- Add Q2 report on the new Capsicum features SoC project
Submitted by: Mario Oshogbo <oshogbo@FreeBSD.org>
This commit is contained in:
Gabor Pali
parent
128d5c6f7a
commit
6fedc6332b
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=42213
1 changed files with 57 additions and 1 deletions
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
<!-- XXX: keep updating the number of entries -->
|
||||
<p>Thanks to all the reporters for the excellent work! This report
|
||||
contains 27 entries and we hope you enjoy reading it.</p>
|
||||
contains 28 entries and we hope you enjoy reading it.</p>
|
||||
|
||||
<!-- XXX: set date for the next set of submissions -->
|
||||
<p>The deadline for submissions covering between July and September 2013
|
||||
|
|
@ -1523,4 +1523,60 @@ functionality through <tt>pkg(8)</tt>.</task>
|
|||
<task>Merge remaining changes into <tt>head</tt>.</task>
|
||||
</help>
|
||||
</project>
|
||||
|
||||
<project cat='soc'>
|
||||
<title>New Capsicum Features</title>
|
||||
|
||||
<contact>
|
||||
<person>
|
||||
<name>
|
||||
<given>Mariusz</given>
|
||||
<common>Zaborski</common>
|
||||
</name>
|
||||
<email>oshogbo@FreeBSD.org</email>
|
||||
</person>
|
||||
|
||||
<person>
|
||||
<name>
|
||||
<given>Pawel Jakub</given>
|
||||
<common>Dawidek</common>
|
||||
</name>
|
||||
<email>pjd@FreeBSD.org</email>
|
||||
</person>
|
||||
</contact>
|
||||
|
||||
<links>
|
||||
<url href="https://wiki.freebsd.org/SummerOfCode2013/CapsicumFeatures"/>
|
||||
</links>
|
||||
|
||||
<body>
|
||||
<p>Capsicum is a lightweight OS capability and sandboxing
|
||||
framework implemented in &os;. This is still a new technology,
|
||||
so there is a lot of space for improvements. Thanks to the
|
||||
Google Summer of Code program and Pawel Jakub Dawidek for
|
||||
volunteering as mentor, Mariusz will have the chance to work on
|
||||
this project in the summer.</p>
|
||||
|
||||
<p>The work on sandboxing the <tt>rwho(1)</tt> and
|
||||
<tt>rwhod(8)</tt> utilities was completed recently. There is
|
||||
also a plan to implement two new modules for Casper. Casper is
|
||||
a daemon to provide services for applications using Capsicum's
|
||||
capability mode. Some experimentation with implementing two new
|
||||
capability rights is in progress, so as porting one more program
|
||||
to use the existing features of the Capsicum framework.</p>
|
||||
</body>
|
||||
|
||||
<help>
|
||||
<task><tt>system.unix</tt> — a Casper module provides
|
||||
connect and listen on Unix domain socket.</task>
|
||||
|
||||
<task><tt>system.udp</tt> — a Casper module enabling
|
||||
connect, listen, sending and receive UDP packages.</task>
|
||||
|
||||
<task>Implementing sandboxing for <tt>fetch(1)</tt>.</task>
|
||||
|
||||
<task>Introduce new capability rights: <tt>CAP_SEND_RIGHTS</tt>
|
||||
and <tt>CAP_RECV_RIGHTS</tt>.</task>
|
||||
</help>
|
||||
</project>
|
||||
</report>
|
||||
|
|
|
|||
Loading…
Reference in a new issue