So it's just over four years later and probably everyone's interests have changed, but I thought I'd mention:
https://github.com/capnproto/capnproto/pull/821 This adds FD passing to Cap'n Proto RPC. You can attach an FD to any capability type, and it will be transmitted along with the capability. -Kenton On Fri, Mar 20, 2015 at 12:32 PM Kenton Varda <[email protected]> wrote: > Hi Alexander, > > I'm excited to hear KDE is planning to use capability-based sandboxing! > > How far along is this? Are there docs describing the design, especially > how apps will go about obtaining permissions to talk to each other when the > user wants them to? We've spent a lot of time thinking about this for > Sandstorm and I'd love to compare notes. If you plan to use Cap'n Proto > then it may even make sense to share code (not just Cap'n Proto itself, but > components of Sandstorm). > > -Kenton > > On Tue, Mar 17, 2015 at 11:07 AM, <[email protected]> wrote: > >> On Friday, 6 March 2015 22:04:37 UTC, Kenton Varda wrote: >>> >>> OK, I'm coming around on this. >>> >>> I do suspect you're not the only one who is going to want to ferry >>> around GPU contexts in this way. Anyone wanting to build a Sandstorm-like >>> sandbox for desktop or mobile apps -- with a Cap'n Proto connection being >>> the only way the app talks to the world -- is likely to need something like >>> this. >>> >>> I guess that trying to abstract over Win32 is not going to work so well, >>> because the model for transferring handles is totally different there -- it >>> requires that at least one of the two processes involved has complete power >>> over the other, it seems. Not capability-like at all. >>> >> >> I'm also very interested in file descriptors being passed over >> Cap'nProto. I'm currently working on sandboxing applications using Capsicum >> and being able to pass file descriptors without another open socket would >> be extremely useful for me. >> I need that for e.g. passing shared memory fds or passing a read-only >> file descriptor for the file that is supposed to be opened. I'm fine with >> this being UNIX-only since currently I am only sandboxing on Linux and >> FreeBSD. >> >> Alex >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Cap'n Proto" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> Visit this group at http://groups.google.com/group/capnproto. >> > > -- You received this message because you are subscribed to the Google Groups "Cap'n Proto" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/group/capnproto.
