[Sugar-devel] Future of Rainbow + Sugar?
Benjamin M. Schwartz
bmschwar at fas.harvard.edu
Tue Feb 24 18:05:51 EST 2009
Martin Langhoff wrote:
> Maybe my ignorance on matters selinux is showing? ;-)
You are not alone. Sugar/OLPC simply never had SELinux experts who
volunteered to work on Rainbow. We still don't (raise your hand if you
consider yourself proficient at writing SELinux policy!).
It's hard to write a sandboxer like Rainbow, since it must not only appear
to work, but be verified "secure" to a high degree of confidence. That's
harder still if one is writing in a system in which one is a novice, so
the developers (principally Michael) have instead stuck to technologies
with which they are already expert.
P.S. The SELinux entry on Wikipedia contains the following gem: "Isolation
of processes can also be accomplished by mechanisms like virtualization;
the OLPC project, for example, sandboxes individual applications in
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: OpenPGP digital signature
More information about the Devel