Date: Mon, 7 Oct 2013 20:49:02 +0000 (UTC) From: Gabor Pali <pgj@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r42880 - head/en_US.ISO8859-1/htdocs/news/status Message-ID: <201310072049.r97Kn2UW052223@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pgj Date: Mon Oct 7 20:49:02 2013 New Revision: 42880 URL: http://svnweb.freebsd.org/changeset/doc/42880 Log: - Add a Q3 report on the Capsicum work Submitted by: pjd Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml Mon Oct 7 20:18:50 2013 (r42879) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2013-07-2013-09.xml Mon Oct 7 20:49:02 2013 (r42880) @@ -19,7 +19,7 @@ <!-- XXX: keep updating the number of entries --> <p>Thanks to all the reporters for the excellent work! This report - contains 22 entries and we hope you enjoy reading it.</p> + contains 23 entries and we hope you enjoy reading it.</p> <!-- XXX: set date for the next set of submissions --> <p>The deadline for submissions covering between October and @@ -1182,4 +1182,56 @@ </ul> </body> </project> + + <project cat='bin'> + <title>Capsicum</title> + + <contact> + <person> + <name> + <given>Pawel Jakub</given> + <common>Dawidek</common> + </name> + <email>pjd@FreeBSD.org</email> + </person> + </contact> + + <body> + <p>The work on Capsicum and related projects (such as Casper, + <tt>libnv</tt>, etc.) is progressing nicely. An overhaul of the + <tt>cap_rights_t</tt> was committed to &os; <tt>head</tt> and + will be included in 10.0. This allows us to have more + capability rights on file descriptors than the previous limit of + 64 rights, which was almost reached. This change is not + backward compatible, so it was very important to get it into + 10.0.</p> + + <p><tt>libnv</tt>, used for communication between Casper services + and consumers, but hopefully will be used more widely, is + finalized and comes with a nice set of regression tests.</p> + + <p>The number of applications sandboxed using the Capsicum + framework is increasing. We have around 10 of them already in + base and more that are not yet committed.</p> + </body> + + <help> + <task>Finish documentation of Casper and its services.</task> + + <task>Implement regression tests for Casper services.</task> + + <task>Finish documentation for <tt>libnv</tt>.</task> + + <task>Start making <tt>libc</tt> more sandbox-friendly, that is, + functions such as <tt>strerror(3)</tt>, <tt>strsignal(3)</tt>, + <tt>localtime(3)</tt>, <tt>login_get*()</tt>, + <tt>getservent(3)</tt>, <tt>getprotent(3)</tt>, + <tt>getrpcent(3)</tt> open files on first use, which might be + too late if we are already in a capability-mode sandbox.</task> + + <task>Rethink the <tt>system.filesystem</tt> Casper service to + allow for easy compartmentalization of various command-line + tools that operate on multiple files.</task> + </help> + </project> </report>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310072049.r97Kn2UW052223>