Capsicum: practical capabilities for UNIX
Capsicum for DragonFlyBSD
Joris Giovannangeli has announced an adaptation of the Capsicum API to the DragonFlyBSD operating system, supported by Google Summer of Code. The implementation is derived from the FreeBSD 9.x implementation written by Robert Watson and Jonathan Anderson
Implementation status
The Capsicum for DragonFlyBSD patch introduces support for capability mode, capability file descriptors, and process descriptors. Several aspects of the patch remain experimental, including capability control of certain file operations (e.g., mmap), and process-descriptor support is considered extremely experimental. Some features, including ktrace integration, anonymous shared memory objects, and the FreeBSD 10.x API, remain in progress. The FreeBSD 9.0 Capsicum test suite passes.
Getting Capsicum for DragonFlyBSD
Capsicum-DragonFlyBSD is being developed in, and distributed via, github.