FreeBSD’s kernel provides quite sophisticated privilege model that extends the traditional UNIX user-and-group one. Here I’ll show how to leverage it to grant access to specific privileges to group of non-root users.
I’m pleased to announce that
bhyve, the FreeBSD’s hypervisor, is now sandboxed using Capsicum framework.
Mandatory Access Control (MAC) Framework is one of the less known FreeBSD features. Let’s take a look on how to use it.
Sandboxing applications using capsicum can sometimes lead to repeating some common patterns and duplicating large amounts of code. Fortunately there is an easy solution.
When the year comes to and end, it’s the final chance to help your favourite open source project!