PERFORCE change 156892 for review
Robert Watson
rwatson at FreeBSD.org
Thu Jan 29 15:22:59 PST 2009
http://perforce.freebsd.org/chv.cgi?CH=156892
Change 156892 by rwatson at rwatson_freebsd_capabilities on 2009/01/29 23:22:42
Update TODO.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/TODO#11 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/TODO#11 (text+ko) ====
@@ -19,6 +19,10 @@
context. Consider carefully the implications on creating binaries, ELF,
etc.
+- Implement libcapability, a lightweight framework for starting code in a
+ capability mode sandbox using fexecve(2), etc, and providing a simple
+ local procedure call interface to compartmentalized services.
+
- ... bigger and better things ...
Low-level TODO list:
@@ -41,7 +45,6 @@
- Refine access control on sysctl infrastructure sysctls, such as name
lookup, etc.
-- mmap(2) needs to look at capability masks, not just file flags to determine
- maxprot.
+- MAC control of capability facility.
-- MAC control of capability facility.
+- Implement pdwait4().
More information about the p4-projects
mailing list