New FreeBSD Foundation funded project: Capsicum improvements

The FreeBSD Foundation has announced that Pawel Jakub Dawidek has been awarded a grant to develop a comprehensive userspace framework for writing Capsicum-based applications, building on the kernel features originally developed by the University of Cambridge and Google Research. Pawel was rewarded grants previously for the HAST and auditdistd projects.

This framework will include a Capsicum runtime linker and component library providing sandboxed versions of key higher-level system libraries. Components will both be sandboxed, improving resistance to vulnerabilities, and also easily available for delegation to sandboxed applications, such as the Chromium web browser. The prototype libcapsicum developed by Cambridge will be analyzed and updated based on lessons learned in implementing Capsicumised software packages, such as hastd and auditdistd. Funding for this project will be provided by the FreeBSD Foundation matched 100% by the Google Open Source Program Office, in support of open source technology transition of Capsicum.

“A continuing challenge in security is to find solutions that not only fix the problems but also can be applied to existing technologies: attractive though the notion is, we are not going to persuade the world to rewrite everything! This is why we at Google are pleased and excited to support the continuing development of Capsicum, which radically improves the security of UNIX based systems whilst allowing a continuous migration path from today’s mechanisms to tomorrow’s,”

said Ben Laurie, Google Senior Staff Software Engineer.

“I’m very excited to be able to work on Capsicum. Some of my software is already using Capsicum, so I’m fully aware of the great potential of this framework. This technology is so much superior than the current attempts to provide sandboxing using tools like chroot(2) or unprivileged user credentials. No matter how corny it sounds, I strongly believe Capsicum can make the Internet a safer place.”

said Pawel.

This project will conclude in August, 2012

BSDCan 2012 – “The technical BSD conference

Martin Cracauer, a FreeBSD developer, went to BSDCan 2012 and wrote up his experience on the Open Source at Google blog: BSDCan 2012 – “The technical BSD conference”. I’m sure this will have been read by many with an open source interst (26716 RSS followers). Good marketing!

The FreeBSD Foundation funded some FreeBSD developers’ and contributors’ travel expenses. In return they have sumarised what the did at BSDCan, how they got involved and what it means to them.

Read the feedback from:

Some of the BSDCan presentations can be viewed here, in case you missed them.

Miscelaneous News Links: auditdistd, Xorg, Linuxulator, OpenSSH

auditdistd

The auditdistd project is complete. Pawel Jakub Dawidek provides the following report regarding the project: auditdist project completed.

Xorg 7.5.2

The Xorg Team has announced the next round of Xorg updates. Phoronix’ analysis here.

Linuxulator and Linux Base

‘This week­end I made some progress in the lin­ux­u­la­tor‘.

OpenSSH

OpenSSH 6.0 has just been released.

 

FreeBSD Foundation accepting funding proposals

The FreeBSD Foundation is soliciting the submission of proposals for work relating to any of the major subsystems or infrastructure within the FreeBSD operating system. Proposals will be evaluated based on desirability, technical merit, and cost-effectiveness.

Details regarding the proposal process are contained in the Proposals Call for Submission PDF (PDF)

If interested, important dates to mark are:

  • March 12: Call for proposals begins
  • April 30: Deadline for proposal submission
  • May 30th: Notification of acceptance/denial

New FBSD Foundation projects: Grow Mounted Filesystems, and NAND Flash Support

The FreeBSD Foundation has announced it is funding two new projects:

  • Grow Mounted Filesystems
  • NAND Flash Support

Grow Mounted Filesystems

This project will focus on growing filesystems whilst mounted and add GEOM and filesystem changes that are necessary to increase the size of both UFS and ZFS filesystems while a filesystem is mounted read-write.

Check the announcement for more details: Grow Mounted Filesystems

NAND Flash Support

It was announced that Semihalf, an embedded solutions company, has been awarded a grant to bring their comprehensive NAND Flash file system and storage stack to FreeBSD. This technology enables FreeBSD to natively manage NAND Flash devices, satisfying a crucial requirement for many applications needing access to fast, reliable, non-volatile storage.

Check the announcement for more details: NAND Flash Support

FreeBSD Foundation one of 12 Initial Affiliates for OSI

Earlier this year, the Open Source Initiative (OSI) switched from a Board-only organization focused largely on licensing to a member-led organization of affiliates. The OSI Board invited the FreeBSD Foundation to its initial set of Affiliates and Justin Gibbs and Dru Lavigne from the FreeBSD Foundation have agreed to act as delegates.

Simon Phipps from the OSI announced the 12 initial affiliates at FOSDEM. In addition to the FreeBSD Foundation, the initial affiliates include: KDE, the Apache Software Foundation, the Mozilla Foundation, the Plone Foundation, Creative Commons, the Linux Foundation, Joomla, the Sahana Software Foundation, Drupal, the Eclipse Foundation, and the Wikiotics Foundation. (via)

FreeBSD 9.0 Press Release and Review

The FreeBSD Foundation has released a FreeBSD 9.0 press release: Release of FreeBSD 9.0 Delivers More Power to Serve.

Today, the FreeBSD Foundation announced the recent release of FreeBSD 9.0. FreeBSD 9.0-RELEASE raises the bar for open source operating systems in terms of file system reliability, IPv6-readiness, networking capabilities, compiler and toolchain technologies, and security. Many of its new features directly benefit system administrators, application developers, and companies that use or base their products on FreeBSD.

“FreeBSD 9.0 represents the culmination of over two years of ground-breaking work in operating system performance, reliability, and security,”

said Ken Smith, Release Engineer for the FreeBSD Project.

“We are proud to dedicate this release to the memory of Dennis M. Ritchie, one of the founding fathers of the UNIX® operating system, whose vision and work laid the foundations for FreeBSD.”

Filesystem changes in this release provide great benefits to both UFS and ZFS users. When installing with UFS, softupdates journaling (UFS+SUJ) is automatically enabled. UFS+SUJ uses an intent log which safely eliminates the need for a long filesystem check and recovery process, even after an unclean shutdown.

ZFS has been updated to version 28 which supports data deduplication, triple parity RAIDZ3, snapshot holds, log device removal, zfs diff, zpool split, zpool import -F, and read-only zpool import.

FreeBSD 9.0 also introduces the Highly Available STorage (HAST) framework which provides transparent storage of the same data across several systems connected by a TCP/IP network. In combination with other high availability features of FreeBSD like the CARP fail-over protocol, HAST makes it possible to build a highly available storage cluster that is resistant to hardware failures.

Continuing its heritage of innovating in the area of security research, FreeBSD 9.0 introduces Capsicum. Capsicum is a lightweight framework which extends a POSIX UNIX kernel to support new security capabilities and adds a userland sandbox API. Originally developed as a collaboration between the University of Cambridge Computer Laboratory and Google and sponsored by a grant from Google, FreeBSD was the prototype platform and Chromium was the prototype application. FreeBSD 9.0 provides kernel support as an experimental feature for researchers and early adopters. Application support will follow in a later FreeBSD release and there are plans to provide some initial Capsicum-protected applications in FreeBSD 9.1.

“Google is excited to see the award-winning Capsicum work incorporated in FreeBSD 9.0, bringing native capability security to mainstream UNIX for the first time,”

said Ulfar Erlingsson, Manager, Security Research at Google.

FreeBSD has been been an early adopter and active participant in the IPv6 community since FreeBSD 4.0 was released in 2000 with the KAME reference implementation of IPv4/IPv6 networking support. In addition, the FreeBSD Project has been serving releases from IPv6-enabled servers for more than 8 years and FreeBSD’s website, mailing lists, and developer infrastructure have been IPv6-enabled since 2007. FreeBSD 9.0 introduces IPv6-only snapshots which completely remove IPv4 from the operating system.

2012 has been called the ‘year of IPv6′ and “the FreeBSD project is well positioned to be one of the leaders in IPv6-Only validation work,” stated Bjoern Zeeb, member of the FreeBSD Release Engineering Team and recipient of the 2010 Itojun Service Award for his significant improvements in open source implementations of IPv6.

“The growing usage of FreeBSD’s IPv6 networking stack by appliance builders, integration of a more flexible interface configuration, and the implementation of new standards such as Secure Neighbor Discovery, DNS Options for Router Advertisements, and CPE Requirements, makes FreeBSD 9.0 the perfect open source operating system to build your IPv6 deployments and products on.”

Other new features include:

  • userland DTrace has been added to supplement kernel-level DTrace
  • the FreeBSD world and kernel can now be compiled using the BSD-licensed LLVM toolchain
  • resource limit actions can be applied to processes, users, login classes, and jails
  • the addition of a pluggable congestion framework and five new TCP congestion control algorithms
  • HPN-SSH is enabled by default and increases transfer speeds on long, high bandwidth network links
  • NFSv4 support added
  • flattened device trees (FDT) allows for hardware resource enumeration and simplifies configuration on embedded platforms

A complete list of the features in this release is available on the web at http://www.freebsd.org/releases/9.0R/relnotes.html. FreeBSD 9.0 can be downloaded for free from the FreeBSD website or purchased from FreeBSDMall.com.