Taste the Rainbow:0.7.8: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
| Line 26: | Line 26: | ||
== Activity Launching == |
== Activity Launching == |
||
Activity launching begins when the rainbow D-Bus service receives a CreateActivity message: |
|||
The key functions for launching activities are |
|||
| ⚫ | |||
The CreateActivity handler first attempts to reap zombie children, then it clones() the current process and delegates control to |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l243 inject.py:run()] |
|||
which interleaves calls to the activity-launching primitives: |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l73 inject.py:strace()], |
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l73 inject.py:strace()], |
||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l85 inject.py:reserve_elt()], |
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l85 inject.py:reserve_elt()], |
||
| Line 34: | Line 42: | ||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l179 inject.py:launch()]. |
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l179 inject.py:launch()]. |
||
and the assumption-checking procedures: |
|||
These functions are called in the order listed from |
|||
| ⚫ | |||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l207 inject.py:check_bundle_id()], |
|||
which which is, in turn, called from |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/ |
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l210 inject.py:check_bundle_path()], |
||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l214 inject.py:check_argv()], |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l217 inject.py:check_cwd()], |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l222 inject.py:check_spool()], |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l230 inject.py:check_owner()], |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l233 inject.py:check_home_dirs()], |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l238 inject.py:check_home()], |
|||
== Resource Collection == |
|||
When the rainbow-daemon D-Bus service starts, it performs a garbage collection pass to reclaim resources allocated in its spool. At present, this garbage collection pass simply deallocates any allocated uids and unlinks their instance and home directories. |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l6 gc.py:active_uid()], |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l13 gc.py:gc_uid()], |
|||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l46 gc.py:gc_spool()], |
|||
This design is consistent with rainbow-0.7.8's simplifying decision to never reuse uids but is inconsistent with the architectural goal of supporting persistent activity instances. This design may be revisited in future releases. |
|||
These six functions (and the relatively simple helpers they call) exhaust the functionality provided by rainbow-0.7.4. |
|||
== Developing Rainbow == |
== Developing Rainbow == |
||
I develop Rainbow in |
I develop Rainbow in two basic modes, which I call 'snapshot', 'candidate', and 'release' modes: |
||
* By packaging snapshots of a git clone to try out packaging changes. |
* By packaging snapshots of a git clone to try out packaging changes. |
||
Revision as of 23:09, 24 January 2008
This page is a guided tour of the source code of the rainbow-0.7.8 release.
Source Code Overview
Please start in my rainbow-0.7.8 tree.
./ |--- README : Standard boilerplate about where work gets done; somewhat dated in this release. |--- rainbow.spec.in : spec-file template for building RPMS |--- Makefile.package : package-specific variables for use in ../Makefile.fedora |--- conf : installation-time configuration files | \--- session-olpc.conf : applies some unusual dbus rules to allow many uids | to use the same session bus and enables OLPC-specific | dbus access checks. When /etc/olpc-security exists, | session-olpc.conf is loaded by /usr/bin/sugar | |--- docs : explanations & notes | |--- NOTES : various problems I have encountered and thoughts on how to solve them. | *--- rainbow.txt : a sketch & justification of the current design | \--- rainbow : source code |--- util : functions wrapping frequently used idioms or useful syscalls |--- inject.py : logic implementing activity launching \--- service.py : dbus service entry-point
Activity Launching
Activity launching begins when the rainbow D-Bus service receives a CreateActivity message:
The CreateActivity handler first attempts to reap zombie children, then it clones() the current process and delegates control to
which interleaves calls to the activity-launching primitives:
- inject.py:strace(),
- inject.py:reserve_elt(),
- inject.py:reserve_credentials(),
- inject.py:grab_home(),
- inject.py:configure_home(), and
- inject.py:launch().
and the assumption-checking procedures:
- inject.py:check_bundle_id(),
- inject.py:check_bundle_path(),
- inject.py:check_argv(),
- inject.py:check_cwd(),
- inject.py:check_spool(),
- inject.py:check_owner(),
- inject.py:check_home_dirs(),
- inject.py:check_home(),
Resource Collection
When the rainbow-daemon D-Bus service starts, it performs a garbage collection pass to reclaim resources allocated in its spool. At present, this garbage collection pass simply deallocates any allocated uids and unlinks their instance and home directories.
This design is consistent with rainbow-0.7.8's simplifying decision to never reuse uids but is inconsistent with the architectural goal of supporting persistent activity instances. This design may be revisited in future releases.
Developing Rainbow
I develop Rainbow in two basic modes, which I call 'snapshot', 'candidate', and 'release' modes:
- By packaging snapshots of a git clone to try out packaging changes.
make snapshot
- With locally-built or scratch-built packages, when I'm getting ready to tag a release.
make release
- With an official release, built with Fedora's Koji build system from sources archived in Fedora CVS.