[OLPC Security] Moving towards a full Bitfrost implemention

Marcus Leech mleech at nortel.com
Wed Nov 21 15:35:25 EST 2007


Folksen:

Just before I went off to Atlanta for an IEEE 802 meeting last week, I
built modified parts of rainbow
  (inject.py, service.py and permlist.py) to support a couple of
different bitfrosty things:

    o  Adding "camera" and "microp" groups to /etc/groups

    o Having the launcher add one or both of "camera" and "microp" to
the launched process'
       "extra" groups membership, depending on permissions granted from
permissions.info

    o Setting resource limits on a number of kernel resources for the
new process, including RLIMIT_NPROC,
       RLIMIT_NOFILE, RLIMIT_AS, and one or two others.

All of these are controlled through "permissions.info" in the package
bundle directory, using the (updated) syntax
  driven by permlist.py

Just as soon as I can figure out how to get them into my private GIT
repo on d.l.o, I'll put them in there so that people
  can fetch them.

Is this a useful approach?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.laptop.org/pipermail/security/attachments/20071121/cdb6c8b2/attachment.pgp 


More information about the Security mailing list