Date: Thu, 14 Jul 2011 21:32:22 +0100 From: "Robert N. M. Watson" <rwatson@FreeBSD.org> To: Ilya Bakulin <webmaster@kibab.com> Cc: Jonathan Anderson <jonathan.anderson@cl.cam.ac.uk>, soc-status@freebsd.org, Ben Laurie <benl@google.com> Subject: Re: [Status Update] Capsicum adaptation project: Week 7 Message-ID: <9CADFD9D-C5DA-4C52-A45F-5136BCA8C0D4@FreeBSD.org> In-Reply-To: <4E1B50B5.6080706@kibab.com> References: <4E1B50B5.6080706@kibab.com>
next in thread | previous in thread | raw e-mail | index | archive | help
BTW, it might be useful to also send out your status reports on the = Capsicum mailing list -- I think folks there would be very interested. Robert On 11 Jul 2011, at 20:36, Ilya Bakulin wrote: > Hi, > this is the sixth update for Capsicum adaptation project. >=20 > During last week I have finally started an open discussion about > applications that need to receive capsicum support in the base system. > Then I've started working on adapting lightweight resolver daemon for > using it with sandboxed apps to provide safe name resolution service. > Some design decisions are still under discussion, but I'm sure that we > will find a good solution this week. > I have switched to p4 version of FreeBSD-capabilities, because that's > the only version that has libcapsicum and modified procstat utility. > Using it I have examined child process of modified syslogd, found = leaked > file descriptors and fixed this, and also added capability constraints > on files and sockets that are opened by syslogd child. > At the same time I tried to build FreeBSD-Capabilities branch from > Jonathan's git repo, and finally it was successful (with minor > patching). Maybe I will try to use this repo and libcapsicum port = (also > from Jonathan's github repo) to work further, but I need to discuss = this > with Robert, Jonathan and Ben. >=20 > So, during the next week I want to finish lwres adaptation > (liblwres/lwresd modifications + rc.d script for lwresd) and continue > with capsicumization of simple network utilities (netcat, ping and > friends). Also I hope to switch to much more recent FreeBSD source by > using Jonathan's repos. >=20 > --=20 > Regards, > Ilya Bakulin > http://kibab.com > xmpp://kibab612@jabber.ru >=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9CADFD9D-C5DA-4C52-A45F-5136BCA8C0D4>