[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Do we want a server on `/servers/machine' (or similar)?
|
From: |
Thomas Bushnell BSG |
|
Subject: |
Re: Do we want a server on `/servers/machine' (or similar)? |
|
Date: |
Wed, 09 May 2007 09:54:22 -0700 |
On Wed, 2007-05-09 at 17:53 +0200, Thomas Schwinge wrote:
> Now, how about the following: we have a server sitting on
> `/servers/machine' (or somewhere else) that accepts rpcs like
> `io_perm_create' or `memory_map_create' and ``forwards'' (it need not
> really be forwarding) them to the kernel after having done some
> permission checking. That server would hold access to the device-master
> port (and host-priv as well?), so it could also -- being a proxy -- allow
> access to (e.g.) `i386_io_perm_create' to users that can't get such
> access by themselves, but can prove that they should be allowed such
> access. Proving this might be something like: ``When you're a member of
> the `console' group, you're allowed to get access to the i/o ports that
> deal with video output and to the video memory.''
I think this is roughly the right structure, sounds good.
I don't much like the name /servers/machine; so let's figure out
something better. Names like that persist forever, so it's actually
more important than it might seem to get them right from the get-go.
Thomas
signature.asc
Description: This is a digitally signed message part