[Sugar-devel] Future of Rainbow + Sugar?
Michael Stone
michael at laptop.org
Tue Feb 24 18:42:39 EST 2009
On Tue, Feb 24, 2009 at 06:05:51PM -0500, Benjamin M. Schwartz wrote:
> Sugar/OLPC simply never had SELinux experts
I'm pretty sure this is false. For instance, I know that ancient OLPC+RH
kernels has SELinux enabled and I know that the SELinux folks at RH have always
been excited to help me to understand their work whenever I took the time to
ask them questions every few months.
>It's hard to write a sandboxer like Rainbow, since it must not only appear
>to work, but be verified "secure" to a high degree of confidence. That's
>harder still if one is writing in a system in which one is a novice, so
>the developers (principally Michael) have instead stuck to technologies
>with which they are already expert.
This is actually not such a big deal, in my opinion. The killer problem, as I
learned from the vserver experience, is that novice activity authors /must/ be
able to debug their work in any system which we might hope to ship. I don't
think that I have very good ideas on how to make this part workable with
technologies that are more complicated or more obscure than Unix DAC.
Michael
More information about the Devel
mailing list