Am 11. Juni 2016 12:38:34 MESZ, schrieb Wolfgang Zenker <wolfg...@lyxys.ka.sub.org>: > Hi, > > * Domagoj Stolfa <domagoj.sto...@gmail.com> [160611 02:47]: > > Has there been discussion on the OpenBSD's pledge going into the > FreeBSD > > kernel as an atomic syscall or as a MAC plugin? > > I don't remember any discussions about this, but looking at OpenBSDs > plege(2) manpage, isn't this something going in the same direction > as the capsicum(4) framework, just with a much more simplistic > interface? > > Wolfgang > One could argue it's a much easier to use interface: "453 out of 707 base system binaries were adapted to use pledge [in 5.9]" [1]. The "Capsicum for FreeBSD" page at can.ac.uk lists 14 binaries in FreeBSD's base [2].
It might be possible to put a pledge compatible layer on top of capsicum to reuse OpenBSD's patches for ports and shared code in base but I know way too less about both mechanisms to even make an educated guess. Regards, Florian [1]: http://www.openbsd.org/59.html [2]: https://www.cl.cam.ac.uk/research/security/capsicum/freebsd.html _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
