[okl4-developer] L4.sec status ping
gernot at nicta.com.au
Tue Aug 7 18:44:28 CEST 2007
>>>>> On Tue, 7 Aug 2007 13:26:58 +0800, "Wei Shen" <cquark at gmail.com> said:
WS> On 8/3/07, Gernot Heiser <gernot at nicta.com.au> wrote:
WS> The commercial OKL4 microkernel is converging on the seL4 API, it
WS> presently contains simplified versions of IPC control and all kernel
WS> resource allocation is under control of a user-level policy server. It
WS> should implement a full seL4 API probably sometime next year.
WS> I have several questions:
WS> 1)What does "simplified versions of IPC control" refer to?
There is a privileged IpcControl() syscall that allows you to set IPC
restrictions on an address space (send anywhere, send anywhere except
some, send only to some).
WS> 2)"all kernel resource allocation is under control of a user-level policy
WS> server" - does the user-level policy server refer to Iguana?
As far as the kernel is concerned, it's the root task. In the OKL4
system the root task is Iguana.
WS> 3)Can these features you noted be found in current Pistachio-e and Iguana
WS> release? All they belong to close-source part of OKL4?
They are in the released open-source OKL4l, and nicely documented in
the very extensive (260 page) OKL4 Microkernel Programming Manual
available at http://portal.ok-labs.com/
There is no closed-source part of OKL4, other than platform code that
is specific to proprietary customer hardware. However, there is a
release backlog (sorry). Nevertheless, what you are asking for is
released, supported, deployed by commercial customers, and open
More information about the l4-hackers