On Tue, Aug 27, 2013 at 11:32 AM, Joris Giovannangeli <[email protected]> wrote: > Hi, > > this week I've finished the implementation of dntpd sandboxing. You can > see the work in the dnptd branch > https://github.com/jorisgio/DragonFlyBSD/tree/dntpd > > I've split dntpd in two processes, one in capability mode, and the other > is privileged. The privileged process contains the list of names of the > ntp servers in an array. When the worker process wants to connect, it > sends a request to the privileged process using an index in the array to > identify the server. The privileged process opens an udp socket and > "connect" to the server. It sends back the file descriptor to the worker > process, with only CAP_SEND and CAP_RECV. >
That's just awesome ! > I fixed some panic I found running dntpd on a vkernel. > > During the remaining tim eof the week, I didn't wrote much code. I spent > a lot of time reading the libcapsicum and libcasper API from freeBSD > (still in development) to understand the new plans for capsicum > userspace applications. I wrote some test program and I started a port > of the libs to dragonfly (not committed yet) > > Best regards, > > Joris -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present.
