On Thu, Jun 5, 2014 at 6:40 AM, David Drysdale <drysdale@xxxxxxxxxx> wrote: > Resending, adding cc:linux-api. > > Also, it may help to add a little more background -- this patch is > needed as a (small) part of implementing Capsicum in the Linux kernel. > > Capsicum is a security framework that has been present in FreeBSD since > version 9.0 (Jan 2012), and is based on concepts from object-capability > security [1]. > > One of the features of Capsicum is capability mode, which locks down > access to global namespaces such as the filesystem hierarchy. In > capability mode, /proc is thus inaccessible and so fexecve(3) doesn't > work -- hence the need for a kernel-space alternative. > > [1] http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf Thanks for reposting! I think it'd be quite helpful to have this available for very tightly confined sandboxes. And in a larger sense, Capsicum itself is an interesting way to do programmatic isolation. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
