[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Capabilities

From: Bas Wijnen
Subject: Re: Capabilities
Date: Mon, 13 Feb 2006 09:56:44 +0100
User-agent: Mutt/1.5.11

On Sun, Feb 12, 2006 at 11:49:52PM -0300, Leonardo Pereira wrote:
> No. I was not talking about the relation between the interpreter and the
> code, but with the interpreter and the rest of the system.

I did talk about that, but appearantly not quite clear enough.

> Example: If I create a program in scheme that uses the sound, It will need a
> capability to access the sound. But if I create another program in scheme
> that do not use the sound. I think that I will not wanna give a capability
> to that program. The problem is that you need to give the capabilities to
> the interpreter, not to the program, so, how I could manage that in a sane
> way (not giving capabilities to everything to all programs)

The shell will need to know what capabilities to give to a program it starts.
This is a general problem.  For programs which know about capabilities, they
can negotiate with the shell about it.  For others (POSIX programs, mostly),
they will not do that.  What POSIX programs do is open a device file in a
known location (like /dev/dsp).

So if your interpreter is capability-aware, then it can do the negotiation.
If it isn't, the POSIX library needs to do it.  It may be on-request (that is,
during the open() call) or by override (the user specifies that some
capabilities should be passed to it at startup, the POSIX library channels
access to /dev/dsp through that capability.

In general, there is no difference with any other program.  The only thing the
interpreted-file case shows, is that the defaults for which capabilities to
give should not be set per-executable (except if the script is considered an
executable itself, as it is in POSIX).


> 2006/2/12, Bas Wijnen <address@hidden>:
> >
> > On Sun, Feb 12, 2006 at 04:33:14PM -0300, Leonardo Pereira wrote:
> > > When you run a program, you can give a capabilitie to it and it will be
> > > able to use something or open some files. But what will happen if I use
> > > an interpreter? how the system will know what capabilities the
> > > interpreted program will have?
> >
> > I'm not sure if I understand your question.  An interpreter will need a
> > (read-only) capability to the script it's supposed to execute.  Further,
> > it just receives extra capabilities (for a (possibly private) file system,
> > for example) just like any other process does.  If it's a POSIX process
> > (so it doesn't know about capabilities), then this is done by the POSIX
> > layer (I think of it as a library, but it may end up to be something
> > else), which probably passes them on as files which can be opened or so.
> >
> > Does that answer your question?
> >
> > Bas

I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]