[Sugar-devel] Future of Rainbow + Sugar?

Michael Stone michael at laptop.org
Tue Feb 24 18:21:46 EST 2009


On Wed, Feb 25, 2009 at 11:33:30AM +1300, Martin Langhoff wrote:
>You are now talking about the implementation of rainbow that provides
>userland privilege isolation. 

For the record, "rainbow" only describes the userland privilege isolation part.
The rest is just "OFW, olpcrd, olpc-update, OATS...". (If somebody knows a
better way to explain this stuff, speak up!)

> One thing that I wonder is whether in the push to make our OS more generic it
> would make sense to push rainbow in the direction of things like smack or
> selinux. 

I think this would have the effect of making rainbow much less generic than it
currently is. On the other hand, it might still be worth doing if it made it
much easier to implement important features.

> Maybe rainbow could insta-isolate creating selinux profiles for activities?

I've been wondering about this for some time. Basically, while my reaction when
it was initially proposed it was lukewarm, for all the usual reasons [1].
Since then, I've been very gradually warming to the idea, in part as SELinux
matures, in part as I get to know the technology and people [2] better, and in
part as I run up against limitations of the simple Unix approach that I've
taken for the last year. Therefore, while it's not how /I/ intend to proceed in
the near future, I'm happy to try to work with people who feel differently. I
definitely have some ideas on the subject.

Michael

[1]: http://lists.laptop.org/pipermail/security/2008-January/000370.html
[2]: http://danwalsh.livejournal.com



More information about the Devel mailing list