Date: Wed, 2 Mar 2011 11:20:01 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: arch@FreeBSD.org Cc: cl-capsicum-discuss@lists.cam.ac.uk, current@FreeBSD.org Subject: Capsicum merge in progress (was: Re: Capsicum -- 9.x merge in sight) Message-ID: <alpine.BSF.2.00.1103021115490.52352@fledge.watson.org> In-Reply-To: <alpine.BSF.2.00.1101221506260.83042@fledge.watson.org>
index | next in thread | previous in thread | raw e-mail
On Sat, 22 Jan 2011, Robert Watson wrote: > Jon and my current plan is to merge, over the next few months, various > kernel features required to support Capscium sandboxing for FreeBSD 9.0: > first capability mode support (this week), then capabilities themselves > (which are a form of file descriptor in Capsicum), followed by process > descriptors (a file descriptor alternative to process IDs that may be used > by supporting applications). The current plan is *not* to merge > libcapsicum, a userspace library used by certain applications to construct > sandboxes, as we feel the API remains insufficiently mature at this point. > However, the Capsicum system calls can still be used directly by > applications, including Chromium. We would distribute libcapsicum as a > package alongside 9.0, just not as a supported OS API for the time being. FYI: Jon and I have now started the merge; I committed basic kernel capability mode support yesterday (cap_enter(2), cap_getmode(2), new errno values, capabilities.conf). Over the next few weeks we'll merge man pages, additional kernel support for capability mode and capabilities, including delegated file system subtrees in capability mode, cap_new(2) and friends, process descriptors, and so on. Kernel support for these features will remain conditional on compiling in options CAPABILITIES (and later options PROCDESC) for the time being. Roberthome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1103021115490.52352>