You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Capsicum's model is to block access to global namespaces. But important operations like gethostbynbame and sysctlbyname operate on global namespaces only. So to sandbox that, Capsicum uses the technique of privilege separation. Through libcasper(3) it forks child processes to deal with stuff like that. We should provide bindings for libcasper and the most important casper services. I've already got a start on this.
The text was updated successfully, but these errors were encountered:
Well, nobody will ever use libcasper without using capsicum. There are, however, plenty of use cases for capsicum that don't require libcasper. But shorn of its services, libcasper is pretty small. IMHO it doesn't require a standalone crate. What about adding it to capsicum-rs, but gated by a feature flag?
Thanks for the explanation. I've only ever used capsicum (I recognize that that's a bit weird 😆). I think a feature flag makes a lot of sense, but it's probably worthwhile to add it to the default-features?
I don't think we should put it in default-features, because that will link libcasper.so into applications that don't need it. See #35 for the implementation.
Capsicum's model is to block access to global namespaces. But important operations like
gethostbynbame
andsysctlbyname
operate on global namespaces only. So to sandbox that, Capsicum uses the technique of privilege separation. Through libcasper(3) it forks child processes to deal with stuff like that. We should provide bindings for libcasper and the most important casper services. I've already got a start on this.The text was updated successfully, but these errors were encountered: