[cap-talk] A Taxonomy of Current Object-Cap Systems
david.hopwood at industrial-designers.co.uk
Fri Mar 6 08:11:46 EST 2009
Rob Meijer wrote:
> On Thu, March 5, 2009 17:36, David Wagner wrote:
>> Rob Meijer wrote:
>>> In the light of recent discussions possibly:
>>> * Linux + AppArmor + UNIX domain sockets.
>>> AppArmor can be used to remove ambient authority on Linux. UNIX domain
>>> sockets can be used for IPC and can transfer other UNIX domain sockets.
>>> I feel the combination of these two would qualify as a rudimentary
>>> capability system, that is however pretty wide spread (Ubuntu + Suse).
>>> It is currently indeed possible but pretty hard to write code for this
>>> system today.
>> I think this is a real stretch.
>> AppArmor is not an objcap system. It's permissions are based
>> upon pathnames.
>> I don't think "could be used as a basis to build an objcap system"
>> is the same as "a working objcap system where it is possible to write
>> workin gcode today".
> In my view UNIX domain sockets when used for IPC have all the properties
> needed to be considered object capabilities.
That's not the point. A lot of work would be required to construct a
working objcap system from these ingredients.
"Linux + AppArmor + UNIX domain sockets" is not an objcap system any
more than "eggs + sugar + flour + butter" is a wedding cake.
David-Sarah Hopwood ⚥
More information about the cap-talk