Direct process construction prohibited

31 views

Skip to first unread message

fctorial

unread,

Dec 30, 2020, 10:19:17 AM12/30/20

to zircon-dev

Fuchsia docs state:

Direct construction of processes is prohibited in the fuchsia job tree using a job policy.

https://fuchsia.dev/fuchsia-src/concepts/booting/process_creation

What is the reason for this prohibition?

Suraj Malhotra

unread,

Dec 30, 2020, 11:33:41 AM12/30/20

to fctorial, zircon-dev

Without restricting it, process creation becomes a capability all processes get automatically. Fuchsia is designed such that components start with no capabilities other than the ones described by their manifests. Job policy alone isn't granular enough for capability routing, so we instead have a fidl service which provides the capability through a the /svc namespace.

You will see this same pattern employed for restricting several kernel provided capabilities.

--
All posts must follow the Fuchsia Code of Conduct https://fuchsia.dev/fuchsia-src/CODE_OF_CONDUCT or may be removed.
---
To unsubscribe from this group and stop receiving emails from it, send an email to zircon-dev+...@fuchsia.dev.

Reply all

Reply to author

Forward

0 new messages