DragonFly BSD
DragonFly kernel List (threaded) for 2006-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: ACL vs Capability


From: "Thomas E. Spanjaard" <tgen@xxxxxxxxxxxxx>
Date: Mon, 03 Jul 2006 12:51:48 +0000

TongKe Xue wrote:
Is the plan to have Dragonfly be ACL or Capability (I see the word capability mentioned around here and there, but no conclusive doc saying "Dragonfly will be capability based control.)

I'm not sure if anyone has really thought about that, but I reckon TrustedBSD ACLs are easiest to integrate.


If there will be support for the latter, is it correct to say that ACL == control at the level of trainualarity based on user running the process, Capability == control at the level of grainualarity of the process.

The granularity of capabilities is actually per 'object', not per process necessarily. You can control virtual memory mappings with capabilities too, and that's far more fine-grained than just per process (which would result in an 'everything-or-nothing' approach because of per process capabilities).


Cheers,
--
        Thomas E. Spanjaard
        tgen@xxxxxxxxxxxxx

Attachment: signature.asc
Description: OpenPGP digital signature



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]