[cap-talk] kernel object knowledge
Jonathan S. Shapiro
shap at eros-os.com
Tue May 29 13:56:41 EDT 2007
On Tue, 2007-05-29 at 00:04 -0700, Jed Donnelley wrote:
> Do some
> objects (e.g. those for active entities like processes) need
> to be implemented by (known about, supported by) the 'kernel'
> (globally trusted code)?
Yes, though not necessarily because of membranes. In a non-cryptographic
capability system, in the absence of hardware protection, any object
that stores capabilities must be implemented by the kernel to ensure the
type partition that assures safety. Typically these objects will
include Processes, Endpoints (or equivalent) and whatever mechanism
supports address spaces.
Once these objects must be admitted into the kernel anyway, the marginal
effort to provide a limited degree of membrane support (notably the
"weak/sensory" mechanism) carries very little cost. The weak/sensory
mechanism isn't a general-purpose membrane, but it does cover a very
common case.
shap
More information about the cap-talk
mailing list