Capsicum merge in progress (was: Re: Capsicum -- 9.x merge in sight)
rwatson at FreeBSD.org
Wed Mar 2 11:20:02 UTC 2011
On Sat, 22 Jan 2011, Robert Watson wrote:
> Jon and my current plan is to merge, over the next few months, various
> kernel features required to support Capscium sandboxing for FreeBSD 9.0:
> first capability mode support (this week), then capabilities themselves
> (which are a form of file descriptor in Capsicum), followed by process
> descriptors (a file descriptor alternative to process IDs that may be used
> by supporting applications). The current plan is *not* to merge
> libcapsicum, a userspace library used by certain applications to construct
> sandboxes, as we feel the API remains insufficiently mature at this point.
> However, the Capsicum system calls can still be used directly by
> applications, including Chromium. We would distribute libcapsicum as a
> package alongside 9.0, just not as a supported OS API for the time being.
Jon and I have now started the merge; I committed basic kernel capability mode
support yesterday (cap_enter(2), cap_getmode(2), new errno values,
capabilities.conf). Over the next few weeks we'll merge man pages, additional
kernel support for capability mode and capabilities, including delegated file
system subtrees in capability mode, cap_new(2) and friends, process
descriptors, and so on. Kernel support for these features will remain
conditional on compiling in options CAPABILITIES (and later options PROCDESC)
for the time being.
More information about the freebsd-arch