On 3 Nov 2015, at 14:46 , Raymond Jennings
So the kernel itself doesn't actually "own" any capabilities, just does
the bookkeeping and enforcement?
Caps are like keys: they authenticate access. The kernel doesn’t need them for its own
purposes. However, our integrity and confidentiality proofs show that the kernel will not
on its own access user memory, unless on behalf of a thread who demonstrates that it is
authorised by presenting an appropriate caps.
The information in this e-mail may be confidential and subject to legal professional
privilege and/or copyright. National ICT Australia Limited accepts no liability for any
damage caused by this email or its attachments.