Blog category: FreeBSD

Granting privileges using MAC Framework

April 17, 2017 by Paweł Biernacki

FreeBSD’s kernel provides quite sophisticated privilege model that extends the traditional UNIX user-and-group one. Here I’ll show how to leverage it to grant access to specific privileges to group of non-root users.

Continue reading

Sandboxing the hypervisor

February 15, 2017 by Paweł Biernacki

I’m pleased to announce that bhyve, the FreeBSD’s hypervisor, is now sandboxed using Capsicum framework.

Continue reading

Simple MAC policy in FreeBSD

January 16, 2017 by Paweł Biernacki

Mandatory Access Control (MAC) Framework is one of the less known FreeBSD features. Let’s take a look on how to use it.

Continue reading

Capsicum helpers

January 6, 2017 by Paweł Biernacki

Sandboxing applications using capsicum can sometimes lead to repeating some common patterns and duplicating large amounts of code. Fortunately there is an easy solution.

Continue reading

Why I give to FreeBSD Foundation

December 16, 2016 by Paweł Biernacki

When the year comes to and end, it’s the final chance to help your favourite open source project!

Continue reading