On 5/29/06, Pierre THIERRY <[EMAIL PROTECTED]> wrote:
In general, some capabilities typically given by the constructor need only to be read-only, for example the TCB ones, like to the meta-constructor and the constructor. Though in some virtualization cases, they also should be unreadable. (Jonathan, I think I'm starting to understand why you think that disclosure should not be the default)
I don't see why there has to be always a capability that is provided by the constructor. It breaks flexibility (and possibly virtualization). The TCB capabilities can be provided by the requestor if there is no capability that the constructor is supposed to protect. How does virtualization require any capabilities to be unreadable? Thanks Michal _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
