[cap-talk] [Fwd: [eros-arch] the GNU system design]

Mark S. Miller markm at cs.jhu.edu
Wed Nov 1 10:00:35 CST 2006

[Forwarding to cap-talk, as it's another interesting bit of cap history.]

-------- Original Message --------
Subject: [eros-arch] the GNU system design
Date: Wed,  1 Nov 2006 10:44:28 -0500 (EST)
From: kragen at pobox.com (Kragen Javier Sitaker)
Reply-To: EROS architectural discussions <eros-arch at mail.eros-os.org>
To: eros-arch at mail.eros-os.org, coyotos-dev at coyotos.org

I was just rereading http://www.gnu.org/philosophy/stallman-kth.html
and I guess I must have not read it since before I heard about EROS
(perhaps in 1998?) because it has this bit that I didn't remember:

     Now, for the kernel I am planning to use a system called TRIX (it
     doesn't stand for anything that I know of) which was developed as
     a research project at MIT. This system is based on Remote
     Procedure Call. Thus programs are called domains. Each domain is a
     address space and various capabilities, and a capability is none
     other than the ability to call a domain. Any domain can create
     ``capability ports'' to call it, and then it can pass these ports
     to other domains, and there is no difference between calling the
     system and calling another user domain. In fact you can't tell
     which you have. Thus it is very easy to have devices implemented
     by other user programs. A file system could be implemented by a
     user program, transparently. It's also transparent to communicate
     across networks. You think that you're directly calling another
     domain, but really you're calling the network server domain. It
     takes the information that you gave in the call, and passes this
     over the network to another server program which then calls the
     domain that you're trying to talk to. But you and that other
     domain see this as happening invisibly.

     The TRIX kernel runs, and it has a certain limited amount of UNIX
     compatibility, but it needs a lot more. Currently it has a file
     system that uses the same structure on disk as the ancient UNIX
     file system does. This made it easier to debug the thing, because
     they could set up the files with UNIX, and then they could run
     TRIX, but that file system doesn't have any of the features that I
     believe are necessary.

This was on 1986-10-30, so I guess we can backdate our efforts to
supersede Unix with a free-software capability-secure system by
another decade.  Maybe we'll make some progress one of these days.

Kragen Javier Sitaker in Caracas  kragen at pobox.com
eros-arch mailing list
eros-arch at mail.eros-os.org

Text by me above is hereby placed in the public domain


More information about the cap-talk mailing list