Jonathan S. Shapiro wrote:
This makes sense to me, but it also seems to me that if A is a process implementing the file server, and B has memory mapped a file from A, then the current design requires Pb to act as an intermediary -- primarily for the purpose of normalizing file offsets and doing a little bit of protocol translation.
Further, it seems to me that there is an interesting problem of deceiting here, since the file server may not know that Pb and B are equivalent for access control purposes.
Am I missing something that simplifies this scenario?
That is a result of using thread ids for identification of senders which I consider a bad idea. If we need indeed (which I tend to believe) sender identification, the id space should be designed such that ids can be managed in user space and enforced by the kernel, i.e. Pb and the file server should be enabled to act under the same sender id.
--hermann