testing 8.2 using qemu

pgf at laptop.org pgf at laptop.org
Thu Sep 18 16:14:22 EDT 2008 

ton van overbeek wrote:
 > Michael Stone wrote:
 > > Gabriel,
 > >
 > > To understand Rainbow, start by reading
 > >
 > >    http://wiki.laptop.org/go/Security
 > >    http://wiki.laptop.org/go/Low-level_Activity_API#Security
 > >    http://wiki.laptop.org/go/Rainbow
 > >
 > > or by asking people about it on IRC.
 > >
 > > Michael
 > >
 > > P.S. - You wrote that
 > >
 > >   
 > >> Since there is little documentation on rainbow (I still don't
 > >> know what it is and why including it broke the activity) I'm going to
 > >> follow a hack suggested by brian...
 > >>     
 > >
 > > Could you tell me a bit about where and how you looked for documentation
 > > so that I can try to put documentation that exists in places where you
 > > would have found it (or create new documentation if needed)?
 > >   
 > Michael,
 > 
 > Although I am not Gabriel, I do have some viewpoints on the questions 
 > you asked.
 > 
 > If you do not know where to look it is difficult to find the rainbow 
 > isolation information
 > (uid pool, gid pool, which directories are writable, etc. compared with 
 > a classic Unix/Linux system).
 > I would expect a basic description of the rainbow model from the 
 > activity developer point of view
 > already linked to from the main Developers page 
 > (http://wiki.laptop.org/go/Developers),
 > since there is where you would start to look beginning from the left 
 > hand navigation on the wiki.

part of the trouble is that, since rainbow wasn't enabled in the
earlier builds, activities had no need to follow the requirements
set forth in the "low level activity api" page:
   http://wiki.laptop.org/go/Low-level_Activity_API
legacy apps that created .config directories in $HOME worked just
fine.  they do not under rainbow.  but if the activity guidelines
are followed, then the activity "just works" with rainbow.

that being said, i agree that there should be a page explaining
the theory (in lightweight terms) and practical ramifications (in
detailed terms) of rainbow.  and, assuming that such a page (or
pages) exist, they should be heavily linked to from the low-level
api page, since they'll explain the rationale behind the
otherwise overly strict seeming restrictions of the api.

paul
=---------------------
 paul fox, pgf at laptop.org

More information about the Devel mailing list