Processes in NunyaOS
How do processes work in NunyaOS?
Processes are at the heart of NunyaOS' functionality and ideology. Processes are loaded by the kernel from the files.iso
and executed at the user level. All processes are constrained by permissions. Most of the future work of NunyaOS will be writing processes to provide functionality for the operating system.
Can processes spawn other processes?
Yes! This is central to the hierarchical containment model of NunyaOS. Processes can spawn child processes, and those child processes are held to at least the same restrictions as the parent. The child's use of resources count toward the parent's allocation as well. If a process wants to restrict its child's permissions further, it can do so through process capabilities.
How can I write a process?
Processes in Nunya are written in C and interface with the kernel through system calls, accessible by including syscall.h
. There are a few catches in structuring and compiling the code, however. Look at the example programs in the repository to see how they are structured. One of the main things is that, due to the current linking and compiling environment, a start
signpost is needed at the very beginning of the file. Let the Makefile
do the work for you; place your code in /src/bin/
and they will be compiled using the correct flags and even moved into files.iso
so they will be visible within the operating system's filesystem. All you need to do is add the path of the process to the BINARIES
variable in the Makefile.
Process Capabilities
What are capabilities?
Running a process in NunyaOS involves the creation and manipulation of what is referred to as a capability. Capabilities are manifests of a process’s privileges—the files it can access, the amount of memory it owns, the pixels it can draw to—that allow NunyaOS to enforce its core hierarchical containment structure, as processes create and run child processes. Since a child’s permissions cannot exceed that of its parent, NunyaOS needs a secure way to allow processes to indicate the permissions of any child processes they want to create.
How do you create and use capabilities?
To prevent a nefarious process from attempting to create a child process with permissions that exceed that of the parent, all capabilities in NunyaOS reside in kernel memory, and processes use syscalls to create and modify capabilities indirectly:
- the process uses a syscall to create a capability, and the system returns an identifier to the created capability. The capability counts toward the process’ memory allocation and needs to be destroyed after use to reclaim the memory.
- The process uses syscalls to change the capacity to reduce the amount of memory, the files, and the size of the window its child can access.
The syscalls ensure that the requested permissions never exceed that of the parent, keeping the capability in a state of valid permissions.
How do you create processes with capabilities?
Once the process has manipulated the capability to the desired specifications, it passes the identifier to the run()
syscall, and the child process is created with the permissions contained by the capability. The capability itself exists separately from any processes created with it; changing the capability will not alter the permissions of any processes created before alteration. You can use a capability multiple times to create additional processes with the same permissions.
Capabilities represent a core component of the hierarchical model of NunyaOS: by requiring kernel-level validation of all proposed permissions, the system ensures that no process can circumvent them by creating an invalid set of process permissions.