Capsicum: Practical Capabilities for UNIX

https://www.youtube.com/watch?v=raNx9L4VH2k

There's more info out there and it was released with FreeBSD 9.

http://lackingrhoticity.blogspot.com/2010/11/introduction-to-freebsd-capsicum.html

 

Yeah i watched that talk a while back. The creator of AppArmor was in the audience and asked a question at the end (that guy now works at Microsoft and no longer develops AA).

That project appears to take the same form as SECCOMP. Capability based security. It is doubtful such a system will ever replace MAC systems, but they can work well together.

 

Yeah, there's a Linux port supposedly in the works, although it has been two years.

It would be pretty great to have it on top of the current sandbox considering the current sandbox's weaknesses.

 

Following your link there was something I hadn't heard of: http://plash.beasts.org/wiki/

Looks interesting. It basically does what AppArmor does, except it has the property of being dynamic. That is, changing rules on the fly. For instance, with AA if you want to give Firefox the ability to upload files, you need to give it access to the entire directory. With Plash, you can give it access to *only* the file you want uploaded and it will change rules on the fly. Kinda cool.

EDIT: I just asked the AA devs what they think of Plash. One responded:

So they like the idea but don't think chroot() is too secure.