The context of an application depends on how the system is configured. A process has a file context similar to the file context of a UNIX process; it has a root directory as well as a current directory. It can also create, open, close, read and write files or sockets.
A process runs on behalf of a user who is identified by a credentials structure. The process credentials include:
the identifier of the user (uid
)
the identifier of the user group (gid
)
a list (possibly empty) of identifiers of supplementary groups
The process credentials are specified in the data structure cx_cred_t, which includes the following members:
uid_t cr_uid; /* process's user ID */ gid_t cr_gid; /* process's group ID */ unsigned short cr_ngroups; /* number of groups in cr_groups */ gid_t cr_groups[]; /* supplementary group list */
The ChorusOS operating system concept of credentials is simpler than the UNIX one. The ChorusOS operating system does not differentiate between real or effective user and group identification because it is not supported.
These process credentials are used for file access and also when the ChorusOS operating system runs in secure mode to check the validity of an operation. For example, in secure mode only the superuser, whose user identifier is 0, can load supervisor actors.