From owner-soc-status@FreeBSD.ORG Thu Jul 14 20:33:12 2011 Return-Path: Delivered-To: soc-status@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1732A106564A for ; Thu, 14 Jul 2011 20:33:12 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id E5EE18FC19 for ; Thu, 14 Jul 2011 20:33:11 +0000 (UTC) Received: from host49.msm.che.vodafone (unknown [212.183.140.60]) by cyrus.watson.org (Postfix) with ESMTPSA id AD44546B0A; Thu, 14 Jul 2011 16:32:59 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Robert N. M. Watson" In-Reply-To: <4E1B50B5.6080706@kibab.com> Date: Thu, 14 Jul 2011 21:32:22 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <9CADFD9D-C5DA-4C52-A45F-5136BCA8C0D4@FreeBSD.org> References: <4E1B50B5.6080706@kibab.com> To: Ilya Bakulin X-Mailer: Apple Mail (2.1084) Cc: Jonathan Anderson , soc-status@freebsd.org, Ben Laurie Subject: Re: [Status Update] Capsicum adaptation project: Week 7 X-BeenThere: soc-status@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Summer of Code Status Reports and Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2011 20:33:12 -0000 BTW, it might be useful to also send out your status reports on the = Capsicum mailing list -- I think folks there would be very interested. Robert On 11 Jul 2011, at 20:36, Ilya Bakulin wrote: > Hi, > this is the sixth update for Capsicum adaptation project. >=20 > During last week I have finally started an open discussion about > applications that need to receive capsicum support in the base system. > Then I've started working on adapting lightweight resolver daemon for > using it with sandboxed apps to provide safe name resolution service. > Some design decisions are still under discussion, but I'm sure that we > will find a good solution this week. > I have switched to p4 version of FreeBSD-capabilities, because that's > the only version that has libcapsicum and modified procstat utility. > Using it I have examined child process of modified syslogd, found = leaked > file descriptors and fixed this, and also added capability constraints > on files and sockets that are opened by syslogd child. > At the same time I tried to build FreeBSD-Capabilities branch from > Jonathan's git repo, and finally it was successful (with minor > patching). Maybe I will try to use this repo and libcapsicum port = (also > from Jonathan's github repo) to work further, but I need to discuss = this > with Robert, Jonathan and Ben. >=20 > So, during the next week I want to finish lwres adaptation > (liblwres/lwresd modifications + rc.d script for lwresd) and continue > with capsicumization of simple network utilities (netcat, ping and > friends). Also I hope to switch to much more recent FreeBSD source by > using Jonathan's repos. >=20 > --=20 > Regards, > Ilya Bakulin > http://kibab.com > xmpp://kibab612@jabber.ru >=20 >=20