Capability Authentication

Alexander Warg alexander.warg at
Fri Oct 21 14:14:41 CEST 2005

On Thu, 2005-10-20 at 02:31 +0200, olafBuddenhagen at wrote:
> Hi,
> > For example, process instantiaton (spawn or fork) requires many
> > capability copies even in our current plans.  Creating new processes
> > is an important operation in the EROS operating system to enforce
> > confinement policies.
> I see a flaw in this reasoning: If you start more processes due to a
> finer grained design -- which is probably a Good Thing (TM) -- then the
> individuall processes do less, so you need only few capabilities for
> each one... We'd need to make the rest of the process startup *very*
> efficient, to make it matter even for a "hello world" process. (Would be
> desirable, but I doubt it is achievable.)
> I still can't think of any realistic scenario, where capability passing
> would be so common as to make a few hundred clock cycles per operation
> really relevant. Of course, that doesn't mean none exist...

I think You have to distinguish between user-level capabilities,
representing user-level objects and kernel capabilities which name
kernel objects, such as communication points. For kernel capabilities
there may be a very frequent transfers, in particular in the case of
sessionless protocols, where a capability for the answer must be
transfered on every IPC because of the unidirectional nature of
communication points.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the l4-hackers mailing list