[cap-talk] More Heresey: ACLs not inherently bad
Charles Landau
clandau at macslab.com
Tue Sep 9 10:12:49 CDT 2008
Jed Donnelley wrote:
> Charlie,
>
> I'm just trying to understand what you describe:
>
> At 10:38 PM 9/8/2008, Charles Landau wrote:
>> ...
>> (3) Construct a directory-like object (whose behavior is described
>> below) and pass a capability to it to the new process to use as its root
>> directory/namespace. When the new process first attempts to fetch a
>> subdirectory or leaf object from the directory-like object, the latter
>> determines whether it wants the new process to have access to that
>> object, and if so makes it available for that and subsequent requests.
>
> When you say, "the latter <I assume the subdirectory or leaf object>
> determines whether it wants the new process to have access..."
I meant "the latter, i.e. the directory-like object". The subdirectory
or leaf object isn't being invoked at that point, you are only fetching
a capability to it.
More information about the cap-talk
mailing list