Capsicum: OS capability and sandbox framework

Capsicum is a lightweight OS capability and sandbox framework developed at the University of Cambridge Computer Laboratory.

Capsicum extends the POSIX API, providing several new OS primitives to support object-capability security on UNIX-like operating systems:

  • capabilities – refined file descriptors with fine-grained rights
  • capability mode – process sandboxes that deny access to global namespaces
  • process descriptors – capability-centric process ID replacement
  • anonymous shared memory objects – an extension to the POSIX shared memory API to support anonymous swap objects associated with file descriptors (capabilities)
  • rtld-elf-cap – modified ELF run-time linker to construct sandboxed applications
  • libcapsicum – library to create and use capabilities and sandboxed components
  • libuserangel – library allowing sandboxed applications or components to interact with user angels, such as Power Boxes.
  • chromium-capsicum – a version of Google’s Chromium web browser that uses capability mode and capabilities to provide effective sandboxing of high-risk web page rendering.

Capsicum has been prototyped on FreeBSD 8.x, and the experimental code is BSD-licensed to encourage open source, research, and commercial deployment.

Don't miss