Codezero Microkernel v0.2 Released

Bahadir Balban bahadir at
Mon Dec 7 13:52:39 CET 2009

I would like to announce that Codezero Microkernel v0.2 is released.

On this release, the microkernel is now fully capability checked, and we 
introduced the notion of containers to provide isolated execution 
environments. Please see below for a brief description.

1.) Containers

In Codezero containers provide the architectural infrastructure for 
isolation of execution environments. Each container is allocated with a 
set of address spaces, threads, and any other resource that would 
otherwise be globally available on the platform, such as virtual and 
physical memory.

Using the simple notion of containers, it is possible to build any type 
of software design hierarchy. A hierarchical client/server design, or 
multi-threaded standalone applications are both possible scenarios.

2.) Capabilities

Capabilities protect all resources maintained by the kernel. Currently, 
all system calls are protected by capabilities, except a few trivial 
ones that have been left out. Physical and virtual memory, typed memory 
pools, and inter-process communication are among other resources that 
are protected by capability checking.

Capabilities build upon the foundation of containers, providing a 
fine-grained security architecture, inside and among container boundaries.

We also introduced a capability control system call, by which the 
capabilities may be shared, granted and modified in different ways, 
enabling a highly flexible and configurable security architecture.

3.) Configuration

We attempted to present the above two notions in an easily manageable 
kernel configuration system. Containers, their parameters and 
capabilities may be adjusted easily at configuration time, using our 
CML2-based kernel configuration system.

We are aiming to evolve the L4 API into the future by feedback, hence 
this email post. Codezero Project is open with a GPLv3 license.

If you are interested to learn more, download by:

git-clone git://

A useful jump-start guide:

API reference man pages:

man -M codezero/docs/man pagename


Bahadir Balban

More information about the l4-hackers mailing list