From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 7 09:13:26 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A29FB106566B; Thu, 7 Apr 2011 09:13:26 +0000 (UTC) (envelope-from webmaster@kibab.com) Received: from mx0.deglitch.com (cl-414.sto-01.se.sixxs.net [IPv6:2001:16d8:ff00:19d::2]) by mx1.freebsd.org (Postfix) with ESMTP id 594C28FC17; Thu, 7 Apr 2011 09:13:26 +0000 (UTC) Received: from zugang.kibab.com (unknown [78.110.54.255]) by mx0.deglitch.com (Postfix) with ESMTPA id C5AC08FC2D; Thu, 7 Apr 2011 13:13:24 +0400 (MSD) Received: from 139.149.1.231 (SquirrelMail authenticated user kibab) by zugang.kibab.com with HTTP; Thu, 7 Apr 2011 13:13:24 +0400 Message-ID: <8f579ecd416ebcd14db4dad6631df74c.squirrel@zugang.kibab.com> Date: Thu, 7 Apr 2011 13:13:24 +0400 From: "Ilya Bakulin" To: freebsd-hackers@freebsd.org User-Agent: SquirrelMail/1.4.21 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: rwatson@freebsd.org Subject: [GSoC] Capsicum application adaptation and core libraries X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2011 09:13:26 -0000 Hi all, some time ago I've read a paper about Capsicum (it was published at Google reseach papers page). I think that this is an interesting technology, and adopting it for use in FreeBSD base system is worth an effort. Also I see this idea as GSoC suggested idea on Ideas page [1]. So I'd like to take this as a possible GSoC project for this summer. As the task description seems to be very broad, I'd like to be more specific about what is to be done during the summer. As core Capsicum libraries will appear in FreeBSD 9 anyway, I think it's possible to take several applications from the base system and modify them to use Capsicum sandboxes. For example, the FreeBSD syslog daemon might be an interesting application to adapt to compartmentalisation model. Exact list of applications that will be adapted is to be discussed. Primary focus should be, however on "sbin" and "usr.sbin" world parts. Do you think that this work may be useful? [1] http://wiki.freebsd.org/IdeasPage#head-18b374cddb7998946780392a7f7a38848e7be27c -- Regards, Ilya Bakulin http://kibab.com xmpp://kibab612@jabber.ru