Y
Hacker News
new
|
ask
|
show
|
jobs
by
daymanstep
27 days ago
Doesn't that mean that your process is then responsible for ensuring that an app with a read-only capability cannot do a write ?
You're moving the burden of enforcement from the kernel to the user level ?
1 comments
josephg
25 days ago
Yes, microkernels like SeL4 do almost all real work out of the kernel, and in userland processes. It’s much more secure that way.
link