svn commit: r42880 - head/en_US.ISO8859-1/htdocs/news/status

Gabor Pali pgj at FreeBSD.org
Mon Oct 7 20:49:03 UTC 2013 

Author: pgj
Date: Mon Oct  7 20:49:02 2013
New Revision: 42880
URL: http://svnweb.freebsd.org/changeset/doc/42880

Log:
  - Add a Q3 report on the Capsicum work
  
  Submitted by:	pjd

Modified:
  head/en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml

Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml	Mon Oct  7 20:18:50 2013	(r42879)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml	Mon Oct  7 20:49:02 2013	(r42880)
@@ -19,7 +19,7 @@
 
     <!-- XXX: keep updating the number of entries -->
     <p>Thanks to all the reporters for the excellent work!  This report
-      contains 22 entries and we hope you enjoy reading it.</p>
+      contains 23 entries and we hope you enjoy reading it.</p>
 
     <!-- XXX: set date for the next set of submissions -->
     <p>The deadline for submissions covering between October and
@@ -1182,4 +1182,56 @@
       </ul>
     </body>
   </project>
+
+  <project cat='bin'>
+    <title>Capsicum</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Pawel Jakub</given>
+	  <common>Dawidek</common>
+	</name>
+	<email>pjd at FreeBSD.org</email>
+      </person>
+    </contact>
+
+    <body>
+      <p>The work on Capsicum and related projects (such as Casper,
+	<tt>libnv</tt>, etc.) is progressing nicely.  An overhaul of the
+	<tt>cap_rights_t</tt> was committed to &os; <tt>head</tt> and
+	will be included in 10.0.  This allows us to have more
+	capability rights on file descriptors than the previous limit of
+	64 rights, which was almost reached.  This change is not
+	backward compatible, so it was very important to get it into
+	10.0.</p>
+
+      <p><tt>libnv</tt>, used for communication between Casper services
+	and consumers, but hopefully will be used more widely, is
+	finalized and comes with a nice set of regression tests.</p>
+
+      <p>The number of applications sandboxed using the Capsicum
+	framework is increasing.  We have around 10 of them already in
+	base and more that are not yet committed.</p>
+    </body>
+
+    <help>
+      <task>Finish documentation of Casper and its services.</task>
+
+      <task>Implement regression tests for Casper services.</task>
+
+      <task>Finish documentation for <tt>libnv</tt>.</task>
+
+      <task>Start making <tt>libc</tt> more sandbox-friendly, that is,
+	functions such as <tt>strerror(3)</tt>, <tt>strsignal(3)</tt>,
+	<tt>localtime(3)</tt>, <tt>login_get*()</tt>,
+	<tt>getservent(3)</tt>, <tt>getprotent(3)</tt>,
+	<tt>getrpcent(3)</tt> open files on first use, which might be
+	too late if we are already in a capability-mode sandbox.</task>
+
+      <task>Rethink the <tt>system.filesystem</tt> Casper service to
+	allow for easy compartmentalization of various command-line
+	tools that operate on multiple files.</task>
+    </help>
+  </project>
 </report>

More information about the svn-doc-all mailing list