New FreeBSD Foundation funded project: Capsicum improvements

The FreeBSD Foundation has announced that Pawel Jakub Dawidek has been awarded a grant to develop a comprehensive userspace framework for writing Capsicum-based applications, building on the kernel features originally developed by the University of Cambridge and Google Research. Pawel was rewarded grants previously for the HAST and auditdistd projects.

This framework will include a Capsicum runtime linker and component library providing sandboxed versions of key higher-level system libraries. Components will both be sandboxed, improving resistance to vulnerabilities, and also easily available for delegation to sandboxed applications, such as the Chromium web browser. The prototype libcapsicum developed by Cambridge will be analyzed and updated based on lessons learned in implementing Capsicumised software packages, such as hastd and auditdistd. Funding for this project will be provided by the FreeBSD Foundation matched 100% by the Google Open Source Program Office, in support of open source technology transition of Capsicum.

“A continuing challenge in security is to find solutions that not only fix the problems but also can be applied to existing technologies: attractive though the notion is, we are not going to persuade the world to rewrite everything! This is why we at Google are pleased and excited to support the continuing development of Capsicum, which radically improves the security of UNIX based systems whilst allowing a continuous migration path from today’s mechanisms to tomorrow’s,”

said Ben Laurie, Google Senior Staff Software Engineer.

“I’m very excited to be able to work on Capsicum. Some of my software is already using Capsicum, so I’m fully aware of the great potential of this framework. This technology is so much superior than the current attempts to provide sandboxing using tools like chroot(2) or unprivileged user credentials. No matter how corny it sounds, I strongly believe Capsicum can make the Internet a safer place.”

said Pawel.

This project will conclude in August, 2012

BSDCan 2012 – “The technical BSD conference

Martin Cracauer, a FreeBSD developer, went to BSDCan 2012 and wrote up his experience on the Open Source at Google blog: BSDCan 2012 – “The technical BSD conference”. I’m sure this will have been read by many with an open source interst (26716 RSS followers). Good marketing!

The FreeBSD Foundation funded some FreeBSD developers’ and contributors’ travel expenses. In return they have sumarised what the did at BSDCan, how they got involved and what it means to them.

Read the feedback from:

Some of the BSDCan presentations can be viewed here, in case you missed them.

Miscelaneous News Links: auditdistd, Xorg, Linuxulator, OpenSSH

auditdistd

The auditdistd project is complete. Pawel Jakub Dawidek provides the following report regarding the project: auditdist project completed.

Xorg 7.5.2

The Xorg Team has announced the next round of Xorg updates. Phoronix’ analysis here.

Linuxulator and Linux Base

‘This week­end I made some progress in the lin­ux­u­la­tor‘.

OpenSSH

OpenSSH 6.0 has just been released.

 

FreeBSD Foundation accepting funding proposals

The FreeBSD Foundation is soliciting the submission of proposals for work relating to any of the major subsystems or infrastructure within the FreeBSD operating system. Proposals will be evaluated based on desirability, technical merit, and cost-effectiveness.

Details regarding the proposal process are contained in the Proposals Call for Submission PDF (PDF)

If interested, important dates to mark are:

  • March 12: Call for proposals begins
  • April 30: Deadline for proposal submission
  • May 30th: Notification of acceptance/denial

New FBSD Foundation projects: Grow Mounted Filesystems, and NAND Flash Support

The FreeBSD Foundation has announced it is funding two new projects:

  • Grow Mounted Filesystems
  • NAND Flash Support

Grow Mounted Filesystems

This project will focus on growing filesystems whilst mounted and add GEOM and filesystem changes that are necessary to increase the size of both UFS and ZFS filesystems while a filesystem is mounted read-write.

Check the announcement for more details: Grow Mounted Filesystems

NAND Flash Support

It was announced that Semihalf, an embedded solutions company, has been awarded a grant to bring their comprehensive NAND Flash file system and storage stack to FreeBSD. This technology enables FreeBSD to natively manage NAND Flash devices, satisfying a crucial requirement for many applications needing access to fast, reliable, non-volatile storage.

Check the announcement for more details: NAND Flash Support

FreeBSD Foundation one of 12 Initial Affiliates for OSI

Earlier this year, the Open Source Initiative (OSI) switched from a Board-only organization focused largely on licensing to a member-led organization of affiliates. The OSI Board invited the FreeBSD Foundation to its initial set of Affiliates and Justin Gibbs and Dru Lavigne from the FreeBSD Foundation have agreed to act as delegates.

Simon Phipps from the OSI announced the 12 initial affiliates at FOSDEM. In addition to the FreeBSD Foundation, the initial affiliates include: KDE, the Apache Software Foundation, the Mozilla Foundation, the Plone Foundation, Creative Commons, the Linux Foundation, Joomla, the Sahana Software Foundation, Drupal, the Eclipse Foundation, and the Wikiotics Foundation. (via)