[cap-talk] More Heresey: ACLs not inherently bad
Jonathan S. Shapiro
shap at eros-os.com
Fri Sep 19 08:10:04 CDT 2008
Alan:
You have satisfied 1-5.
> I believe that what I've described meets criteria 1-5, but I'm not sure what #6 means.
It means that the only application entitled to update the tree is the
SCM application. Write permission requires authorized user and access
being performed by the SCM program.
However, I think your proposal extends to this fine, with only one
challenge: how to ensure in a non-persistent cap system that only the
SCM program has write access to the tree? I don't think this bootstraps
without something ACL-like.
shap
More information about the cap-talk
mailing list