Hello!
I try to understand how capabilities are enforced by the Fiasco.OC kernel. From what I think I understood, capabilities are created in the kernel space area of an address space (which is the same in every address space) at Config::Caps_start. Each cap is identified by an index in this area and holds a reference to an object of type kobject_iface in its _obj attribute. This is the object this cap is controlling access to. Now I've got a few questions about further details.
Where does the translation from address space local to kernel global cap id happen?
How does the kernel know threads of which space are allowed to access which cap (mapdb?)?
When a thread sends IPC, in which place of the kernel code do these caps get enforced / checked?
BR,
Christoph