Am 11. Juni 2016 18:31:25 MESZ, schrieb Alan Somers <>:
> On Sat, Jun 11, 2016 at 5:32 AM, Domagoj Stolfa
> <> wrote:
> > Yes, it would maybe make sense to do so. I am not too familiar with
> > capsicum(4), but glancing over it, it might be possible. If
> anything, it
> > would allow for code reuse from the OpenBSD ports and increased
> portability
> > in the future. Maybe the people who have worked with capsicum(4) or
> have
> > developed it could give some more insight on this.
> >
> I don't see how it would be possible.  Capsicum is all about file
> descriptors.  When you call cap_enter(), you give up the ability to
> access global namespaces.  For example, you can no longer open files
> (except using openat(2) for files in a subdirectory of a directory
> which is already opened).  OTOH, pledge is all about sycalls.  When
> you pledge, you give up the ability to use certain syscalls,
> regardless of what file descriptors they might involve.  So for
> example, a program that uses pledge(2) to prohibit networking syscalls
> can't simply replace pledge(2) with cap_enter(2), because it may need
> to open files after pledging.
> -Alan

Thanks for the clarification, Alan.
So pledge(2) would, if implemented in
FreeBSD, complement capsicum.
They would only overlap around file
descriptors, where capsicum could 
enforce a processes pledge like to only
ever write to one file which is its logfile.

_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Reply via email to