Capability Authentication
olafBuddenhagen at gmx.net
olafBuddenhagen at gmx.net
Thu Oct 20 02:31:20 CEST 2005
Hi,
> For example, process instantiaton (spawn or fork) requires many
> capability copies even in our current plans. Creating new processes
> is an important operation in the EROS operating system to enforce
> confinement policies.
I see a flaw in this reasoning: If you start more processes due to a
finer grained design -- which is probably a Good Thing (TM) -- then the
individuall processes do less, so you need only few capabilities for
each one... We'd need to make the rest of the process startup *very*
efficient, to make it matter even for a "hello world" process. (Would be
desirable, but I doubt it is achievable.)
I still can't think of any realistic scenario, where capability passing
would be so common as to make a few hundred clock cycles per operation
really relevant. Of course, that doesn't mean none exist...
-antrik-
More information about the l4-hackers
mailing list