Linux Security Summit 2014/Abstracts/Drysdale
Capsicum on Linux
David Drysdale, Google
Capsicum is a lightweight security framework, blending concepts from object-capability security with POSIX operating system semantics.
In particular, Capsicum allows the operations that can be performed on individual file descriptors to be restricted to those specified by a set of fine-grained rights.
Capsicum also implements capability mode, which restricts a process from using system calls that access global namespaces (such as the directory hierarchy or IP:port space), and so prevents access to any new resources.
The combination of these features allows security-aware applications to sandbox themselves in a precise manner, without relying on external policy.
Capsicum was originally created at the University of Cambridge Computing Laboratory  and implemented in FreeBSD 9.0. Google is currently implementing equivalent functionality for the Linux kernel.
This discussion topic covers the core concepts of Capsicum, together with the specific issues arising from the Linux kernel implementation.