[capsicum] Welcome to capsicum-discuss, and what's going on...
Just a quick e-mail to test the new Capsicum discussion list, as well as to
welcome you to it. I've now linked to the list from the Capsicum web site so
this should be considered a public list!
I'll leave it to others to post about what they're up to in the Capsicum
space, but here are a few things on my general todo list over the next month:
- Prepare a camera-ready version of the USENIX Security paper, which we can
also post to the web page and to other mailing lists (such as cap-talk).
- Slide the P4 trustedbsd_capabilities branch forward to the most recent
9-CURRENT, and the SVN capabilities8 branch forward to the forthcoming
FreeBSD 8.1 release.
- Ponder cutting our own capabilities8 release ISO for 8.1, as well as
providing a pre-seeded development VM image. This would get users
bootstrapped with Capsicum much more quickly -- right now a lot of building
and updating is required to get there from a FreeBSD install, and it would
be nice to short-circuit that until such time as we have more of the
infrastructure back in the base system.
- Merge Jon's recent work to clean up and enhance the linker, directory
capabilities, etc, from trustedbsd_capabilities to capabilities8.
- Update the man pages on the web page to reflect recent work.
- Jon and I have been discussing the a longer tech report version of the
USENIX paper that would include more details about many aspects of the
Capsicum design and implementation. We'd be very happy to take feedback on
areas to flesh out -- we ended up skimming over many design elements, such
as the runtime linker, process descriptors, which system calls are limited
in capability mode and why, etc, due to length constraints.
Finally, it seems a good idea to get Capsicum developers/users/etc together in
person once in a while. The current thought is to have a meeting in about 1-2
months either at the Cambridge Computer Laboratory or at the Google London
office, perhaps early July. Most people involved in the project (by hook or
crook) are based in the UK/Europe, making either location workable.
Robert N M Watson
University of Cambridge
This archive was generated by a fusion of
Pipermail (Mailman edition) and