Ben Laurie blathering

Capabilities versus Jails

In responses to a post mentioning CaPerl, the relative merits of jails and capabilities are touched upon, prompting my (somewhat tangential, I’ll admit) thought:

Capabilities have at least two obvious superiorities over jails.

The first is that designation is authorisation – that is, I don’t have to first tell the jail what the untrusted code can use, and then tell the code to use it.

The second is that when using capabilities it is easy to restrict resources in custom ways, since a capability is essentially code that wraps the mediated resource.

I will admit, though, that the CaPerl style of capability system can’t (neatly) control CPU usage. For that, you need a capability system that’s built into the operating system.

Since we’re talking about capabilities and Python, I’m reminded that some of the Twisted guys spent some time getting excited about caps with me during, hmm, PyCon, I think – and also wanted to control CPU – must be some kind of Python meme.

Finally, it’s been pointed out to me that Twisted incoporates capabilities somewhere in its guts (look for the Perspective Broker).

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress