Rainbow/DataStore Access: Difference between revisions

From OLPC
Jump to navigation Jump to search
No edit summary
No edit summary
Line 8: Line 8:
** ''I desperately want to avoid race conditions when grabbing names. I'll explain one mechanism for accomplishing this below.'' -MS
** ''I desperately want to avoid race conditions when grabbing names. I'll explain one mechanism for accomplishing this below.'' -MS
* All activity ''instances'' get their own UID and GID. These will be between 10000 and 20000 and should for simplicity always MATCH. Unix requires names for users and groups, lets call them 'ActivityNNN' where Activity is the ActivityName (first 3 letters) and NNN is the UID#
* All activity ''instances'' get their own UID and GID. These will be between 10000 and 20000 and should for simplicity always MATCH. Unix requires names for users and groups, lets call them 'ActivityNNN' where Activity is the ActivityName (first 3 letters) and NNN is the UID#
** ''What do the activities use their unique gid for?'' - MS ''That is what can make the files private to the instance.'' - PS
** ''What do the activities use their unique gid for?'' - MS
***''That is what can make the files private to the instance.'' - PS


'''Atomically update /etc/group'''
=== Atomically update /etc/group ===
# Read /etc/group
# Read /etc/group
# Write the new version as /etc/group.tmp
# Write the new version as /etc/group.tmp
# '''Copy''' /etc/group to /etc/group.old
# '''Copy''' /etc/group to /etc/group.old
# Move /etc/group.tmp /etc/group
# Move /etc/group.tmp /etc/group
** ''A better mechanism is just to make /etc/group a symlink, then to atomically swing the symlink.'' - MS


== Read-Only ==
== Read-Only ==

Revision as of 20:25, 6 November 2007

This page is a brain-storm page discussing how to implement the two basic access mode of the DataStore: read-only and write

  • To prevent excessive copying of files, the datastore should have a way to provide access a specific file in the store to a specific instance of the Activity.
    • Since we want to avoid API changes to the DS, we could tell activity authors that they need to do proper locking when writing using, e.g. POSIX 'fcntl(F_SETLK) and lockf()'. - MS, on behalf of JG
  • All groups and users are the normal unix /etc/group and /etc/passwd users. Because we are going to be writing to them a lot, we need a locking mechanism!
    • Locking is not needed if we reserve a range of uids and gids for sugar/rainbow's use and manage them atomically via a spool directory. - MS
  • All installed activities get their own group called 'ActivityName', this will be used for file permissions per-activity settings (this ignores name clashes...)
    • I desperately want to avoid race conditions when grabbing names. I'll explain one mechanism for accomplishing this below. -MS
  • All activity instances get their own UID and GID. These will be between 10000 and 20000 and should for simplicity always MATCH. Unix requires names for users and groups, lets call them 'ActivityNNN' where Activity is the ActivityName (first 3 letters) and NNN is the UID#
    • What do the activities use their unique gid for? - MS
      • That is what can make the files private to the instance. - PS

Atomically update /etc/group

  1. Read /etc/group
  2. Write the new version as /etc/group.tmp
  3. Copy /etc/group to /etc/group.old
  4. Move /etc/group.tmp /etc/group
    • A better mechanism is just to make /etc/group a symlink, then to atomically swing the symlink. - MS

Read-Only

Example: 'Write' needs access to a document during load:

  • The Sugar shell creates UID/GID 10001 for the instance, and updates 'WriteGroup', adding Wri10001 to the WriteGroup
  • The DataStore creates the tree:
user.group permissions file: 
olpc.olpc 755 /ds
olpc.Wri10001 750 /ds/<instance-uid>/
hardlink: ln /home/olpc/..../file-in-ds.ext  /ds/<instance-uid>/somefile.doc 
olpc.olpc 644 /ds/<instance-uid>/somefile.doc
  • Sugar Shell invokes read_file()
  • When read_file() returns, the DataStore sets permission 600 on somefile.doc and/or unlinks.

Problems to solve

  • Clean up, this needs to be periodic / at startup (crashes happen...)
    • Cleanup can be done by a cleaner-process that is forked off every few activity launches. - MS
  • Two activities need read-only access to the same file, at the same time
    • This can be handled by controlling access at the gate-dir and providing read access via the 'other' bits. - MS
  • The datastore gets a write request while another activity is read-only-ing the same file.
    • This is a bit ugly. A correct solution is to manually break the hardlink by having the DS copy the file to a new name, deleting the old link, then moving the copy into position. - MS