[cap-talk] Domain change (IPC?) overhead

[Raoul Duke]

>  Most current desktop and server OS's effectively don't address those
>  issues, either.  If one process decides to go hog wild and monopolize
>  all shared resources (e.g., all CPU), my OS will basically let it do so.
>  They don't even take care of accounting.
>
>  One possible interpretation of this state of affairs: people don't
>  consider storage isolation, accounting, and scheduling to be a
>  particularly important or critical security mechanism.
>
>  The above is deliberately intended as a "devil's advocate" view to try
>  to expand my understanding.  What do you think?

Seems like virtualization is making people think about it more now.
IIRC the OpenVZ project uses a bunch of accounting code that
originally had been simply for regular Linux, but nobody seemed to
want to use the features. So the ideas and even code have been around
for a while, it was just waiting for regular folks to wake up and care
about using them. I think maybe the folks who originally implemented
those features are the ones who went on to do OpenVZ?

I assume there are more serious OSs that support all that kind of
stuff from ages ago. OpenVMS has accounting, presumably it has ways to
enforce limits as well?

sincerely.