l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Capability Authentication

From: Marcus Brinkmann
Subject: Re: Capability Authentication
Date: Thu, 20 Oct 2005 16:17:38 +0200
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI) 
At Thu, 20 Oct 2005 02:31:20 +0200,
<address@hidden> wrote:
> 
> Hi,
> 
> > For example, process instantiaton (spawn or fork) requires many
> > capability copies even in our current plans.  Creating new processes
> > is an important operation in the EROS operating system to enforce
> > confinement policies.
> 
> I see a flaw in this reasoning: If you start more processes due to a
> finer grained design -- which is probably a Good Thing (TM) -- then the
> individuall processes do less, so you need only few capabilities for
> each one... We'd need to make the rest of the process startup *very*
> efficient, to make it matter even for a "hello world" process. (Would be
> desirable, but I doubt it is achievable.)

I have to say that we are leaving the ground where I have any
certainty.  One reason is that I don't have much experience outside of
POSIX.  The other reason is that I don't know what type of system we
are talking about if we are not talking about POSIX.  Without some
foundation, I find it hard to speculate.

Within these reservations, I don't think your argument is quite right.
The number of capabilities per operation may be fewer, but the number
of operations also raises.

My understanding is that process spawning in EROS is blazingly fast,
and that a substantial number of capabilities is copied in the system
throughout.  So, there you would have one design and implementation
you could have a closer look at if you want to explore this.  Please
let us know what you find.

Thanks,
Marcus
reply via email to
[Prev in Thread] Current Thread [Next in Thread]