Capability Authentication

olafBuddenhagen at olafBuddenhagen at
Thu Oct 20 02:31:20 CEST 2005


> For example, process instantiaton (spawn or fork) requires many
> capability copies even in our current plans.  Creating new processes
> is an important operation in the EROS operating system to enforce
> confinement policies.

I see a flaw in this reasoning: If you start more processes due to a
finer grained design -- which is probably a Good Thing (TM) -- then the
individuall processes do less, so you need only few capabilities for
each one... We'd need to make the rest of the process startup *very*
efficient, to make it matter even for a "hello world" process. (Would be
desirable, but I doubt it is achievable.)

I still can't think of any realistic scenario, where capability passing
would be so common as to make a few hundred clock cycles per operation
really relevant. Of course, that doesn't mean none exist...


More information about the l4-hackers mailing list