-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
On 8/7/07, Bjoern Doebel doebel@os.inf.tu-dresden.de wrote:
What does "security monitor style IPC permissions" mean? Can it be found
in
current Fiasco release?
Yes, it can be found in Fiasco. Tasks can be started in "monitored" mode which means that they only possess rights to communicate with themselves, their creators and the NIL thread. Every other IPC will raise a capability fault which is sent to a user-defined capability fault handler. The handler may then act upon this fault by mapping an IPC right to the faulting task, if it possesses this right itself. Whenever this right has been mapped, no more capabilty faults will occur until the right is revoked at a later point in time.
Interesting, especially that I think IPC control is an obvious weakness of current L4 kernels. Is there any new l4 API specification release includes this feature?
Not yet, but there will probably be one in the future.
Where do IPC capabilties originally come from? Maybe there is a privileged task (roottask?) that has all capabilites? How about the performance of this mechanism - searching the communication peer from the cap list in every IPC ...
Currently tasks that are started by roottask during system startup possess all capabilities and may map those to clients. A specific IPC Monitor works as the capability fault handler for the tasks started by our ELF loader and can be configured by the user.
Performance isn't hurt that much. You only need to do the lookup once the first IPC is sent between from task A to B. Afterwards, task A possesses the communication capability and no more capfaults occur, therefore causing no more overhead.
Is this model only used in IPC contol or also to control other kernel resources, like memory pages, interrupts, task no ... Is task / thread creation controlled now in Fiasco?
Fiasco also includes a new mechanism to account in-kernel memory usage to specific tasks. What kind of control do you want for task/thread creation?
Why can I find news about changes to Fiasco?
Hopefully there will be a new Fiasco spec some day. ;)
Bjoern