undefined | Better HN

0 pointscodys5y ago0 comments

What POSIX and the linux kernel calls "capabilities" unfortunately result in quite a bit of confusion, which I believe is the cause of your post. POSIX capabilities bear little resemblance to actual capability based security (where a capability is a send/recv-able token that references an object and a set of rights for interacting with that object).

0 comments

alexgartrell5y ago

I was not aware of object capabilities -- TIL.

That said, looking at the (apparently) leading implementation, capsicum

> Capsicum also introduces capability mode, which disables (with ECAPMODE) all syscalls that access any kind of global namespace; this is mostly (but not completely) implemented in userspace as a seccomp-bpf filter.

So I do feel that bpf ultimately enables building the kinds of abstractions that people want.

j / k navigate · click thread line to collapse

0 pointscodys5y ago0 comments

0 comments

alexgartrell5y ago

I was not aware of object capabilities -- TIL.

That said, looking at the (apparently) leading implementation, capsicum

So I do feel that bpf ultimately enables building the kinds of abstractions that people want.

j / k navigate · click thread line to collapse