Date: Mon, 11 Jul 2011 23:36:21 +0400 From: Ilya Bakulin <webmaster@kibab.com> To: soc-status@freebsd.org Cc: "Robert N. M. Watson" <robert.watson@cl.cam.ac.uk>, Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, Ben Laurie <benl@google.com> Subject: [Status Update] Capsicum adaptation project: Week 7 Message-ID: <4E1B50B5.6080706@kibab.com>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6AC17DEFDD6224C18402679E Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, this is the sixth update for Capsicum adaptation project. During last week I have finally started an open discussion about applications that need to receive capsicum support in the base system. Then I've started working on adapting lightweight resolver daemon for using it with sandboxed apps to provide safe name resolution service. Some design decisions are still under discussion, but I'm sure that we will find a good solution this week. I have switched to p4 version of FreeBSD-capabilities, because that's the only version that has libcapsicum and modified procstat utility. Using it I have examined child process of modified syslogd, found leaked file descriptors and fixed this, and also added capability constraints on files and sockets that are opened by syslogd child. At the same time I tried to build FreeBSD-Capabilities branch from Jonathan's git repo, and finally it was successful (with minor patching). Maybe I will try to use this repo and libcapsicum port (also from Jonathan's github repo) to work further, but I need to discuss this with Robert, Jonathan and Ben. So, during the next week I want to finish lwres adaptation (liblwres/lwresd modifications + rc.d script for lwresd) and continue with capsicumization of simple network utilities (netcat, ping and friends). Also I hope to switch to much more recent FreeBSD source by using Jonathan's repos. --=20 Regards, Ilya Bakulin http://kibab.com xmpp://kibab612@jabber.ru --------------enig6AC17DEFDD6224C18402679E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4bULoACgkQo9vlj1oadwgbBgCgjx6vHBAAp4eJl4PBO4qLL4dE +UYAnimO7m1YSWAkWfU1ela/tQgiGcxF =cY+w -----END PGP SIGNATURE----- --------------enig6AC17DEFDD6224C18402679E--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E1B50B5.6080706>