capability: Extend.

2 files changed, 29 insertions, 10 deletions

diff --git a/microkernel/eros.mdwn b/microkernel/eros.mdwn
new file mode 100644
index 00000000..be1ca90a
--- /dev/null
+++ b/microkernel/eros.mdwn
@@ -0,0 +1,15 @@
+[[!meta copyright="Copyright © 2011 Free Software Foundation, Inc."]]
+
+[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
+id="license" text="Permission is granted to copy, distribute and/or modify this
+document under the terms of the GNU Free Documentation License, Version 1.2 or
+any later version published by the Free Software Foundation; with no Invariant
+Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
+is included in the section entitled [[GNU Free Documentation
+License|/fdl]]."]]"""]]
+
+[[!tag open_issue_documentation]]
+
+<http://www.eros-os.org/>
+
+TODO.  <http://www.eros-os.org/essays/reliability/paper.html>
diff --git a/microkernel/mach/port.mdwn b/microkernel/mach/port.mdwn
index 7f02628d..26b55456 100644
--- a/microkernel/mach/port.mdwn
+++ b/microkernel/mach/port.mdwn
@@ -1,4 +1,4 @@
-[[!meta copyright="Copyright © 2002, 2003, 2007, 2008, 2010 Free Software
+[[!meta copyright="Copyright © 2002, 2003, 2007, 2008, 2010, 2011 Free Software
 Foundation, Inc."]]
 
 [[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
@@ -10,8 +10,8 @@ is included in the section entitled [[GNU Free Documentation
 License|/fdl]]."]]"""]]
 
 [[Mach]] *port*s are [[capabilities|capability]], and are also essentially
-similar to [[UNIX]] pipes.  They are communication channels, implemented by
-kernel queues.
+similar to [[UNIX]] pipes.  They are unforgeable communication channels,
+implemented by kernel queues.
 
 Each port has associated with it one *receive right* and one or more *send
 right*s and *send-once right*s.  That is, there is one receiver and one or more
@@ -39,7 +39,7 @@ like [[UNIX file descriptors|unix/file_descriptor]].  Only these local names
 can be used by [[thread]]s for invoking operations on ports, threads do not
 deal with port rights directly.
 
-For that, each task has associated with it a *port address_space*, or *port
+For that, each task has associated with it a *port address space*, or *port
 name space*.  All ports are addressed via this table.  Each task thus has its
 own private [[naming_context]] for port rights.
 
@@ -58,20 +58,24 @@ The delivery of [[message]]s is reliable and strictly ordered.  When a
 intermediate messages that are sent by other threads.
 
 Ports are objects that are implemented by the [[kernel]], and they are
-kernel-protected resources.  There is no way for a [[task]] to do anything with
-a port unless it have corresponding port right.
+kernel-protected resources: they are unforgeable, and there is no way for a
+[[task]] to do anything with a port unless it have corresponding port right.
 
 Due to this, ports are globally unique.  This makes them ideal for constituting
-system-wide *object references*.  For example, the [[RPC]] system as used by
-the GNU Hurd works by invoking *methods* on such object references.  The
-available methods are defined in [[hurd/interface]] files, and are processes by
-the [[MIG]] tool.
+system-wide *object references*.  (Fruther reading:
+{{$capability#wikipedia_object-capability_model}}.)  For example, the [[RPC]]
+system as used by the GNU Hurd works by invoking *methods* on such object
+references.  The available methods are defined in [[hurd/interface]] files, and
+are processes by the [[MIG]] tool.
 
 Invoking an operation on a port does not transfer the current execution control
 to the receiver, but instead is an asynchronous operation.  For this, and
 especially in a [[RPC]] system, the sender may include a *reply port* using a
 send-once right, and synchronize (block) on that one.
 
+
+# Port Set
+
 A [[thread]] can only block receiving on a single port.  To work around this,
 the concept of a *port set* was introduced.  A receive right can be added to
 (at most) one port set.  These port sets look like port receive rights, but