From owner-freebsd-hackers@FreeBSD.ORG  Fri Nov 16 16:29:07 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9D1B516A47D;
	Fri, 16 Nov 2007 16:29:07 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 6222C13C469;
	Fri, 16 Nov 2007 16:29:07 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id E7429471C0;
	Fri, 16 Nov 2007 11:31:02 -0500 (EST)
Date: Fri, 16 Nov 2007 16:28:56 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Andrea Campi <andrea+freebsd_hackers@webcom.it>
In-Reply-To: <20071108140627.GI82877@webcom.it>
Message-ID: <20071116162716.D10677@fledge.watson.org>
References: <N1-_PYrd0nIeB@Safe-mail.net> <20071108140627.GI82877@webcom.it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: dexterclarke@Safe-mail.net, freebsd-hackers@freebsd.org,
	trustedbsd-discuss@freebsd.org
Subject: Re: A TrustedBSD "voluntary sandbox" policy.
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2007 16:29:07 -0000


On Thu, 8 Nov 2007, Andrea Campi wrote:

> On Wed, Nov 07, 2007 at 10:20:28PM -0500, dexterclarke@Safe-mail.net wrote:
>
>> I'm considering developing a policy/module for TrustedBSD loosely based on 
>> the systrace concept - A process loads a policy and then executes another 
>> program in a sandbox with fine grained control over what that program can 
>> do.
> ...
>> Please note that the 'policy' given on the command line is purely for the 
>> sake of example, no syntax or semantics have been decided upon.
>
> Can't comment on the implementation or wider issues, but if you pursue this, 
> please have a look at how MacOS Leopard does it (Seatbelt). Would be nice to 
> converge on both syntax (a Schema dialect) and tools names / command line 
> args--or if converging is not possible, at least know where and why and make 
> a conscious decision.

FYI, Seatbelt is based on the Mac OS X port of the TrustedBSD MAC Framework, 
which while it has some significant changes (some now present in the 8-CURRENT 
branch of FreeBSD), may well be a good starting point.  Last I checked, the 
source for Seatbelt wasn't yet available, but there was hope it would be 
available in the near future.  A port of the policy to FreeBSD sounds like it 
would be very interesting to do, and might provide a nice starting point 
rather than having to write up a policy from scratch.

Robert N M Watson
Computer Laboratory
University of Cambridge