dckc
WASI
I only did a cursory search while running out the door, and saw some web assembly stuff, but didn't see WASI specifically mentioned which might be good to add above and beyond wasm and cap_std stuff if there is a good page describing wasi's usage of capabilities.
ah... that's particularly handy, @tarcieri . It pin-points my unease with WASI: I'm 100% fine with Runtime capabilities.
But references to so-called Link-time capabilities are ambient authority, no?
The OCap Discipine definition I use includes:
... anything globally accessible is immutable data. There is no
open(filename)function in the global namespace, nor can such a function be imported.
and by "global namespace" I also mean module namespaces.
I'm not certain, I didn't catch it because I had likened it to the http://cap-lore.com/CapTheory/KK/Bang.html of keykos, or the "initial system image" of coyotos/capros, similarly in seL4 the "root process" is given a static set of capabilities specified at build time.
When reading that link I had just sort of assumed that it worked that way too, but the restriction of this to the root process seems like a necessary limitation to avoid ambient authority.