From owner-freebsd-hackers@FreeBSD.ORG  Thu Nov  8 14:34:40 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7DFE216A46B;
	Thu,  8 Nov 2007 14:34:40 +0000 (UTC)
	(envelope-from andrea@webcom.it)
Received: from www.webcom.it (gen053.n002.c03.escapebox.net [213.73.82.53])
	by mx1.freebsd.org (Postfix) with ESMTP id 33EC813C4E1;
	Thu,  8 Nov 2007 14:34:40 +0000 (UTC)
	(envelope-from andrea@webcom.it)
Received: from andrea by webcom.it with local (Exim 3.36 #1)
	id 1Iq81b-000A6S-00; Thu, 08 Nov 2007 14:06:27 +0000
Date: Thu, 8 Nov 2007 14:06:27 +0000
From: Andrea Campi <andrea+freebsd_hackers@webcom.it>
To: dexterclarke@Safe-mail.net
Message-ID: <20071108140627.GI82877@webcom.it>
References: <N1-_PYrd0nIeB@Safe-mail.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <N1-_PYrd0nIeB@Safe-mail.net>
User-Agent: Mutt/1.5.11
Sender: Andrea Campi <andrea@webcom.it>
Cc: freebsd-hackers@freebsd.org, trustedbsd-discuss@freebsd.org
Subject: Re: A TrustedBSD "voluntary sandbox" policy.
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2007 14:34:40 -0000

On Wed, Nov 07, 2007 at 10:20:28PM -0500, dexterclarke@Safe-mail.net wrote:
> I'm considering developing a policy/module for TrustedBSD loosely based
> on the systrace concept - A process loads a policy and then executes
> another program in a sandbox with fine grained control over what that
> program can do.
...
> Please note that the 'policy' given on the command line is purely for 
> the sake of example, no syntax or semantics have been decided upon.

Can't comment on the implementation or wider issues, but if you
pursue this, please have a look at how MacOS Leopard does it
(Seatbelt). Would be nice to converge on both syntax (a Schema
dialect) and tools names / command line args--or if converging is not
possible, at least know where and why and make a conscious decision.

Bye,
	Andrea

-- 
If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.