[olpc-nz] Fwd: [Sugar-devel] ANN: rainbow-0.8.5 release.

Tomeu Vizoso tomeu at sugarlabs.org
Mon Nov 30 05:18:09 EST 2009 

On Mon, Nov 30, 2009 at 10:05, Martin Langhoff
<martin.langhoff at gmail.com> wrote:
> Hi NZers, BAers, Ghent'ers, all!
>
> Michael Stone has been putting a lot of work into improving Rainbow,
> the security isolation tool that we had in our OSs.
>
> He is very keen on OLPC including this into the builds, but we don't
> know whether it works, what rough edges it has, in short, how mature
> it is, and how much work it'll take to include it.
>
> Michael is hoping to see more feedback from testers (and OLPC is
> hoping the same, as we're flat out finishing F11/XO-1.5...).
>
> How to test? I'd suggest a start would be:
>
> - Grab 2 XOs with the same F11 build (XO-1s with OS8 or the promised
> OS10 will do).
>
> - On one, install Rainbow as per the instructions
> http://wiki.laptop.org/go/Rainbow/Installation_Instructions - grab the
> latest source, as it's new from 2 days ago...
>
> - Go through a smoketest with both, log the differences -- does
> anything break in the Rainbow'd machine?

Michael will correct me if I'm wrong, but maybe testers can focus only
on activities as Rainbow shouldn't affect anything else in the system?

Regards,

Tomeu

> - Pester Michael with questions, congratulations, bugreports, etc...
>
> Be kind, Michael is doing this on his own time, because he cares about
> OLPC shipping with a good isolation tool.
>
> cheers,
>
>
>
> m
>
> ---------- Forwarded message ----------
> From: Michael Stone <michael.r.stone at gmail.com>
> Date: Sun, Nov 29, 2009 at 2:44 PM
> Subject: Re: [Sugar-devel] ANN: rainbow-0.8.5 release.
> To: Martin Langhoff <martin.langhoff at gmail.com>
>
>
> On 11/29/09, Martin Langhoff <martin.langhoff at gmail.com> wrote:
>> On Sun, Nov 29, 2009 at 12:27 AM, Michael Stone <michael at laptop.org> wrote:
>>> This release was made possible by encouragement from Fabian Affolter, Luke
>>> Faraone, Martin Langhoff, and my friends at sandboxing.org.
>>
>> Congrats on the release. You`re quite a character :)
>
> You're a fine one to talk. :)
>
>> Ok -- to ask something useful. If there was someone interested in
>> re-integrating rainbow into the stack, beyond the obvious of packaging
>> the latest release, what does the job look like?
>>
>> - an init script needs to be enabled?
>
> No init scripts needed (yet) -- this is a pure exec-chain.
>
>> - nss config
>
> Yup, but that's a two-line sed script. (Maybe guarded by a one-line grep).
>
>> - enabling something in sugar / reverting some patches?
>
> See the "sugar+rainbow" section at the bottom of
> http://wiki.laptop.org/go/Rainbow/Installation_Instructions. I haven't
> tested these instructions since the cited sugar patches were merged a
> few months back (though some six months after they were written!) so
> they may have bitrotted a little bit. However, they shouldn't be too
> hard to fix up. I expect that the biggest change will be the
> additional one-line patch will be needed to add the "-o network"
> option but that shouldn't be a big deal.
>
>> - working through Sugar activities that may not be doing things in
>> rainbow-compatible ways?
>
> Yup, though this should be less effort than last time around, both due
> to activities being cast from a different mold this year and due to
> rainbow imposing fewer requirements than before.
>
>> - other steps before it`s in a reasonable-enough shape to work?
>
> Mostly depends on how you want to deal with the configuration changes
> that are necessary to permit isolated activities to use D-Bus, GConf,
> etc. After that, getting to the point where most activities launch is
> fairly straightforward. Testing and fixing them is a bit more work but
> we have a good database of what has broken in the past. Finally, we
> would need to either revive the rainbow-gc garbage collection script
> (not too hard; just haven't needed it yet myself) or to teach Sugar to
> keep track of containers and to pass the "-r <uid>" option when it
> wants to resume the activity contained by <uid>.
>
> Questions?
>
> Michael
>
>
>
> --
>  martin.langhoff at gmail.com
>  martin at laptop.org -- School Server Architect
>  - ask interesting questions
>  - don't get distracted with shiny stuff  - working code first
>  - http://wiki.laptop.org/go/User:Martinlanghoff
> _______________________________________________
> olpc-nz mailing list
> olpc-nz at lists.laptop.org
> http://lists.laptop.org/listinfo/olpc-nz
>



-- 
«Sugar Labs is anyone who participates in improving and using Sugar.
What Sugar Labs does is determined by the participants.» - David
Farning

More information about the olpc-nz mailing list