I’m pleased to announce that the work on sandboxing the
dd utility using Capsicum framework has been successfully completed and from today it’s available in FreeBSD-CURRENT.
Sometimes you want to use jails on the same hosts that do the NAT. That of course isn’t by any means a complicated task and
pf can do that very easily. The problems begin when you want to connect from one jail to a NATed IP (in the example 192.168.122.251) to a port that is redirected to another jail on the same system. Here is one of the solutions.
Ever wondered how to protect your host from malicious activity in vm guests? How to keep parts of the hypervisor running in userspace from being a source of access to underlying host? One of the layers can be sandboxing the hypervisor itself!
On Friday, 14th October, Oleksandr Tymoshenko committed an initial support for RPI3 into FreeBSD. The system is able to boot in multiuser mode with single processor. SMP is being actively worked on. For now, only the on-board Ethernet chip is supported and we will need to wait a while for a WiFi and Bluetooth support. The port is quite usable, and what’s more interesting – it’s full 64bit!
Application sandboxes are getting more and more popular. There are multiple schools and implementations. Let’s see how to use the FreeBSD’s Capsicum.