Computer Laboratory

Capsicum: practical capabilities for UNIX

logo Capsicum for Linux

David Drysdale (Google) has announced an adaption of the Capsicum API to the Linux operating system. The implementation is against Linux 3.11.1, and derived from the FreeBSD 9.x implementation written by Robert Watson and Jonathan Anderson, as well as a prior port of Capsicum to Linux by Meredydd Luff in 2012.

Implementation status

The Capsicum-Linux patch introduces support for capability mode, capability file descriptors, and process descriptors. Capsicum for Linux is implemented using Linux Security Modules (LSM), the Linux kernel's extensible security framework. Currently, Capsicum-Linux implements the FreeBSD 9.x Capsicum API, but will be updated to the FreeBSD 10.x API soon. The Capsicum test suite has also been ported to Linux.

Getting Capsicum for Linux

Capsicum-Linux is being developed in, and distributed via, github.