The position paper tries to capture technical objectives. As has been stated by Neal in , these are a number of scenarios we are interested in addressing:
- security: programs are not users; they should be constrained according to the user's intents
- resource management
- efficiency: facilitate use of local knowledge
- soft real-time: expose virtualized resources with useful access case characteristics
- integration: safe extension of the system
These goals have been initially proposed by Bas Wijnen . The list here is a slightly modified form, I tried to incorporate the content of the mailing list discussion. It has to be noted that there is no consensus about this list. There have been objections about both the number of goals stated and specific goals themselves.
- resource accountability
- support for most legacy applications
- no ACLs
Extensibility has often been a strong argument to support the multiserver approach. Therefore, I think, it has been rated to be an essential goal in our (preliminary) list, too. However, it has been suggested that this argument is of few or no interest for a general purpose OSes: it is argued that the benefits of extensible kernels can be migrated to conventional ones by defining exactly what the extension requires. "Conventional kernel" is here probably to be interpreted as "monolithic kernel". From the above, I think the first (naive) conclusion that could be drawn would be to abandon the multiserver approach and extensibility goal.
However, I do believe there are benefits in multiserver environments you cannot get in a monolithic one, namely enhanced security and stability through protection boundaries. Also, whilst wanting to become adopted as general purpose OS, ngHurd still strives to allow for research also, so even according to the above-referenced paper extensibility is to be one of its goals.
Therefore, I'd want to propose to weaken the impact of extensibility on the design, by lowering it to the category "Regular Goals". --- 13 Dec 2006
- confinement with endogenous verification
- soft real time
- setting diverse resource distribution policies
- persistent sessions for users
- small memory footprint
- support for all POSIX applications