why use ambient authority in genode hello world?
dckc at ...392...
Sat Jan 23 22:00:43 CET 2016
In a 2 Dec twitter conversation
<https://twitter.com/GenodeLabs/status/671941252162678784>, I was invited
to elaborate here; so...
I wholeheartedly agree when the Genode book
*Capability-based security* supposedly makes security easy to use by
> providing an
> intuitive way to manage authority without the need for an all-encompassing
> complex global system policy.
I don't understand why ignore this principle with the hello world code
> int main()
> Genode::printf("Hello world\n");
> return 0;
Why appeal to ambient authority to print to the console? Why not pass a
capability to main, as pony does with env
capsicum at cap_enter() <http://lwn.net/Articles/482858/>, etc?
At lower levels of the architecture, genode has this structure; e.g. 3.5
The environment is constructed by successively requesting the component’s
> RM, RAM, CPU, and PD sessions from its parent.
Why not continue this structure in the base API?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users