I’m pleased to announce that the work on sandboxing the dd utility using Capsicum framework has been successfully completed and from today it’s available in FreeBSD-CURRENT.

Sandboxing base utilities increases the security of all tools using them. dd is often used when working with images and Capsicum provides additional layer of protection from malicious actions.
I hope to see it in the 11.1-RELEASE sometime in the next year.

I continue to work on sandboxing bhyve and other utilities from base system.

The work was sponsored by Mysterious Code Ltd.