|
|
|
|
|
|
by codys
2053 days ago
|
|
|
What POSIX and the linux kernel calls "capabilities" unfortunately result in quite a bit of confusion, which I believe is the cause of your post. POSIX capabilities bear little resemblance to actual capability based security (where a capability is a send/recv-able token that references an object and a set of rights for interacting with that object). |
|
|
That said, looking at the (apparently) leading implementation, capsicum
> Capsicum also introduces capability mode, which disables (with ECAPMODE) all syscalls that access any kind of global namespace; this is mostly (but not completely) implemented in userspace as a seccomp-bpf filter.
So I do feel that bpf ultimately enables building the kinds of abstractions that people want.