Capsicum
Capsicum
Posted Jul 23, 2015 8:46 UTC (Thu) by gasche (subscriber, #74946)In reply to: Aren't systemd's security capabilities in userspace simpler to use? by wahern
Parent article: Domesticating applications, OpenBSD style
Indeed, I was disappointed that Capsicum was not mentioned in the original article, as it is already available in FreeBSD:
https://www.cl.cam.ac.uk/research/security/capsicum/freeb...
https://www.cl.cam.ac.uk/research/security/capsicum/freeb...
It seems that the development of a Linux port is still ongoing:
https://github.com/google/capsicum-linux
but I'm worried that people would reject it as overlapping existing mechanisms (while it seems rather hard to combine the same expressivity and simplicity with existing mechanisms, bpf-seccomp included).