Skip to content

Use user permissions on socket handles#94

Open
hlef wants to merge 4 commits into
mainfrom
hlefeuvre/user-permissions-on-sockets
Open

Use user permissions on socket handles#94
hlef wants to merge 4 commits into
mainfrom
hlefeuvre/user-permissions-on-sockets

Conversation

@hlef

@hlef hlef commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

This addresses #91. While at it, it adds some missing documentation (which I realized while documenting the feature), and adds a missing check (which I found out while adding the permission checks).

This comes with a new example to showcase the use of least-privilege socket handles.

hlef added 3 commits July 2, 2026 14:02
Passing an invalid timeout capability currently crashes the network
stack (which is really annoying as it triggers a reset).

Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@ubc.ca>
Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@ubc.ca>
Similar to what we recently did in the allocator and in the message
queue, we can use the three currently-unused bits at the bottom of
sealed socket handles to store permissions.

Having permissions on sockets allows us to encode the right to close a
socket, send, or receive data.

Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@ubc.ca>
@hlef hlef requested a review from davidchisnall July 2, 2026 21:46
This extends the HTTP server example to showcase socket and allocator
capability permissions. We can also use that example later to showcase
sub-quotas.

Signed-off-by: Hugo Lefeuvre <hugo.lefeuvre@ubc.ca>
@hlef hlef force-pushed the hlefeuvre/user-permissions-on-sockets branch from 5f3fe6d to ac07f2c Compare July 3, 2026 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant