capsicum.4: Add some more detail from the Capsicum paper
ClosedPublic
Actions

Authored by emaste on Jun 14 2025, 6:00 PM.

Details

Reviewers

rwatson
markj

Group Reviewers

capsicum

Commits

rGce1af6eb54a4: capsicum.4: Add some more detail from the Capsicum paper
rGc54534e60263: capsicum.4: Add some more detail from the Capsicum paper

Summary

Adapt some language based on "Capsicum: practical capabilities for UNIX"
https://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

emaste created this revision.Jun 14 2025, 6:00 PM

Herald added a subscriber: ziaee. · View Herald TranscriptJun 14 2025, 6:00 PM

emaste requested review of this revision.Jun 14 2025, 6:00 PM

Add reference to paper

@lattera-gmail.com we've had some discussion on the challenges in adapting or designing software for sandboxing, and we haven't had great documentation on that. Would you have a look at this patch and let me know if this is a start to make some of the concepts more clear?

Herald added a subscriber: jonathan. · View Herald TranscriptJun 17 2025, 1:18 PM

emaste added inline comments.Jun 17 2025, 1:52 PM

share/man/man4/capsicum.4
189	(applied locally)

markj added a subscriber: markj.Jun 17 2025, 4:00 PM

markj added inline comments.

share/man/man4/capsicum.4
77	These numbers are a bit outdated: the number of MIBs is device-dependent (my laptop has something like 15,000) and I see something like 60 references to CTLFLAG_CAPRD in main.