Conversation

Replying to and
I've followed the whole "capabilities" thing for decades and never found any value in it besides "lets just pretend we're not root despite having complex interacting powers that are hard to reason about and almost always root-equivalent".
2
1
Replying to and
It's not at all the same kind of thing as *nix capabilities but rather FreeBSD Capsicum. It's an object capability system for associating rights with objects. It's not something bolted on to an existing system but rather what it's based around in the first place though.
1
6
I skimmed through that and I love how they have some of the basic concepts from my vaporware kernel (fs being provided by a userspace process, only visible to procs attached to it) but then botched a lot to make that happen s.t. mmap is read-only. 🤦🤦🤦
3
...and demand paging doesn't exist. 🤦 ...and you have to use mmap rather than read for performance. 🤦 This all comes out naturally right if the only underlying operation is mmap-like and read/write are always kernel-mediated memcpys.
2
1
Show replies