[Status Update] Capsicum adaptation project: Week 7

[Ilya Bakulin]

Hi,
this is the sixth update for Capsicum adaptation project.

During last week I have finally started an open discussion about
applications that need to receive capsicum support in the base system.
Then I've started working on adapting lightweight resolver daemon for
using it with sandboxed apps to provide safe name resolution service.
Some design decisions are still under discussion, but I'm sure that we
will find a good solution this week.
I have switched to p4 version of FreeBSD-capabilities, because that's
the only version that has libcapsicum and modified procstat utility.
Using it I have examined child process of modified syslogd, found leaked
file descriptors and fixed this, and also added capability constraints
on files and sockets that are opened by syslogd child.
At the same time I tried to build FreeBSD-Capabilities branch from
Jonathan's git repo, and finally it was successful (with minor
patching). Maybe I will try to use this repo and libcapsicum port (also
from Jonathan's github repo) to work further, but I need to discuss this
with Robert, Jonathan and Ben.

So, during the next week I want to finish lwres adaptation
(liblwres/lwresd modifications + rc.d script for lwresd) and continue
with capsicumization of simple network utilities (netcat, ping and
friends). Also I hope to switch to much more recent FreeBSD source by
using Jonathan's repos.

-- 
Regards,
Ilya Bakulin
http://kibab.com
xmpp://kibab612@jabber.ru


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/soc-status/attachments/20110711/7cb88abc/signature.pgp