Taste the Rainbow:0.7.0: Difference between revisions

This page is a guided tour of the source code of the rainbow-0.7.0 release.

Overview

please start at http://dev.laptop.org/git?p=users/mstone/security;a=tree;f=rainbow;h=b76a41fcc968b22196b14fa868e50db0f4b1b9bc;hb=b6a2a0c96f522956a69871c6d839bc67d2f78424

a recent design sketch is available at rainbow.txt

The two interesting directories here are docs and rainbow.

The interesting file is rainbow.spec.in

The Makefile includes 'Makefile.fedora' one level higher and builds rpms for personal testing based on some variables defined in Makefile.package

When I'm happy with the result, then I scratch-build in koji, fix up any final nitpicks and build the release in koji.

D-Bus Configuration

Here, conf contains some configuration files that need to be installed onto the system during setup. session-olpc.conf is probably the most important of these since it applies some unusual dbus rules to allow many uids to use the same session bus.

marcopg> how is that loaded? is the sugar script using it?

m_stone> /usr/bin/sugar uses that config file if /etc/olpc-security is present and uses the regular one otherwise.

marcopg> what is <olpc>on</olpc> (in session-olpc.conf)

marcopg> that enables coderanger security stuff in dbus?

m_stone> correct, though, since we're no longer using vserver, coderanger's dbus stuff will need some revision.

m_stone> Note that the <olpc> tag is commented out at present.

Secure Activity Installation

permissions is a stub that I hope to fill out this weekend based on the secure installation work that marcopg and neuralis did together a few weeks ago

Architecture

The key functions for launching activities are stages/sugar.py:begin(), stages/sugar.py:prepare(), and stages/activation.py:launch().

These functions are called in the order listed from targets/sugar.py:launch() and targets/sugar.py:_exile() which are, in turn, called from service.py:Rainbow.CreateActivity()