Date: Sun, 23 Jan 2011 04:12:51 +0100 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-arch@freebsd.org Subject: Re: Capsicum -- 9.x merge in sight Message-ID: <ihg6c2$hv2$1@dough.gmane.org> In-Reply-To: <alpine.BSF.2.00.1101221506260.83042@fledge.watson.org> References: <alpine.BSF.2.00.1101221506260.83042@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22.1.2011 16:25, Robert Watson wrote: > > Dear all: > > As many of you will now have heard, the Computer Laboratory at the > University of Cambridge and Google have been collaborating for the last > few years on a security research project called Capsicum. It consists of > a set of extensions to the POSIX API adding a new "capability mode", > "capabilities", "process descriptors", and several other additions > required to implement a capability-oriented sandbox model in UNIX. These Hello, How is Capsicum positioned, from user & admin perspective, when compared to the MAC work on FreeBSD and SELinux on Linux? Is one the superset of another, will one obsolete another? > The current plan is *not* to merge > libcapsicum, a userspace library used by certain applications to > construct sandboxes, as we feel the API remains insufficiently mature at > this point. I vaguely remember that the MAC work has never gotten as popular on FreeBSD as SELinux on Linux because it lacked user-oriented tools and documentation - is there a danger Capsicum will end up the same?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ihg6c2$hv2$1>