Re: How to add constructor to the Hurd?

[Marcus Brinkmann]

At Tue, 2 May 2006 02:03:45 +0200,
Pierre THIERRY <address@hidden> wrote:
> 
> [1  <multipart/signed (7bit)>]
> [1.1  <text/plain; us-ascii (quoted-printable)>]
> Could someone please explain how the constructor would be enabled or
> implemented in the Hurd? Where would there be additions or
> modifications?

I can only tell you about my proposal.  Given how things are right
now, everybody may have something else in mind (although I suspect
there are mainly two variations, Jonathans and mine).

In my model, there is no constructor and no metaconstructor.  The
initial configuration of a child is completely and fully determined by
the parent.  Process instantiation is strictly a two-party activity,
where one party, the parent, completely dominates the other, the child.

This means that a parent can only instantiate a process if it has the
full authority to do so, including access to the executable image and
all required capabilities.  However, the child may have less authority
than the parent, and of course the authorities that processes possess
in the system may change dynamically over time.

This naturally leads to a recursive process hierarchy.  This process
hierarchy will, conveniently (but not necessarily), also reflect the
resource accounting and management hierarchy.  In other words: All
children of a process run, recursively, from the same resource pool
(but this resource pool may be subdivided further down in the
hierarchy).

> Marcus, say someone do this implementation for the Hurd, and actively
> maintains it, and it causes no technical harm to include it to the Hurd
> (it doesn't weaken security or robustness, etc.). If you still think it
> is an ethical issue to include it in the Hurd, but some others not, at
> least obviously the implementer, would you reject that inclusion?

The same answer applies here as for the confinement feature.

Thanks,
Marcus