Capsicum: practical capabilities for UNIX
Abstract
Capsicum is a lightweight operating system capabil-
ity and sandbox framework planned for inclusion in
FreeBSD 9. Capsicum extends, rather than replaces,
UNIX APIs, providing new kernel primitives (sandboxed
capability mode and capabilities) and a userspace sand-
box API. These tools support compartmentalisation of
monolithic UNIX applications into logical applications,
an increasingly common goal supported poorly by dis-
cretionary and mandatory access control. We demon-
strate our approach by adapting core FreeBSD utilities
and Google’s Chromium web browser to use Capsicum
primitives, and compare the complexity and robustness
of Capsicum with other sandboxing techniques.