[147802] in cryptography@c2.net mail archive
[Cryptography] Fwd: [capsicum] capsicum-linux codebase
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Oct 22 11:20:04 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <CAHse=S8UOn6_N84Ne9WDPN6GOhg5BOnrwG2JOwwQvCxr6tffmg@mail.gmail.com>
Date: Tue, 22 Oct 2013 10:11:38 +0100
From: Ben Laurie <ben@links.org>
To: Cryptography Mailing List <cryptography@metzdowd.com>,
Crypto discussion list <cryptography@randombit.net>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============5164423473402439806==
Content-Type: multipart/alternative; boundary=001a11c3127ec83f8b04e950c9bd
--001a11c3127ec83f8b04e950c9bd
Content-Type: text/plain; charset=ISO-8859-1
Not crypto, but very much security: Capsicum is a capability system layered
on top of POSIX. It is enabled by default in FreeBSD from 9.1.
We're working on a Linux port.
---------- Forwarded message ----------
From: David Drysdale <drysdale@google.com>
Date: 22 October 2013 10:07
Subject: [capsicum] capsicum-linux codebase
To: cl-capsicum-discuss@lists.cam.ac.uk
Cc: Ben Laurie <benl@google.com>
Hi,
As some of you know, I'm working on getting Capsicum working in the Linux
kernel, based on the FreeBSD implementation and on previous work done by
Meredydd Luff in his stint as a Google intern.
If anyone is interested in the details, the Git repo is now visible at:
https://github.com/google/capsicum-linux
This is still work in progress, but I've merged Meredydd's work up to a
more recent kernel (3.11.1), and I'm slowly converging on functional
equivalence to FreeBSD 9.x -- catching up with Pawel et al's more recent
work will come later.
Along the way, I've also separated out a bunch of user-space tests for the
Capsicum syscall functionality into a separate repo at:
https://github.com/google/capsicum-test
This combines both the FreeBSD test cases and Meredydd's test code with a
few extras, but I've pulled it into a separate repo to make it easy to run
on both Linux and FreeBSD, to allow cross-comparison. It may potentially
also be useful for other Capsicum port efforts (although as above, it's
targeted at the level of function in FreeBSD 9.x, not 10.x).
Let me know if you have any questions,
David
--001a11c3127ec83f8b04e950c9bd
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Not crypto, but very much security: Capsicum is a capabili=
ty system layered on top of POSIX. It is enabled by default in FreeBSD from=
9.1.<div><br></div><div>We're working on a Linux port.<br><br><div cla=
ss=3D"gmail_quote">
---------- Forwarded message ----------<br>From: <b class=3D"gmail_senderna=
me">David Drysdale</b> <span dir=3D"ltr"><<a href=3D"mailto:drysdale@goo=
gle.com">drysdale@google.com</a>></span><br>Date: 22 October 2013 10:07<=
br>
Subject: [capsicum] capsicum-linux codebase<br>To: <a href=3D"mailto:cl-cap=
sicum-discuss@lists.cam.ac.uk">cl-capsicum-discuss@lists.cam.ac.uk</a><br>C=
c: Ben Laurie <<a href=3D"mailto:benl@google.com">benl@google.com</a>>=
;<br>
<br><br><div dir=3D"ltr"><span style=3D"font-family:arial,sans-serif;font-s=
ize:13px">Hi,</span><div style=3D"font-family:arial,sans-serif;font-size:13=
px"><br></div><div style=3D"font-family:arial,sans-serif;font-size:13px">As=
some of you know, I'm working on getting Capsicum working in the Linux=
kernel, based on the FreeBSD implementation and on previous work done by M=
eredydd Luff in his stint as a Google intern.</div>
<div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s=
tyle=3D"font-family:arial,sans-serif;font-size:13px">If anyone is intereste=
d in the details, the Git repo is now visible at:</div><div style=3D"font-f=
amily:arial,sans-serif;font-size:13px">
=A0=A0<a href=3D"https://github.com/google/capsicum-linux" target=3D"_blank=
">https://github.com/google/capsicum-linux</a></div><div style=3D"font-fami=
ly:arial,sans-serif;font-size:13px"><br></div><div style=3D"font-family:ari=
al,sans-serif;font-size:13px">
This is still work in progress, but I've merged Meredydd's work up =
to a more recent kernel (3.11.1), and I'm slowly converging on function=
al equivalence to FreeBSD 9.x -- catching up with Pawel et al's more re=
cent work will come later.</div>
<div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s=
tyle=3D"font-family:arial,sans-serif;font-size:13px">Along the way, I'v=
e also separated out a bunch of user-space tests for the Capsicum syscall f=
unctionality into a separate repo at:</div>
<div style=3D"font-family:arial,sans-serif;font-size:13px">=A0=A0<a href=3D=
"https://github.com/google/capsicum-test" target=3D"_blank">https://github.=
com/google/capsicum-test</a></div><div style=3D"font-family:arial,sans-seri=
f;font-size:13px">
<br></div><div style=3D"font-family:arial,sans-serif;font-size:13px">This c=
ombines both the FreeBSD test cases and Meredydd's test code with a few=
extras, but I've pulled it into a separate repo to make it easy to run=
on both Linux and FreeBSD, to allow cross-comparison. =A0It may potentiall=
y also be useful for other Capsicum port efforts (although as above, it'=
;s targeted at the level of function in FreeBSD 9.x, not 10.x).</div>
<div style=3D"font-family:arial,sans-serif;font-size:13px"><br></div><div s=
tyle=3D"font-family:arial,sans-serif;font-size:13px">Let me know if you hav=
e any questions,</div><div style=3D"font-family:arial,sans-serif;font-size:=
13px">
<br></div><div style=3D"font-family:arial,sans-serif;font-size:13px">David<=
/div></div>
</div><br></div></div>
--001a11c3127ec83f8b04e950c9bd--
--===============5164423473402439806==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============5164423473402439806==--
