capsicum

If you mix capsicum with jails, zfs, geli, pf. .

What can cgroups and namespaces do that rctl and capsicum can't? I assume with namespaces you can have multiple processes running with the same PID?

I see capsicum as something to help bridge the gap between "I don't think there are any bugs in here" and "this program is safe to run".

Some of the common answers to that question are clang/llvm, ZFS, DTrace, pf, superpages, geom, journalled softupdates, and capsicum.

And my point is that capsicum is a way to impose boundaries between different parts of a single application.

Uk/research/security/capsicum/ Also, for those who don't know, Colin sometimes takes consulting gigs. I worked with him earlier this year; easily the best thousand Canadian dollars I've ever spent.

FreeBSD's 'capsicum' and Linux's 'seccomp' look like they can conceptually do the same thing, but afaict there isn't yet a good command-line interface to them that lets you drop privileges of unmodified binaries.

I don't know if it will get in FreeBSD 10, I'm not a freeBSD guy, but you can be sure there are still a lot of work dedicated to capsicum ! After the basic kernel API and libs has been stabilized, it will still need work to convert applications to capsicum before you can consider capsicum as a deployed security mechanism in FreeBSD.