You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to fctorial, zircon-dev
Without restricting it, process creation becomes a capability all processes get automatically. Fuchsia is designed such that components start with no capabilities other than the ones described by their manifests. Job policy alone isn't granular enough for capability routing, so we instead have a fidl service which provides the capability through a the /svc namespace.
You will see this same pattern employed for restricting several kernel provided capabilities.