What does HackerNews think of cloudabi?
Definitions for the CloudABI data types and system calls
Language:
C
FreeBSD does have Capsicum [0] though — with file descriptors as capabilities. FDs can be passed between programs over UNIX datagram sockets.
Processes can enter "capability mode" where only open (or rather: active) file descriptors can be used. There used to be an alternative runtime for FreeBSD called CloudABI [1], with which native programs could be started in capability mode, but it was discontinued in favour of WASI [2] (server-side Webassembly) — which adopted CloudABI's libc API.
0: <https://www.cl.cam.ac.uk/research/security/capsicum/>
Agreed re: the general idea, but isn't CloudABI in particular superseded somewhat by WASI? Its repo seems to say it is: https://github.com/NuxiNL/cloudabi
(WASI is similarly capability-based, as I understand it!)
CloudABI (https://github.com/NuxiNL/cloudabi) was an interesting attempt at doing just that. However it seems it didn't gain enough traction and people involved veered towards wasm/wasi which also abstracts over the instruction set (at the expense of performance, unless I'm missing some development on the AOT front)