On 9/3/17, Gernot.Heiser@data61.csiro.au
Cool and challenging project!
You might want to look at Cogent for writing file systems.
Naive question: Why stick with the Unix model, which is a bit dated by now, especially the coarse-grain protection model that ACLs provide (and that lead to inevitable problems, such as confused deputies)?
UX/RT is supposed to be a microkernel OS for the real world, rather than an ivory-tower research project. One of the biggest reasons to stick with Unix is that there are a lot of applications for it and lots of people are familiar with it. An OS is nothing without applications to run on it, and few people will port their applications to some obscure research OS with a "proprietary" API. Linux world domination is a reality, and any microkernel OS that is going to even attempt to provide a credible alternative must deal with that fact. And no, relegating Unix applications to some kind of second-class citizens running in a "penalty box" isn't really enough IMO. Most people won't want to deal with that. Also, I think a heavily modernized and streamlined Unix would be good enough and could do most things just as well as the non-Unix research microkernel OSes. Maybe it could possibly be better since it might be more likely to get more contributors. Also, I can't say I've ever heard of a pure capability OS that runs stuff other than VMs or static scenarios (or at least mostly static). The only pure capability OSes that have had significant success outside academia that I can think of are KeyKOS, which from what I gather was mostly used as a hypervisor or running a Unix environment, and possibly CPF on the System/38, although I don't know if CPF was actually a pure capability OS. UX/RT's security model will be much more fine-grained than that of conventional Unix since it will allow controlling access on a per-process basis rather than just per-user, and there will be no privileged system calls. All access control other than resource limits will be implemented by allowing specific processes selective access to particular files (and even resource limits will be set through a file-based API). System servers that export multiple resources will have their special files divided up to allow for fine-grained access control. Even if UX/RT won't be perfect, it will be a whole lot better than mainstream OSes. I think it's better to have a practical good OS than an impractical perfect one.