Framework design upload
This commit is contained in:
deamonkai
18
freebsd/mapping.md
Normal file
18
freebsd/mapping.md
Normal file
@@ -0,0 +1,18 @@
|
||||
# FreeBSD mapping notes (draft)
|
||||
|
||||
## Isolation domains
|
||||
- Use **jails** to isolate tools/workers.
|
||||
- Map `domain_id` to a jail instance.
|
||||
|
||||
## Capabilities
|
||||
- Use **Capsicum** to restrict tool runners.
|
||||
- Capabilities are represented as scoped grants in the cognitive kernel and realized via Capsicum + pre-opened descriptors.
|
||||
|
||||
## Eventing
|
||||
- Use **kqueue** for event-driven IO in the cognitive runtime.
|
||||
- Provenance logs are append-only files (optionally per-domain datasets on ZFS).
|
||||
|
||||
## Resource control
|
||||
- rctl, login classes, cpuset can enforce limits.
|
||||
- Budgeting logic lives in the cognitive runtime; enforcement uses kernel primitives.
|
||||
|
||||
Reference in New Issue
Block a user