[Sugar-devel] Future of Rainbow + Sugar?

Benjamin M. Schwartz bmschwar at fas.harvard.edu
Tue Feb 24 18:05:51 EST 2009


Martin Langhoff wrote:
> Maybe my ignorance on matters selinux is showing? ;-)

You are not alone.  Sugar/OLPC simply never had SELinux experts who
volunteered to work on Rainbow.  We still don't (raise your hand if you
consider yourself proficient at writing SELinux policy!).

It's hard to write a sandboxer like Rainbow, since it must not only appear
to work, but be verified "secure" to a high degree of confidence.  That's
harder still if one is writing in a system in which one is a novice, so
the developers (principally Michael) have instead stuck to technologies
with which they are already expert.

--Ben

P.S. The SELinux entry on Wikipedia contains the following gem: "Isolation
of processes can also be accomplished by mechanisms like virtualization;
the OLPC project, for example, sandboxes individual applications in
lightweight Vservers."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://lists.laptop.org/pipermail/devel/attachments/20090224/5794c653/attachment.sig>


More information about the Devel mailing list