[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANNOUNCE] Introducing Codezero

From: Sam Mason
Subject: Re: [ANNOUNCE] Introducing Codezero
Date: Sun, 26 Jul 2009 02:05:02 +0100
User-agent: Mutt/1.5.13 (2006-08-11)

On Sat, Jul 25, 2009 at 07:36:11PM +0300, Bahadir Balban wrote:
> Having all capabilities maintained by the microkernel will add policy to
> it and inflate it, so it will somewhat deviate from a rigorous
> microkernel design. If you believe that to be more appropriate for
> maintaining security, it may be a reasonable tradeoff for you.
> However, a significant goal in Codezero is to remain generic for
> building any OS core on top. In that respect, no OS specific policy is
> allowed inside. Keeping userspace capabilities in the kernel would be
> against that principle.

I keep getting the feeling that you've "missed" the point of
object-capability systems.  I'd recommend a read through the literature
available on it, say:


Coyotos is dead now, but the kernel design docs are still up and very


Marcus and others (sorry for minimizing everyone else, it was Marcus
who was most vocal when I joined) tried *very* hard to make a l4 work;
maybe a fresh perspective was all that was needed, but it looked pretty
terminal at the time to most people.  I've had a look back through the
archives and the following looks like a nice early reference:


Jonathan Shapiro, of EROS and Coyotos, seemed to join properly here:


and the earliest I could find was:


The cap-talk mailing list is active and I'm sure would welcome any
questions you may have:


  Sam  http://samason.me.uk/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]