Rainbow/Information for Activity Developers: Difference between revisions
mNo edit summary |
Sascha silbe (talk | contribs) m (→Filesystem Isolation: fix typo) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
{{Rainbow page}} |
|||
== For Activity Developers == |
|||
Though [[Rainbow]] is general-purpose software, it is most frequently encountered in the context of Sugar in that when a human asks Sugar to start an activity, Rainbow is usually the software which actually asks the Linux kernel to do the 'starting'. You can find out more about the restrictions Rainbow places on software that it runs in this context in the [[Low-level Activity API#Security|low-level activity api]] documentation, in the [[Sugar almanac]], or below. |
Though [[Rainbow]] is general-purpose software, it is most frequently encountered in the context of Sugar in that when a human asks Sugar to start an activity, Rainbow is usually the software which actually asks the Linux kernel to do the 'starting'. You can find out more about the restrictions Rainbow places on software that it runs in this context in the [[Low-level Activity API#Security|low-level activity api]] documentation, in the [[Sugar almanac]], or below. |
||
Line 7: | Line 7: | ||
Suppose program A (e.g. sugar) uses rainbow-0.7.x to isolate program B (e.g. your activity). |
Suppose program A (e.g. sugar) uses rainbow-0.7.x to isolate program B (e.g. your activity). |
||
# Rainbow's isolation means that program A's $HOME and program B's $HOME will be different directories and that, in general, program B will have no authority write (or perhaps, to read) files contained in program A's $HOME. |
# Rainbow's isolation means that program A's $HOME and program B's $HOME will be different directories and that, in general, program B will have no authority to write (or perhaps, to read) files contained in program A's $HOME. |
||
# Programs isolated by early versions of rainbow-0.7.x are only permitted to write to three subdirectories of their $HOME directories. You can read the [[Low-level Activity API#Security|low-level activity api]] for the gory details; the summary is that if your software needs to be portable over XO software releases 7.1-8.2 (e.g. builds 650, 656, 703, 767), then you are only guaranteed the ability to write to $SUGAR_ACTIVITY_ROOT/{data,tmp,instance}. Note: "$SUGAR_ACTIVITY_ROOT" is commonly abbreviated as "$SAR" in conversations and in this text. |
# Programs isolated by early versions of rainbow-0.7.x are only permitted to write to three subdirectories of their $HOME directories. You can read the [[Low-level Activity API#Security|low-level activity api]] for the gory details; the summary is that if your software needs to be portable over XO software releases 7.1-8.2 (e.g. builds 650, 656, 703, 767), then you are only guaranteed the ability to write to $SUGAR_ACTIVITY_ROOT/{data,tmp,instance}. Note: "$SUGAR_ACTIVITY_ROOT" is commonly abbreviated as "$SAR" in conversations and in this text. |
||
# Rainbow-0.7.x guarantees that only $SAR/data will be available the next time your activity is launched. The other two directories will be wiped clean at various convenient times in the future. |
# Rainbow-0.7.x guarantees that only $SAR/data will be available the next time your activity is launched. The other two directories will be wiped clean at various convenient times in the future. |
||
# Persistent data saved in $SAR/data MUST be group-readable and writable so that new instances of your activity can continue to manipulate it. Rainbow tries to make this easy for you by setting umask(000) but there are some libraries (particularly those provided by Mozilla) which hard-code the use of inappropriate file modes. |
# Persistent data saved in $SAR/data MUST be group-readable and writable so that new instances of your activity can continue to manipulate it. Rainbow tries to make this easy for you by setting umask(000) but there are some libraries (particularly those provided by Mozilla) which hard-code the use of inappropriate file modes. |
||
=== Disabling Rainbow for Testing === |
=== Disabling Rainbow for Testing === |
Latest revision as of 10:48, 17 March 2010
Rainbow :: git :: sources :: rainbow-0.8.6.tar.bz2 :: announcement
Though Rainbow is general-purpose software, it is most frequently encountered in the context of Sugar in that when a human asks Sugar to start an activity, Rainbow is usually the software which actually asks the Linux kernel to do the 'starting'. You can find out more about the restrictions Rainbow places on software that it runs in this context in the low-level activity api documentation, in the Sugar almanac, or below.
Filesystem Isolation
Suppose program A (e.g. sugar) uses rainbow-0.7.x to isolate program B (e.g. your activity).
- Rainbow's isolation means that program A's $HOME and program B's $HOME will be different directories and that, in general, program B will have no authority to write (or perhaps, to read) files contained in program A's $HOME.
- Programs isolated by early versions of rainbow-0.7.x are only permitted to write to three subdirectories of their $HOME directories. You can read the low-level activity api for the gory details; the summary is that if your software needs to be portable over XO software releases 7.1-8.2 (e.g. builds 650, 656, 703, 767), then you are only guaranteed the ability to write to $SUGAR_ACTIVITY_ROOT/{data,tmp,instance}. Note: "$SUGAR_ACTIVITY_ROOT" is commonly abbreviated as "$SAR" in conversations and in this text.
- Rainbow-0.7.x guarantees that only $SAR/data will be available the next time your activity is launched. The other two directories will be wiped clean at various convenient times in the future.
- Persistent data saved in $SAR/data MUST be group-readable and writable so that new instances of your activity can continue to manipulate it. Rainbow tries to make this easy for you by setting umask(000) but there are some libraries (particularly those provided by Mozilla) which hard-code the use of inappropriate file modes.
Disabling Rainbow for Testing
Sugar's use of Rainbow can be trivially disabled by running
rm /etc/olpc-security
as root. It can be re-enabled by running
touch /etc/olpc-security
also as root.
Customizing Isolation
The Activity bundles' activity/permissions.info documentation offer some hints on how activities may currently customize the isolation provided by rainbow.