ACL vs Capability
Thomas E. Spanjaard
tgen at netphreax.net
Mon Jul 3 06:02:35 PDT 2006
TongKe Xue wrote:
Is the plan to have Dragonfly be ACL or Capability (I see the word
capability mentioned around here and there, but no conclusive doc saying
"Dragonfly will be capability based control.)
I'm not sure if anyone has really thought about that, but I reckon
TrustedBSD ACLs are easiest to integrate.
If there will be support for the latter, is it correct to say that ACL
== control at the level of trainualarity based on user running the
process, Capability == control at the level of grainualarity of the
process.
The granularity of capabilities is actually per 'object', not per
process necessarily. You can control virtual memory mappings with
capabilities too, and that's far more fine-grained than just per process
(which would result in an 'everything-or-nothing' approach because of
per process capabilities).
Cheers,
--
Thomas E. Spanjaard
tgen at xxxxxxxxxxxxx
Attachment:
signature.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00001.pgp
Type: application/octet-stream
Size: 186 bytes
Desc: "Description: OpenPGP digital signature"
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20060703/b50a18be/attachment-0018.obj>
More information about the Kernel
mailing list