The set of operations that can be performed on the virtual
filesystem
is divided into
capabilities. The purpose of this
is to allow code to be separated according to the principle of
least privilege. That is, if a given function only needs to read
from the filesystem and does not need to be able to mount or unmount
archives, then it can be declared as taking a value of type
FSCapabilityRead
as opposed to, for example, a value of type
FilesystemType.
This allows the type system to give much stronger guarantees about
what a particular function can do to the filesystem.