Re: [chaos-devel] My plan
Status: Pre-Alpha
Brought to you by:
sf_hal
Menu
▾
▴
Re: [chaos-devel] My plan
|
From: Per L. <pe...@gm...> - 2007-03-22 23:05:13
|
Henrik Hallin-UU wrote: Hi Henrik, > What we can start doing now is to implement a real shell (Cluido). This > ought to easy debugging of servers. Anyone up for the task? Johannes volunteered and I might also be able to help with some bits there. The Chaos.Security is also something that needs to be implemented soon, as you wrote in another email. As I mentioned to you, we should make Storm.NET launch a set of servers on startup (and give them the capabilities it feels like). Then the Server.Boot should launch Cluido, dropping capabilities as needed. The capability system can be fairly easy but flexible. Perhaps just a set of regular expressions or something. The important point is: Storm.NET has full capabilities (.* in regexp talk). When launching a new server, it can set any capability less than or equal to its own capabilities on the new process. Likewise when the Server.Boot will launch Cluido, it can give it less than or equal to its own capabilities. If we go the regexp road (maybe a bit overkill really) I think the "less than or equal" formula might be a bit hard to implement, to put it mildly. ;) Perhaps a form of simpler globbing is more suitable: Service.* - access to all services. Service.Console - access to a specific service. Storm.CreateService - access to the specific system call in Storm.NET. The problem here is not the implementation really but rather to find a suitable level of fine-grainedness. If you make it too specific, it might get over-complicated to add capabilities to a user etc. (you need to find all the specific capabilities that he needs - can obviously be partially remedied by having capability groups, preferrably with a form of inheritance so that a capability group can contain other capability groups). If you make it too non-specific, we have reimplemented Linux, welcome to the 70's again. :-P Back to where we are now: As soon as the IPC works again :) (it is currently broken in SVN but you are already well aware of this) I think we release chaos.net 0.0.2, to make sure people see that things are proceeding quickly in the right direction. Now, bedtime... -- "stormG3 is obsolete" Best regards, Per Lundberg |
