Hi, this week I've finished the implementation of dntpd sandboxing. You can see the work in the dnptd branch https://github.com/jorisgio/DragonFlyBSD/tree/dntpd
I've split dntpd in two processes, one in capability mode, and the other is privileged. The privileged process contains the list of names of the ntp servers in an array. When the worker process wants to connect, it sends a request to the privileged process using an index in the array to identify the server. The privileged process opens an udp socket and "connect" to the server. It sends back the file descriptor to the worker process, with only CAP_SEND and CAP_RECV. I fixed some panic I found running dntpd on a vkernel. During the remaining tim eof the week, I didn't wrote much code. I spent a lot of time reading the libcapsicum and libcasper API from freeBSD (still in development) to understand the new plans for capsicum userspace applications. I wrote some test program and I started a port of the libs to dragonfly (not committed yet) Best regards, Joris
