Capsicum: practical capabilities for UNIX
Abstract
Capsicum is a lightweight operating system capabil-
ity and sandbox framework planned for inclusion in
FreeBSD 9. Capsicum extends, rather than replaces,
UNIX APIs, providing new kernel primitives (sandboxed
capability mode and capabilities) and a userspace sand-
box API. These tools support compartmentalisation of
monolithic UNIX applications into logical applications,
an increasingly common goal supported poorly by dis-
cretionary and mandatory access control. We demon-
strate our approach by adapting core FreeBSD utilities
and Google’s Chromium web browser to use Capsicum
primitives, and compare the complexity and robustness
of Capsicum with other sandboxing techniques.
ity and sandbox framework planned for inclusion in
FreeBSD 9. Capsicum extends, rather than replaces,
UNIX APIs, providing new kernel primitives (sandboxed
capability mode and capabilities) and a userspace sand-
box API. These tools support compartmentalisation of
monolithic UNIX applications into logical applications,
an increasingly common goal supported poorly by dis-
cretionary and mandatory access control. We demon-
strate our approach by adapting core FreeBSD utilities
and Google’s Chromium web browser to use Capsicum
primitives, and compare the complexity and robustness
of Capsicum with other sandboxing techniques.