"Christopher Nelson" <[EMAIL PROTECTED]> writes: > Ah. Well, it seems to me that capabilities must not be serializable. > If they could be, what would stop a thread from modifying the > capabilities as they flowed back to the kernel?
Right. I was assuming a _protected_ capability systems where capabilities are by definition _not_ serializable by applications[0]. > If the serializing entity was part of the TCB, then you have to > implement a certain amount of persistence anyway. That was my point: how can we serialize capabilities without support from the trusted kernel (i.e. without "persistence"). As you say, it's probably impossible. This makes the use of persistence more than just a matter of taste. > Once you start implementing persistence by degrees you run into a > whole bunch of edge cases where it's just easier to implement > system-wide persistence anyway. That's been my experience, in any > case. I guess so. Have you been working on persistence/checkpointing mechanisms? Thanks, Ludovic. [0] http://lists.gnu.org/archive/html/l4-hurd/2005-10/msg00010.html _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
