My latest work in progress… sandboxing content with Capsicum capability mode on FreeBSD.
The idea behind Capsicum is treating file descriptors as capabilities. Once a process enters capability mode, it's in a very tight sandbox that does not have any access whatsoever to "global namespaces" — no
connect, nothing like that — you can only derive new file descriptors from the ones you have:
openat (open below a directory if you have the directory opened),
connectat and other
recvmsg (IPC fd-passing),
dup and so on. Descriptors can have additional irreversible restrictions imposed by
cap_rights_limit, and these limits are inherited all the way (e.g. if a directory fd was limited to not having
CAP_WRITE, you won't be able to write to anything you
openat from that directory).
Most software was not written in this capability style unfortunately, so we have to
LD_PRELOAD a library that overrides
libc functions with ones that try to use pre-opened directory descriptors. One such library is https://github.com/musec/libpreopen (which has been partially reused in WASI libc!) — but it's overkill for our use in some ways (we don't impose sandboxing on unsuspecting programs so we don't need to serialize the info about opened fds to shared memory) and not enough in other ways (sysctl, fopen/opendir, symlink resolution, etc.) and it's all C and it's just better to own the code here, so I added a little
This is a work in progress. It mostly works already, but it only supports Wayland for now. Forkserver (bug 1607103) works, actually I've only tested with it enabled. GPU accelerated WebGL content works (tested on Mesa RadeonSI). Audio works with PulseAudio. Various other things (X11, sndio, multi-GPU, nvidia GPU?) are not tested/supported yet. Some paths are hardcoded, etc.
Requires patch from bug 1550891.
Currently dealing with a very VERY VERY weird bug:
SecurityInformation fails to deserialize in the
HttpChannelChild! Disabled assertion for now, but this is terrible. Can anyone help me debug this?