Re: thread ids, task ids and subsystems

[Marcus Brinkmann]

On Mon, Apr 14, 2003 at 02:47:02PM +0200, Michal 'hramrach' Suchanek wrote:
> To get quotas for a quota server could be introduced. An example for files
> handles:

Before you start, consider the requirements for quota in the Hurd:

* The user has all the freedom we can provide without harming security.
* The user has all the freedom we can provide without harming security.
* The user has all the freedom we can provide without harming security.

This means that something like file handles doesn't need to be restricted at
all.  What needs to be restricted (if at all) is processor time, memory,
kernel objects, system objects (if they can not indirectly be restricted by
restricting memory or processor time).

Also, users should only be minimally bound to system services, they should
be free to use their own protocols and servers.

For example, users could simply provide memory to the server.  The server
can use this memory to store whatever user related data it needs to store.
Processor time is harder (how do you prevent users from running on a servers
time? - E.R.O.S. has some concepts for that, IIRC).

You could also have the central memory server restrict the user's memory
when services are used.  But that requires a clever protocol because user's
should not be required to trust servers.  So, any resource the server claims
on a users behalf needs to be "countersigned" and approved of by the user.
For example, users could make cheques of resources that the server can
exchange for resources at the server providing the resource (vm).
Of course, such servers would become more complicated, as they need to
organize user-related resources on the memory provided by that user.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' GNU      http://www.gnu.org    address@hidden
Marcus Brinkmann              The Hurd http://www.gnu.org/software/hurd/
address@hidden
http://www.marcus-brinkmann.de/