Hacker News new | ask | show | jobs
by trasz 1485 days ago
>File systems aren't actually capability based (generally, in practice) because you can 'ls' and 'cd ../'. Otherwise they could be.

That's precisely how it works in FreeBSD (https://www.freebsd.org/cgi/man.cgi?capsicum).
1 comments
staticassertion 1485 days ago
"generally, in practice"

There's also openat on linux. My point is that the general, practiced approach is not capability based.

link
trasz 1485 days ago
It it’s not capability based, because Linux doesn’t provide necessary functionality. FreeBSD does, as explained in the man page I’ve linked to.
link