Capsicum GSOC project

Joris GIOVANNANGELI joris at
Thu Jun 6 13:08:26 PDT 2013


i'm part of GSOC this year, and i will work on an implementation of 
Capsicum kernel APIs for DragonFly.


Capsicum is a fine grained capability framework for unix systems. It can 
be use to sandbox applications by restricting their access to various 
global namespaces. While DAC and unix rights grant access at the user 
level, capscium is designed to implement security policies at the 
application or library level. Unlike MAC frameworks (SELinux, AppArmor, 
...) where access profile is configured out of the code, capsicum 
sandboxing policy might directly be built in the application itself. 
Capsicum is currently implemented in the FreeBSD kernel, and some work 
is ongoing on the linux side.


I plan to work on 3 main subprojects :
     - capabilities : rights attached to file descriptors. Each 
operation on a filedescriptor is check against the set of rigths the 
filedescriptor carries. If the filedescriptor has not enougth rights, 
the operation fails. Typical capabilities are CAP_READ, CAP_WRITE, 
     - capability mode : a credential flag is add to each process. When 
in capability mode, to determine wether the capabilities are taken in 
consideration or not. When a process has been put in capability mode, it 
cannot exit the sandbox by itself, and it cannot gain new capabilities 
by itself, except by the use of  *at syscalls (e.g openat). New 
capabilities can be granted to a process.
     - process descriptors : add support for a new type of 
filedescriptors, pointing to processes. This will permit local naming of 
processes, for sandboxing purposed, and the fork/kill operations will be 


My work will be avaible on github [1], in capsicum branch.  You can also 
read my draft proposal [2] on this list, or the last version on the 
github wiki [3]. My nick is joris on #dragonflybsd at efnet.

I'm happy to work on dragonfly this summer !



More information about the Kernel mailing list