[cap-talk] Reducing Ambient user authority in a Type Safe /Memory Safe OS.
David-Sarah Hopwood
david-sarah at jacaranda.org
Sat Jan 2 08:44:09 PST 2010
Marcus Brinkmann wrote:
> Rob Meijer wrote:
>> On Thu, December 31, 2009 01:09, Marcus Brinkmann wrote:
>> If we assume however that it is quite possible for many programs to run
>> perfectly without any implicit access to /proc/$mypid, and thus can
>> restrict quit a lot of programs so that they don't have access to this,
>> than it remains useful if we could be able to create unnamed files without
>> using a shared namespace.
>
> If programs in general don't have access to /proc (but some programs do) then
> you are giving up on the concept of a globally shared namespace, and you can
> just go all the way and give each process its own /tmp directory. You
> mentioned that this is already done by MinorFS.
>
> The utility of anonymous files seems dubious, as it makes it hard to account
> for resource usage properly. This seems to be rather a misfeature of Unix.
Not really. You need a way to account for resources (including memory
segments) held by processes and not linked into the filesystem, anyway.
So files held open by a process can just be accounted to that process.
Files linked from multiple places should be accounted to all of those
places (each for the full size).
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20100102/2a886a87/attachment.bin
More information about the cap-talk
mailing list