1. 13

  2. 3

    This definitely sounds like something I would use. At the moment unfortunately it seems like the only way to run it is with a kernel patch to FreeBSD 9.3.0. So, it’s usable experimentally, but not something I would want to rely on “for real” (depending on tools that depend on custom patches to old versions of an OS is not a great situation to be in). I wonder if there are any odds of it being merged into -CURRENT?

    I was curious why they couldn’t build this on top of Capsaicin’s kernel-level interface (it’s at least merged, though not really “scriptable”, nor designed to run unmodified binaries). The paper has a paragraph on that:

    Capsicum extends the FreeBSD operating system with capabilities but requires programs to be rewritten to use the capability-based interfaces in order to make use of capability mode. By contrast, SHILL’s capability-based sandbox does not require executables to be aware of capabilities. In addition, SHILL capabilities are more expressive than Capsicum capabilities; for example, a SHILL capability can express the permission to create files in a directory and delete only files that were created with the capability.

    1. 1

      Reply-to-self to note that I have conflated Capsicum, a genus of plants that is also included in the FreeBSD kernel, with Capsaicin, a chemical produced by a spicy subset that genus, but not a component of FreeBSD.