Rainbow/Next Steps

From OLPC
Jump to: navigation, search

Rainbow :: git :: sources :: rainbow-0.8.6.tar.bz2 :: announcement


Last updated: Michael Stone 21:59, 16 May 2009 (UTC)

Job control features
There are a couple of small impedance mismatches that will need to be overcome; e.g. sugar needs a way to kill an activity, a way to garbage-collect dead jails.
D-Bus changes for sugar activities
We need to find a way to make dbus session buses happy accepting connections from per-bus groups of users.
The current plan is to implement a "group_pattern" authorization attribute and to have libnss_rainbow synthesize the appropriate group memberships. We'll start with positive and negative automated tests.
Ben Schwartz points out that this functionality could also be hacked together with the regular allow-group authorization element if only dbus session buses sourced per-user configuration.
sugar-jhbuild integration
Sugar folks have asked for jhbuild integration to ease testing. Maybe some kind soul will donate it?
P_NETWORK
We'd like to have the option to restrict a program's access to the network. James Morris suggests that we check out unshare(CLONE_NEWNET).
See Isolation LSM, http://lkml.org/lkml/2009/1/7/18, and http://lkml.org/lkml/2009/1/7/613 for some other approaches.
P_DOCUMENT*
Requested by Gary C. Martin. To implement this, we need to put some authorization gates in the datastore, then somehow record which data should be accessible to which activities. (Or maybe we could do it all with ACLs?)
See Olpcfs, Journal reloaded, Olpcfs2, and Journal and Overlays for some other approaches.
P_X
http://dev.laptop.org/git/users/mstone/security/log/?h=xephyr contains very rough patches which cause rainbow to generate Xephyrs in which to isolate some of its clients' X abuse.
-- NB: Recent versions of Xephyr (>=1.5.99) are required for OpenGL clients.
-- Also, Firefox doesn't yet like Xephyr. Help debugging would be greatly appreciated.
Future work: try out XSECURITY on the main xserver (i.e. by making activities untrusted clients) and see where that leaves us. Then on to XACE as per previous discussion
-- unfortunately, it seems (c.f. ssh man page) that most apps break when you treat them as untrusted clients. Hmm.