Page MenuHomeFreeBSD
Differential D50855

capsicum.4: Add some more detail from the Capsicum paper
ClosedPublic
Actions

Authored by emaste on Jun 14 2025, 6:00 PM.
Tags
None
Referenced Files
F151818791: D50855.id157171.diff
Fri, Apr 10, 9:11 PM
F151800580: D50855.id157201.diff
Fri, Apr 10, 6:31 PM
F151726261: D50855.id157201.diff
Fri, Apr 10, 7:14 AM
F151718456: D50855.id157201.diff
Fri, Apr 10, 6:09 AM
Unknown Object (File)
Thu, Apr 9, 8:38 PM
Unknown Object (File)
Wed, Apr 8, 8:47 AM
Unknown Object (File)
Tue, Apr 7, 3:19 AM
Unknown Object (File)
Mon, Apr 6, 11:21 AM
View All Files
Subscribers
imp
jonathan
lattera-gmail.com
markj
ziaee

Details

Reviewers
rwatson
markj
Group Reviewers
capsicum
Commits
rGce1af6eb54a4: capsicum.4: Add some more detail from the Capsicum paper
rGc54534e60263: capsicum.4: Add some more detail from the Capsicum paper
Summary
Adapt some language based on "Capsicum: practical capabilities for UNIX"
https://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste created this revision.Jun 14 2025, 6:00 PM
Herald added a subscriber: ziaee. · View Herald TranscriptJun 14 2025, 6:00 PM
emaste requested review of this revision.Jun 14 2025, 6:00 PM
emaste updated this revision to Diff 157171.Jun 17 2025, 1:18 PM
emaste added a subscriber: lattera-gmail.com.

Add reference to paper

@lattera-gmail.com we've had some discussion on the challenges in adapting or designing software for sandboxing, and we haven't had great documentation on that. Would you have a look at this patch and let me know if this is a start to make some of the concepts more clear?

Herald added a subscriber: jonathan. · View Herald TranscriptJun 17 2025, 1:18 PM
emaste added inline comments.Jun 17 2025, 1:52 PM
share/man/man4/capsicum.4
189

(applied locally)

markj added a subscriber: markj.Jun 17 2025, 4:00 PM
markj added inline comments.
share/man/man4/capsicum.4
77

These numbers are a bit outdated: the number of MIBs is device-dependent (my laptop has something like 15,000) and I see something like 60 references to CTLFLAG_CAPRD in main.

emaste updated this revision to Diff 157200.Jun 17 2025, 4:06 PM

Update sysctl numbers

share/man/man4/capsicum.4
77

Huh sysctl -aN | wc -l on my laptop is 19463.

markj accepted this revision.Jun 17 2025, 4:07 PM
This revision is now accepted and ready to land.Jun 17 2025, 4:07 PM
Closed by commit rGc54534e60263: capsicum.4: Add some more detail from the Capsicum paper (authored by emaste). · Explain WhyJun 17 2025, 4:11 PM
This revision was automatically updated to reflect the committed changes.
emaste added a commit: rGc54534e60263: capsicum.4: Add some more detail from the Capsicum paper.
Herald added a subscriber: imp. · View Herald TranscriptJun 17 2025, 4:11 PM
emaste added a commit: rGce1af6eb54a4: capsicum.4: Add some more detail from the Capsicum paper.Jul 22 2025, 8:31 PM

Revision Contents
Changeset List

PathSize
share/
man/
man4/
47 lines

Diff 157201

View Options

share/man/man4/capsicum.4

Loading...