Help with permissions under Rainbow sought

Michael Stone michael at
Sun Apr 18 11:36:07 EDT 2010

George Hunt wrote:

> I had looked for an input mechanism to Rainbow's CONSTANT_RAINBOW_UID
> without success. So thanks for your pointer.

Where did you look? 

(I'd like to go fix it...)

> I'm curious to know why you think using a constant UID is undesireable.  

Making things constant-uid in the sugar-0.82 + rainbow-0.7.* world removes all
isolation between instances of the activity.

> At this point I'm looking for ways to simplify the next stages of debugging my
> program.
> My thinking is as follows: If I can get permissions off the table as a
> source of failure, while I deal with all the other problems I haven't
> foreseen, I can come back and tighten up security when my code is more
> solid.

Your reasoning seems fine to me. 

(One word of caution, though: rainbow will probably not respond well to seeing
a single activity bundle_id switch between the constant-uid and the (default)
fresh-uid setting. Therefore, you should either use a fresh bundle_id when you
switch or you should clean out rainbow's filesystem state in /etc/passwd,
/etc/group, and /home/olpc/isolation/1/.)



P.S. - I really like ipython, so I'm excited to see your activity. 

Also, if you like ipython, check out bpython.

More information about the Devel mailing list