Basically, from what I've read it translates to having a unified single delivery,
per syscall capabilities system that's not scatter-brainded hack spread out in the
Linux kernel now, right ?
You basically get all this simple and elegant encapsulation in one architectural
effort, right ?
With processes and signals as the exceptions ?
> Ultimately, I'ld note that when you strip away the syntax transformations you
> discover that above the vnode boundary UNIX is a capability system, with the
> notable exception of the signalling and process control mechanisms, which are
> rather crufty. With the introduction of /proc, processes have been given
> descriptors as well. What we now need to do is find a way to eliminate the
> legacy interfaces that render principled security in UNIX so difficult.
Uh, what you're saying is that the vnode/VFS interface is identical in structure
to Eros capabilities, but it not treated in uniform manner ?
bill
> Jonathan S. Shapiro, Ph. D.
> IBM T.J. Watson Research Center
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/