why use ambient authority in genode hello world?

Dan Connolly dckc at ...392...
Sat Jan 23 22:00:43 CET 2016

In a 2 Dec twitter conversation
<https://twitter.com/GenodeLabs/status/671941252162678784>, I was invited
to elaborate here; so...

I wholeheartedly agree when the Genode book
<http://genode.org/documentation/genode-foundations-15-05.pdf> says:

*Capability-based security* supposedly makes security easy to use by
> providing an
> intuitive way to manage authority without the need for an all-encompassing
> and
> complex global system policy.

I don't understand why ignore this principle with the hello world code

#include <base/printf.h>
> int main()
> {
>   Genode::printf("Hello world\n");
>   return 0;
> }

Why appeal to ambient authority to print to the console? Why not pass a
capability to main, as pony does with env
capsicum at cap_enter() <http://lwn.net/Articles/482858/>, etc?

At lower levels of the architecture, genode has this structure; e.g. 3.5
component creation:

The environment is constructed by successively requesting the component’s
> RM, RAM, CPU, and PD sessions from its parent.

Why not continue this structure in the base API?

Dan Connolly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20160123/ebe22f69/attachment.html>

More information about the users mailing list