Date: Thu, 29 Jan 2009 23:22:55 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 156892 for review Message-ID: <200901292322.n0TNMtgL060735@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=156892 Change 156892 by rwatson@rwatson_freebsd_capabilities on 2009/01/29 23:22:42 Update TODO. Affected files ... .. //depot/projects/trustedbsd/capabilities/TODO#11 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/TODO#11 (text+ko) ==== @@ -19,6 +19,10 @@ context. Consider carefully the implications on creating binaries, ELF, etc. +- Implement libcapability, a lightweight framework for starting code in a + capability mode sandbox using fexecve(2), etc, and providing a simple + local procedure call interface to compartmentalized services. + - ... bigger and better things ... Low-level TODO list: @@ -41,7 +45,6 @@ - Refine access control on sysctl infrastructure sysctls, such as name lookup, etc. -- mmap(2) needs to look at capability masks, not just file flags to determine - maxprot. +- MAC control of capability facility. -- MAC control of capability facility. +- Implement pdwait4().help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901292322.n0TNMtgL060735>