[capsicum] Welcome to capsicum-discuss, and what's going on...




Dear all--

Just a quick e-mail to test the new Capsicum discussion list, as well as to welcome you to it. I've now linked to the list from the Capsicum web site so this should be considered a public list!

I'll leave it to others to post about what they're up to in the Capsicum space, but here are a few things on my general todo list over the next month:

- Prepare a camera-ready version of the USENIX Security paper, which we can
  also post to the web page and to other mailing lists (such as cap-talk).

- Slide the P4 trustedbsd_capabilities branch forward to the most recent
  9-CURRENT, and the SVN capabilities8 branch forward to the forthcoming
  FreeBSD 8.1 release.

- Ponder cutting our own capabilities8 release ISO for 8.1, as well as
  providing a pre-seeded development VM image.  This would get users
  bootstrapped with Capsicum much more quickly -- right now a lot of building
  and updating is required to get there from a FreeBSD install, and it would
  be nice to short-circuit that until such time as we have more of the
  infrastructure back in the base system.

- Merge Jon's recent work to clean up and enhance the linker, directory
  capabilities, etc, from trustedbsd_capabilities to capabilities8.

- Update the man pages on the web page to reflect recent work.

- Jon and I have been discussing the a longer tech report version of the
  USENIX paper that would include more details about many aspects of the
  Capsicum design and implementation.  We'd be very happy to take feedback on
  areas to flesh out -- we ended up skimming over many design elements, such
  as the runtime linker, process descriptors, which system calls are limited
  in capability mode and why, etc, due to length constraints.

Finally, it seems a good idea to get Capsicum developers/users/etc together in person once in a while. The current thought is to have a meeting in about 1-2 months either at the Cambridge Computer Laboratory or at the Google London office, perhaps early July. Most people involved in the project (by hook or crook) are based in the UK/Europe, making either location workable.

Thanks,

Robert N M Watson
Computer Laboratory
University of Cambridge




This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.