|
From: | Tom Bachmann |
Subject: | Re: Codezero v0.2 Capabilities |
Date: | Mon, 07 Dec 2009 15:23:02 +0100 |
User-agent: | Mozilla-Thunderbird 2.0.0.19 (X11/20090103) |
- The user API has been purposefully simplified, i.e. the capabilities are hidden as much as possible from the userspace. The average programmer need to know as little as possible about capability design. For example you don't pass a capid to a system call. You pass resource ids directly, but they get cap-checked internally. Once you want to manipulate resource allocation in the system, you then need to manipulate (unavoidably) capabilities and need to know what's going on at that level.
I don't think that is really useful. Exposing protected capabilities is about the *only* thing a microkernel should do (imho. it also has to do some resource management but this should be exposed by capabilities as well). Moreover, there is no need to try to write a user interface to the kernel for "average programmers" because any decent system will wrap kernel calls in some fashion or another anyway.
Furthermore, if you actually *can* design the user interface with these reasions in mind something very strange is going on. I wouldn't claim to be an expert, but both from my own experience and from what I have read coming up with *any* kernel interface that works (i.e. that both can be used to do what you want and can be implemented efficiently) is such a daunting task that "usability" (as in, "for average programmers") is really one of the first things you will push to userspace.
Thanks, Tom
[Prev in Thread] | Current Thread | [Next in Thread] |