[Sugar-devel] Future of Rainbow + Sugar?

Michael Stone michael at laptop.org
Tue Feb 24 18:42:39 EST 2009

On Tue, Feb 24, 2009 at 06:05:51PM -0500, Benjamin M. Schwartz wrote:
> Sugar/OLPC simply never had SELinux experts 

I'm pretty sure this is false. For instance, I know that ancient OLPC+RH
kernels has SELinux enabled and I know that the SELinux folks at RH have always
been excited to help me to understand their work whenever I took the time to
ask them questions every few months.

>It's hard to write a sandboxer like Rainbow, since it must not only appear
>to work, but be verified "secure" to a high degree of confidence.  That's
>harder still if one is writing in a system in which one is a novice, so
>the developers (principally Michael) have instead stuck to technologies
>with which they are already expert.

This is actually not such a big deal, in my opinion. The killer problem, as I
learned from the vserver experience, is that novice activity authors /must/ be
able to debug their work in any system which we might hope to ship. I don't
think that I have very good ideas on how to make this part workable with
technologies that are more complicated or more obscure than Unix DAC.


More information about the Devel mailing list