[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: L4Mach or Refactor Hurd Servers?
|
From: |
Niklas Höglund |
|
Subject: |
Re: L4Mach or Refactor Hurd Servers? |
|
Date: |
Sun, 11 Nov 2001 22:14:48 +0100 |
On Sun, 11 Nov 2001, Farid Hajji <address@hidden> wrote:
> > As it stands, we will have to implement libports as an L4 task and
will
> > essentially be creating an L4Mach anyway.
> As far as the port rights (a.k.a. capabilities) are concerned, yes.
> We'll need a capabilities server task in the L4 port of the Hurd.
I must confess that I haven't looked at the Hurd source code (just
installed it and tested it a bit), but I did some thinking about
permissions handling in the L4 port.
Something that is definitely needed is a trusted third part (the auth
server?). This part should know what capabilities (user and group
rights) all processes have. I'd like to avoid calling this task on
every IPC, as that would double the IPC overhead and add a bottleneck.
This is how I imagined a couple of scenarios:
UP user process
E2 ext2 server
AU auth server
UP -> E2: read n bytes from file f
E2 -> AU: give me a copy of UP's permission set (1)
AU -> E2: here it is
E2 checks to see that UP is permitted to read the file
E2 -> UP: here are the bytes
UP -> E2: read a couple of more bytes
E2 checks its internal table to see that UP is permitted to read the file
E2 -> UP: here are the bytes
UP -> AU: add user xxx permissions from me
UP -> E2: read some bytes from a different file
E2 checks its internal table, finding that UP lacks permission
E2 -> AU: give me a copy of UP's permission set
AU -> E2: here it is
E2 updates its internal tables, and checks them
E2 -> UP: here are the bytes
UP -> AU: remove user xxx permissions from me
AU -> E2 (which was registered at (1)) invalidate AUs permissions set
E2 -> AU: OK
AU -> UP: OK
While writing the message above, I realized two other ways of doing
the same thing. (With different performance caracteristics.)
Another, probably simpler, way would be to have all processes register
their interest in the permissions of a process with AU and have AU
broadcast the relevant information when changed.
Best performance, and maybe also simplest to implement, would be if AU
provided a read-only view of all processes permissions sets in
mmap:able memory.
I don't know enough about either the Hurd or the L4 to say with surety
that these approaches would work, but I think it would be a shame to
move to a system with faster IPC just to have to do more of them.
--
Niklas
- Re: L4Mach or Refactor Hurd Servers?, (continued)
- Re: L4Mach or Refactor Hurd Servers?, Thomas Bushnell, BSG, 2001/11/11
- emulating no-senders notifications in L4?, Farid Hajji, 2001/11/12
- Re: emulating no-senders notifications in L4?, Thomas Bushnell, BSG, 2001/11/12
- Re: emulating no-senders notifications in L4?, Ian Duggan, 2001/11/12
Re: L4Mach or Refactor Hurd Servers?, Farid Hajji, 2001/11/10
Re: L4Mach or Refactor Hurd Servers?, Farid Hajji, 2001/11/10
RE: L4Mach or Refactor Hurd Servers?, Volkmar Uhlig, 2001/11/16