Skip to content

trombonehero/libcapsicum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
port
port
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README
README
 
 

Repository files navigation

This is userspace code intended to make Capsicum easy to use correctly.

NOTE: the libcapsicum API is NOT stable, and may change at ANY time.

1. Easy to Use
libcapsicum provides a higher-level API than the kernel Capsicum primitives. It should be easier to use libcapsicum to say, "I want to start a sandbox running this stuff over here" than to program to the kernel API directly.

2. Easy to Use Correctly
There are lots of gotchas when compartmentalizing software: did you close all the files that you don't want the sandbox to access? Did libraries open any files that you're not aware of? Has anything sensitive been mapped into the address space without your knowledge? libcapsicum closes all file descriptors except the ones that you explicitly delegate, and it scrubs the address space with fexecve().

About

libcapsicum, userspace tools for using Capsicum easily and effectively.

www.cl.cam.ac.uk/research/security/capsicum

Resources

Readme
Activity

Stars

5 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages