Ludovic Courtès wrote:
"Christopher Nelson" <[EMAIL PROTECTED]> writes:
Ah. Well, it seems to me that capabilities must not be serializable.
If they could be, what would stop a thread from modifying the
capabilities as they flowed back to the kernel?
Right. I was assuming a _protected_ capability systems where
capabilities are by definition _not_ serializable by applications[0].
If the serializing entity was part of the TCB, then you have to
implement a certain amount of persistence anyway.
That was my point: how can we serialize capabilities without support
from the trusted kernel (i.e. without "persistence"). As you say, it's
probably impossible. This makes the use of persistence more than just a
matter of taste.
The capabilities can't directly be serialized. The application has to
get (e.g. by inheritance).
I guess jonathan meant the application level state.
Once you start implementing persistence by degrees you run into a
whole bunch of edge cases where it's just easier to implement
system-wide persistence anyway. That's been my experience, in any
case.
I guess so. Have you been working on persistence/checkpointing
mechanisms?
Thanks,
Ludovic.
[0] http://lists.gnu.org/archive/html/l4-hurd/2005-10/msg00010.html
_______________________________________________
L4-hurd mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/l4-hurd
--
-ness-
_______________________________________________
L4-hurd mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/l4-hurd
