Capsicum is an implementation ofcapability-based security forUNIX andsimilar systems. Presented atUSENIX Security Symposium 2010, the system is part ofFreeBSD since its 9.0 release. It has also been adapted toDragonflyBSD in the form of kernelpatches.^[1] Further technical details can be found in the Ph.D. thesis^[2] byRobert Watson.

The system works by chunking the normal permissions up into very small pieces. When a process enters capsicum mode, it loses all permissions normally associated with its controlling user, except "capabilities" it already has in the form offile descriptors. A process can also receive capabilities viaUnix sockets. These file descriptors not only control access to thefile system, but also to other devices like the network sockets.Flags are also used to control more fine-grained access like reads and writes.^[3]

CloudABI is anapplication binary interface based on capsicum. It keeps the overall capsicum permission model, but uses it to redesign a simplified environment for processes (system calls, C library, etc.) to run on, so that programs become portable to any platform supporting the ABI on the sameinstruction set architecture. The interface it offers is roughlyPOSIX minus parts that do not work with capability-based security. As of March 2020^[update], CloudABI is natively a part ofFreeBSD, and it can be run on other systems either via a Capsicum-based patch or using a non-securesystem call emulator.^[4][5]

As of October 2020, CloudABI has been deprecated in favor ofWebAssembly System Interface for lack of interest.^[4]

• capsicum(4) – FreeBSD Kernel InterfacesManual
• cloudabi(4) – FreeBSD Kernel InterfacesManual

• Computer security models
• Access control
• Capability systems

• Articles containing potentially dated statements from March 2020
• All articles containing potentially dated statements