Add basic Capsicum sandbox support.

kristapsdz / acme-client-portable

portable version of acme-client, a secure ACME client

https://kristaps.bsd.lv/acme-client

ISC License

101 stars 21 forks source link

Add basic Capsicum sandbox support. #28

Closed Freaky closed 5 years ago

Freaky commented 7 years ago

This places everything but netproc in capability mode on FreeBSD.

Lightly tested on FreeBSD 11.

kristapsdz commented 7 years ago

I'm starting to work on this on FreeBSD11. I don't understand how it worked for you at all, however. Don't you need to explicitly allow for the file descriptors used in the inter-process communication? What tests did you run?

Freaky commented 7 years ago

I'm starting to work on this on FreeBSD11.

Thanks :)

Don't you need to explicitly allow for the file descriptors used in the inter-process communication?

No. It'd probably be good to make their rights more restrictive, but there's no need to ask to make them less so.

What tests did you run?

I renewed some certificates, and watched it with ktrace to confirm it's entering the sandbox properly etc.

A proper test suite would be nice. Pebble looks interesting for this.