FreeBSD Capsicum article

I will start with a digression from the topic of the article.

Modern OSes provides different mechanisms to isolate userland applications from each other. This is important because the CPU provides only limited protections which mostly protects from the basic improper access. The recent vulnerabi...

Continue reading...

Introduction

Before the MAC kernel module will be able to get into process of securing the system, some initial configuration must be loaded. The configuration can be build in during compilation or read from the filesystem. For instance, the OpenBSD PF firewall kernel module have pfctl(8) userla...

Continue reading...

Introduction

In this part there will be observed the advanced options of module initialization and why it is important. Also, the first attempt to use MAC framework in practice was made.

MAC Framework loading/unloading

MAC framework initialization allow to customize initialization of the modul...

Continue reading...

Introduction

In the series of articles titled "FreeBSD MAC framework" I would like to use the kernel programming interface (TrustedBSD) Mandatory Access Control in practice and share some information and results. In this post will be said about the basic initialization of the module, where to fi...

Continue reading...