Capsicum (Unix) 📖 Wikipedia

Capsicum is an implementation of capability-based security for UNIX and similar systems. Presented at USENIX Security Symposium 2010, the system is part of FreeBSD since its 9.0 release. It has also been adapted to DragonflyBSD in the form of kernel patches.^[1] Further technical details can be found in the Ph.D. thesis^[2] by Robert Watson.

The system works by chunking the normal permissions up into very small pieces. When a process enters capsicum mode, it loses all permissions normally associated with its controlling user, except "capabilities" it already has in the form of file descriptors. A process can also receive capabilities via Unix sockets. These file descriptors not only control access to the file system, but also to other devices like the network sockets. Flags are also used to control more fine-grained access like reads and writes.^[3]

CloudABI is an application binary interface based on capsicum. It keeps the overall capsicum permission model, but uses it to redesign a simplified environment for processes (system calls, C library, etc.) to run on, so that programs become portable to any platform supporting the ABI on the same instruction set architecture. The interface it offers is roughly POSIX minus parts that do not work with capability-based security. As of March 2020^[update], CloudABI is natively a part of FreeBSD, and it can be run on other systems either via a Capsicum-based patch or using a non-secure system call emulator.^[4][5]

As of October 2020, CloudABI has been deprecated in favor of WebAssembly System Interface for lack of interest.^[4]

• capsicum(4) – FreeBSD Kernel Interfaces Manual
• cloudabi(4) – FreeBSD Kernel Interfaces Manual