[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Codezero v0.2 Capabilities

From: Tom Bachmann
Subject: Re: Codezero v0.2 Capabilities
Date: Mon, 07 Dec 2009 15:23:02 +0100
User-agent: Mozilla-Thunderbird (X11/20090103)

- The user API has been purposefully simplified, i.e. the capabilities
are hidden as much as possible from the userspace. The average
programmer need to know as little as possible about capability design.
For example you don't pass a capid to a system call. You pass resource
ids directly, but they get cap-checked internally. Once you want to
manipulate resource allocation in the system, you then need to
manipulate (unavoidably) capabilities and need to know what's going
on at that level.

I don't think that is really useful. Exposing protected capabilities is about the *only* thing a microkernel should do (imho. it also has to do some resource management but this should be exposed by capabilities as well). Moreover, there is no need to try to write a user interface to the kernel for "average programmers" because any decent system will wrap kernel calls in some fashion or another anyway.

Furthermore, if you actually *can* design the user interface with these reasions in mind something very strange is going on. I wouldn't claim to be an expert, but both from my own experience and from what I have read coming up with *any* kernel interface that works (i.e. that both can be used to do what you want and can be implemented efficiently) is such a daunting task that "usability" (as in, "for average programmers") is really one of the first things you will push to userspace.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]