[cap-talk] A Taxonomy of Current Object-Cap Systems
David Wagner
daw at cs.berkeley.edu
Thu Mar 5 11:36:42 EST 2009
Rob Meijer wrote:
> In the light of recent discussions possibly:
>
> * Linux + AppArmor + UNIX domain sockets.
>
> AppArmor can be used to remove ambient authority on Linux. UNIX domain
> sockets can be used for IPC and can transfer other UNIX domain sockets.
> I feel the combination of these two would qualify as a rudimentary object
> capability system, that is however pretty wide spread (Ubuntu + Suse).
> It is currently indeed possible but pretty hard to write code for this
> system today.
I think this is a real stretch.
AppArmor is not an objcap system. It's permissions are based
upon pathnames.
I don't think "could be used as a basis to build an objcap system"
is the same as "a working objcap system where it is possible to write
workin gcode today".
More information about the cap-talk
mailing list