svn commit: r43511 - head/en_US.ISO8859-1/htdocs/news/status

Gabor Pali pgj at FreeBSD.org
Tue Jan 14 17:04:55 UTC 2014 

Author: pgj
Date: Tue Jan 14 17:04:54 2014
New Revision: 43511
URL: http://svnweb.freebsd.org/changeset/doc/43511

Log:
  - Add 2013Q4 report on Capsicum and Casper
  
  Submitted by:	pjd

Modified:
  head/en_US.ISO8859-1/htdocs/news/status/report-2013-10-2013-12.xml

Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2013-10-2013-12.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2013-10-2013-12.xml	Tue Jan 14 16:54:02 2014	(r43510)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2013-10-2013-12.xml	Tue Jan 14 17:04:54 2014	(r43511)
@@ -19,7 +19,7 @@
 
     <!-- XXX: Keep updating the number of entries -->
     <p>Thanks to all the reporters for the excellent work!  This report
-      contains 24 entries and we hope you enjoy reading it.</p>
+      contains 25 entries and we hope you enjoy reading it.</p>
 
     <p>The deadline for submissions covering between January and
       March 2014 is April 7th, 2014.</p>
@@ -1372,4 +1372,47 @@ device vt_vga</pre>
 	<task>CJK fonts (in progress).</task>
     </help>
   </project>
+
+  <project cat='bin'>
+    <title>Capsicum and Casper</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Pawel Jakub</given>
+	  <common>Dawidek</common>
+	</name>
+	<email>pjd at FreeBSD.org</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="http://freebsdfoundation.blogspot.com/2013/12/freebsd-foundation-announces-capsicum.html"/>
+    </links>
+
+    <body>
+      <p>Capsicum is a lightweight OS capability and sandbox framework
+	implementing a hybrid capability system model.  The Casper
+	daemon enables sandboxed application to use functionality
+	normally unavailable in capability-mode sandboxes.</p>
+
+      <p>The Casper daemon, <tt>libcasper</tt>, <tt>libcapsicum(3)</tt>,
+	<tt>libnv(3)</tt> and Casper services (<tt>system.dns</tt>,
+	<tt>system.grp</tt>, <tt>system.pwd</tt>, <tt>system.random</tt>
+	and <tt>system.sysctl</tt>) have been committed to &os;
+	<tt>head</tt>.  The <tt>tcpdump(8)</tt> utility in <tt>head</tt>
+	now uses the <tt>system.dns</tt> service to do DNS lookups.  The
+	<tt>kdump(1)</tt> utility in <tt>head</tt> now uses the
+	<tt>system.pwd</tt> and <tt>system.grp</tt> services to convert
+	user and group identifiers to user and group names.</p>
+
+      <p>There is ongoing work to sandbox more applications.  If you are
+	interested in helping to make &os; more secure and would like to
+	learn about Capsicum and Casper, do not hesitate to contact
+	Pawel — he can provide candidate programs that could use
+	sandboxing.</p>
+
+      <p>The work was sponsored by The &os; Foundation.</p>
+    </body>
+  </project>
 </report>

More information about the svn-doc-head mailing list