Capsicum GSOC project
joris at giovannangeli.fr
Thu Jun 6 13:08:26 PDT 2013
i'm part of GSOC this year, and i will work on an implementation of
Capsicum kernel APIs for DragonFly.
Capsicum is a fine grained capability framework for unix systems. It can
be use to sandbox applications by restricting their access to various
global namespaces. While DAC and unix rights grant access at the user
level, capscium is designed to implement security policies at the
application or library level. Unlike MAC frameworks (SELinux, AppArmor,
...) where access profile is configured out of the code, capsicum
sandboxing policy might directly be built in the application itself.
Capsicum is currently implemented in the FreeBSD kernel, and some work
is ongoing on the linux side.
I plan to work on 3 main subprojects :
- capabilities : rights attached to file descriptors. Each
operation on a filedescriptor is check against the set of rigths the
filedescriptor carries. If the filedescriptor has not enougth rights,
the operation fails. Typical capabilities are CAP_READ, CAP_WRITE,
- capability mode : a credential flag is add to each process. When
in capability mode, to determine wether the capabilities are taken in
consideration or not. When a process has been put in capability mode, it
cannot exit the sandbox by itself, and it cannot gain new capabilities
by itself, except by the use of *at syscalls (e.g openat). New
capabilities can be granted to a process.
- process descriptors : add support for a new type of
filedescriptors, pointing to processes. This will permit local naming of
processes, for sandboxing purposed, and the fork/kill operations will be
My work will be avaible on github , in capsicum branch. You can also
read my draft proposal  on this list, or the last version on the
github wiki . My nick is joris on #dragonflybsd at efnet.
I'm happy to work on dragonfly this summer !
More information about the Kernel