Re: Capsicum: practical capabilities for UNIX

[Bakul Shah <bakul%bitblocks.com@localhost>]

On Tue, 28 Sep 2010 09:33:33 BST Robert Watson 
<robert.watson%cl.cam.ac.uk@localhost>  wrote:
> About ten years ago, I experimented with delegating UNIX privileges using file
> descriptors ("tokens"), but wasn't satisfied with the composition properties,
> so didn't reuse the idea in Capsicum.  In particular, the existing file 
> descriptor behaviour of UNIX seems to align well with capability concepts in a
> way likely to work well with current applications (not a coincidence, of 
> course, but hence using that as the starting point in Capsicum), whereas many
> existing UNIX programs have strong notions of manipulating privilege using 
> UIDs rather than as file rights.  While it seemed that correct usage was 
> likely possible, the potential for something catastrophic was worrying.

To me the notions of file descriptors and capabilities align
so well that I would've considered mapping UIDs into this
scheme somehow.  Did you consider something like that?
Mapping UIDs to a userfs or even a special kind of pre-opened
"file" descriptors?