Sugar hackers,<br><br>As part of deploying the security system[0], most of the file system will need to be mounted as read-only for the containers that activities are being put in. To that end, we are making the Home directory one of these spaces. This will require patching some activities to handle the change [1].
<br><br>We are creating '/data' as the disk-backed place for an activity's writable location. This is not meant to be a substitution for the datastore but rather a place for sample files and other persistent legacy files. This directory actually lives in '/home/olpc/.sugar/default/$SERVICE_NAME' when an activity is not running and the mounting is handled by Rainbow on activity launch.
<br><br>To help in the transition, I would encourage activities to check for the existence of the file '/etc/olpc-security'. If it exists, any files you wish to be able to write to should be in the /data directory (more on that later). If it does not exist, you have the same free range on the system as you have had previously. The fallback of *not* having this file (and thus not having Rainbow running) will be removed as we get closer to launch and can migrate activities into the newer, safer system.
<br><br>(this is the later bit I mentioned:)<br>To have activities start using the /data directory, there are a couple of options:<br>1. Have each activity perform a First Run check of some sort that can copy necessary files into that /data directory. That is, leave it up to the individual activity.
<br>2. An option SJ proposed was to have an extension to the activity bundle spec that would specify which directories are data and copied separately to the proper place. Put another way, have the Sugar activity installer process provide a uniform way of handling it.
<br><br>I am curious to hear your thoughts on which is the better way to handle this. Option 1 creates flexibility but at the sake of added work for the developer. Option 2 is seemingly easier for individual developers, but creates tough corner cases like if Sugar should overwrite the /data directory on upgrades and the like. Thoughts?
<br><br>More updates will be on the way. Stay tuned, sports fans. Also, I highly encourage people to try out Rainbow and test how your activity works. Your feedback is highly useful.<br><br>Cheers!<br><br>[0] <a href="http://dev.laptop.org/git?p=security;a=summary">
http://dev.laptop.org/git?p=security;a=summary</a><br>[1] <a href="http://dev.laptop.org/ticket/2633">http://dev.laptop.org/ticket/2633</a><br><br>-- <br>Michael Burns * Intern<br>One Laptop Per Child <br>