would be very interested.
Robert
On 11 Jul 2011, at 20:36, Ilya Bakulin wrote:
> Hi,
> this is the sixth update for Capsicum adaptation project.
>
> During last week I have finally started an open discussion about
> applications that need to receive capsicum support in the base system.
> Then I've started working on adapting lightweight resolver daemon for
> using it with sandboxed apps to provide safe name resolution service.
> Some design decisions are still under discussion, but I'm sure that we
> will find a good solution this week.
> I have switched to p4 version of FreeBSD-capabilities, because that's
> the only version that has libcapsicum and modified procstat utility.
> Using it I have examined child process of modified syslogd, found leaked
> file descriptors and fixed this, and also added capability constraints
> on files and sockets that are opened by syslogd child.
> At the same time I tried to build FreeBSD-Capabilities branch from
> Jonathan's git repo, and finally it was successful (with minor
> patching). Maybe I will try to use this repo and libcapsicum port (also
> from Jonathan's github repo) to work further, but I need to discuss this
> with Robert, Jonathan and Ben.
>
> So, during the next week I want to finish lwres adaptation
> (liblwres/lwresd modifications + rc.d script for lwresd) and continue
> with capsicumization of simple network utilities (netcat, ping and
> friends). Also I hope to switch to much more recent FreeBSD source by
> using Jonathan's repos.
>
> --
> Regards,
> Ilya Bakulin
> http://kibab.com
> xmpp://kibab612@jabber.ru
>
>
More information about the soc-status
mailing list