Computer Laboratory

Capsicum: practical capabilities for UNIX

logo Capsicum - Projects

There are a number of on-going projects, some listed here:

Kernel capability development - While the basic Capsicum kernel framework is now complete, maintaining and refining the current implementation is an on-going task. We anticipate that future kernel features may be required, such as a more formal notion of groupings of related sandboxed processes, in order to make garbage-collecting them on application exit easier.

libcapsicum - libcapsicum provides a variety of APIs to support application rights, including convenience functions for managing capabilities, sandbox creation and management functions, and communication primitives for linking host applications with sandboxes, such as a lightweight RPC scheme. As the complexity of consumer applications grow, we expect this library to expand, especially as relate to nested sandboxes.

User rights angels - In order to provide services to sandboxes, both simple ones such as the loading of shared libraries, and complex ones, such as user agent file selection using standard UI dialog boxes, we are creating angel processes which hold a user's rights, and grant them selectively. It is conventional to refer to a system-level server process as a 'daemon'; as a slight variation on this theme, we refer to a user's session-level capability manager as a guardian 'angel'. We are currently exploring implementing this using the KDE desktop environment.

Library self-compartmentalization - we are adapting a number of commonly-used libraries, such as compression and image processing libraries, to automatically execute risky portions of their code in capability mode sandboxes. This will allow largely or entirely unmodified applications, such as web browers, to benefit from lightweight and easy-to-deploy sandboxing.

chromium-capsicum - A capsicum-enhanced version of Google's Chromium web browser, which uses capability mode and Capsicum capabilities to replace sandboxes based on discretionary and mandatory access control techniques. The resulting sandbox is both more effective and easier to implement for this highly complex application. Available via git from github: chromium-capsicum.