Skip to content(if available)orjump to list(if available)

Guarding Against Broken Encapsulation

nine_k

The OS's encapsulation barrier is a process, not a crate, hence no automatic crate-level boundaries for OS calls.

AFAICT the idea is that stuff from different crates should be insulated from each other by the compiler, and only made to interact by explicit programmer's intent. If a crate is dedicated to provide interaction with specific OS calls, this becomes an interesting problem.