On this page:
1.1 Quickstart
1.2 Advanced Installation
1.2.1 System requirements
1.2.2 Kernel modifications
1.2.3 Pre-requisites
1.2.4 Installation

1 Installation

Shill requires a few patches to the FreeBSD kernel to enable additional security checks that support capability-based sandboxing. To make getting started easy, we provide two installation options:

If you want to experiment with Shill or don’t use FreeBSD, choose Quickstart. If you want to install Shill on an existing FreeBSD system, choose Advanced Installation.

1.1 Quickstart

Download the virtual machine image: http://shill.seas.harvard.edu/dist/Shill.ova (1.4GB). This image has Shill pre-installed and can be run with most virtual machine software. We recommend VirtualBox.

The root password is "root". In addition, there is a default user "shill" whose password is "shill". You can find Shill’s source code, including examples, in the "shill" user’s home directory.

The virtual machine has minimal packages installed. You can install more using FreeBSD’s package manager. For instructions on installing a graphical user interface, see the FreeBSD handbook.

1.2 Advanced Installation

The advanced installation instructions assume familiarity with installing and configuring a FreeBSD system.

1.2.1 System requirements

Shill is currently compatible with FreeBSD version 9.3.0. Shill requires that mounted filesystems support the "multilabel" feature. In particular, Shill cannot be used with the zfs filesystem.

1.2.2 Kernel modifications

Shill requires patches to the Mandatory Access Control framework to support capability-based sandboxes. To install our modified kernel, clone the ShillBSD git repository, and then build and install the kernel.

1.2.3 Pre-requisites

Shill requires Racket 6.1, which can be installed from ports or by invoking pkg install racket.

Mounted filesystems should support the "multilabel" feature. You can enable "multilabel" with tunefs -l enable / while in single-user mode.

1.2.4 Installation

First, clone the shill git repository. From the top-level directory, compile Shill with make and then install with make install. Installation requires superuser privileges.

To enable Shill’s capability based sandbox, you must activate the Shill kernel module by adding the line shill_load="YES" to the file /boot/loader.conf and rebooting.

Shill is now ready for use.