newbie questions
ross mcginnis
ross_mcginnis at ...16...
Fri Jun 5 07:21:04 CEST 2009
Hello,
I'm an amateur//hobbyist programmer who is very interested capability operating systems. I have just found this project and have started reading the documentation. I have some questions regarding the "Interfaces and Mechanisms" document- sorry if these have already been asked (if so just point me to where I can already find the answers).
1- Is there anyway that a child can be endowed with any extra capabilities to server services at creation by its parent? Or is it always the case that the child always has to be first created without any extra capabilities and only after it is created then can it gain external caps by requesting a service by way of its parent?
2- In the documentation it says that the parent of a server is given the root_capability to any services announced by the child and this cap is intended to be used and kept by the parent only.
Is this cap actually copyable and transferrable?
And does it really matter if the parent gives this cap away?
This last question may seem really dumb since it goes against the whole point of having an acylic tree of parent to children nodes to facilitate reasoning about the TCB, however, if you haven't actually stopped the parent from been able to give it away shouldn't you assume that it will give it away?
3- The documentation mentions the use of unix file permissions. Are access control lists and file permissions to be planned/implemented in the file servers within the genode project? If they are, it is there a possibility for a confused deputies to arise since the clients request services by using serive_name and arg strings instead of capabilities?
>From what I naively understand about capability based OSes is that you either have to provide a persistent state mechanism or an ACL like regime to be able to recreate the capability network at power-up after shut-down/crash-recovery. Is it possible for a system to be built using genode framework which is orthognally persistent and thus drop the use of ACL's?
Lastly, I think there is a very slight mistake in the "Interfaces and Mechanisms" document in the "Servers" section towards the very end in the sentence "The session capability, created by Child1 (4), can now be passed to Child1 as return value of nested session calls (5, 6).": shouldn't the second mention of "Child1" actually be "Parent2"?)
This looks like a very interesting project with fantasic potential! Thanks for creating it!
Thanks you
Ross McGinnis
_________________________________________________________________
Looking for a place to rent, share or buy this winter? Find your next place with Ninemsn property
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Edomain%2Ecom%2Eau%2F%3Fs%5Fcid%3DFDMedia%3ANineMSN%5FHotmail%5FTagline&_t=774152450&_r=Domain_tagline&_m=EXT
More information about the users
mailing list