Help with permissions under Rainbow sought
Michael Stone
michael at laptop.org
Sun Apr 18 11:36:07 EDT 2010
George Hunt wrote:
> I had looked for an input mechanism to Rainbow's CONSTANT_RAINBOW_UID
> without success. So thanks for your pointer.
Where did you look?
(I'd like to go fix it...)
> I'm curious to know why you think using a constant UID is undesireable.
Making things constant-uid in the sugar-0.82 + rainbow-0.7.* world removes all
isolation between instances of the activity.
> At this point I'm looking for ways to simplify the next stages of debugging my
> program.
>
> My thinking is as follows: If I can get permissions off the table as a
> source of failure, while I deal with all the other problems I haven't
> foreseen, I can come back and tighten up security when my code is more
> solid.
Your reasoning seems fine to me.
(One word of caution, though: rainbow will probably not respond well to seeing
a single activity bundle_id switch between the constant-uid and the (default)
fresh-uid setting. Therefore, you should either use a fresh bundle_id when you
switch or you should clean out rainbow's filesystem state in /etc/passwd,
/etc/group, and /home/olpc/isolation/1/.)
Regards,
Michael
P.S. - I really like ipython, so I'm excited to see your activity.
Also, if you like ipython, check out bpython.
More information about the Devel
mailing list