[cap-talk] More Heresey: ACLs not inherently bad
Rob Meijer
capibara at xs4all.nl
Sat Sep 20 06:18:23 CDT 2008
On Fri, September 19, 2008 18:55, Jonathan S. Shapiro wrote:
> On what basis does SCM gain access to that capability which Bob does not
> have?
>
> Offhand, I cannot think of a scheme that is not identity based.
>
Have a look at my MinorFs project at http://minorfs.polacanhus.net/ .
MinorFs would create a private empty directory for the pseudo persistent
scm at SCM or bob at SCM process, that (incarnations of) the process could use
for its R/W data, and for symbolic links to any sparse cap delegated to it.
I feel that if you take the MinorFs design as the basis of your system you
should be able to focus more on the specifics like auditing logs and tree
graph transformations.
Rob
More information about the cap-talk
mailing list