[OLPC Security] Moving towards a full Bitfrost implemention
Marcus Leech
mleech at nortel.com
Wed Nov 21 15:35:25 EST 2007
Folksen:
Just before I went off to Atlanta for an IEEE 802 meeting last week, I
built modified parts of rainbow
(inject.py, service.py and permlist.py) to support a couple of
different bitfrosty things:
o Adding "camera" and "microp" groups to /etc/groups
o Having the launcher add one or both of "camera" and "microp" to
the launched process'
"extra" groups membership, depending on permissions granted from
permissions.info
o Setting resource limits on a number of kernel resources for the
new process, including RLIMIT_NPROC,
RLIMIT_NOFILE, RLIMIT_AS, and one or two others.
All of these are controlled through "permissions.info" in the package
bundle directory, using the (updated) syntax
driven by permlist.py
Just as soon as I can figure out how to get them into my private GIT
repo on d.l.o, I'll put them in there so that people
can fetch them.
Is this a useful approach?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.laptop.org/pipermail/security/attachments/20071121/cdb6c8b2/attachment.pgp
More information about the Security
mailing list