Codezero Microkernel v0.2 Released
bahadir at l4dev.org
Mon Dec 7 13:52:39 CET 2009
I would like to announce that Codezero Microkernel v0.2 is released.
On this release, the microkernel is now fully capability checked, and we
introduced the notion of containers to provide isolated execution
environments. Please see below for a brief description.
In Codezero containers provide the architectural infrastructure for
isolation of execution environments. Each container is allocated with a
set of address spaces, threads, and any other resource that would
otherwise be globally available on the platform, such as virtual and
Using the simple notion of containers, it is possible to build any type
of software design hierarchy. A hierarchical client/server design, or
multi-threaded standalone applications are both possible scenarios.
Capabilities protect all resources maintained by the kernel. Currently,
all system calls are protected by capabilities, except a few trivial
ones that have been left out. Physical and virtual memory, typed memory
pools, and inter-process communication are among other resources that
are protected by capability checking.
Capabilities build upon the foundation of containers, providing a
fine-grained security architecture, inside and among container boundaries.
We also introduced a capability control system call, by which the
capabilities may be shared, granted and modified in different ways,
enabling a highly flexible and configurable security architecture.
We attempted to present the above two notions in an easily manageable
kernel configuration system. Containers, their parameters and
capabilities may be adjusted easily at configuration time, using our
CML2-based kernel configuration system.
We are aiming to evolve the L4 API into the future by feedback, hence
this email post. Codezero Project is open with a GPLv3 license.
If you are interested to learn more, download by:
A useful jump-start guide:
API reference man pages:
man -M codezero/docs/man pagename
More information about the l4-hackers