Taste the Rainbow:0.7.8: Difference between revisions
mNo edit summary |
|||
| Line 57: | Line 57: | ||
When the rainbow-daemon D-Bus service starts, it performs a garbage collection pass to reclaim resources allocated in its spool. At present, this garbage collection pass simply deallocates any allocated uids and unlinks their instance and home directories. |
When the rainbow-daemon D-Bus service starts, it performs a garbage collection pass to reclaim resources allocated in its spool. At present, this garbage collection pass simply deallocates any allocated uids and unlinks their instance and home directories. |
||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l6 gc.py:active_uid()], |
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l6 gc.py:active_uid()], test for active uids |
||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l13 gc.py:gc_uid()], |
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l13 gc.py:gc_uid()], unlink the home dirs and instance dirs of uids which are inactive |
||
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l46 gc.py:gc_spool()], |
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/gc.py;hb=83eea6528df6a65d9fed508344019cc1e14b24bd#l46 gc.py:gc_spool()], iterate over all available uids |
||
This design is consistent with rainbow-0.7.8's simplifying decision to never reuse uids but is inconsistent with the architectural goal of supporting persistent activity instances. This design may be revisited in future releases. |
This design is consistent with rainbow-0.7.8's simplifying decision to never reuse uids but is inconsistent with the architectural goal of supporting persistent activity instances. This design may be revisited in future releases. |
||
Revision as of 23:12, 24 January 2008
This page is a guided tour of the source code of the rainbow-0.7.8 release.
Source Code Overview
Please start in my rainbow-0.7.8 tree.
./ |--- README : Standard boilerplate about where work gets done; somewhat dated in this release. |--- rainbow.spec.in : spec-file template for building RPMS |--- Makefile.package : package-specific variables for use in ../Makefile.fedora |--- conf : installation-time configuration files | \--- session-olpc.conf : applies some unusual dbus rules to allow many uids | to use the same session bus and enables OLPC-specific | dbus access checks. When /etc/olpc-security exists, | session-olpc.conf is loaded by /usr/bin/sugar | |--- docs : explanations & notes | |--- NOTES : various problems I have encountered and thoughts on how to solve them. | *--- rainbow.txt : a sketch & justification of the current design | \--- rainbow : source code |--- util : functions wrapping frequently used idioms or useful syscalls |--- inject.py : logic implementing activity launching \--- service.py : dbus service entry-point
Activity Launching
Activity launching begins when the rainbow D-Bus service receives a CreateActivity message:
The CreateActivity handler first attempts to reap zombie children, then it clones() the current process and delegates control to
which interleaves calls to the activity-launching primitives:
- inject.py:strace(),
- inject.py:reserve_elt(),
- inject.py:reserve_credentials(),
- inject.py:grab_home(),
- inject.py:configure_home(), and
- inject.py:launch().
and the assumption-checking procedures:
- inject.py:check_bundle_id(),
- inject.py:check_bundle_path(),
- inject.py:check_argv(),
- inject.py:check_cwd(),
- inject.py:check_spool(),
- inject.py:check_owner(),
- inject.py:check_home_dirs(),
- inject.py:check_home(),
Resource Collection
When the rainbow-daemon D-Bus service starts, it performs a garbage collection pass to reclaim resources allocated in its spool. At present, this garbage collection pass simply deallocates any allocated uids and unlinks their instance and home directories.
- gc.py:active_uid(), test for active uids
- gc.py:gc_uid(), unlink the home dirs and instance dirs of uids which are inactive
- gc.py:gc_spool(), iterate over all available uids
This design is consistent with rainbow-0.7.8's simplifying decision to never reuse uids but is inconsistent with the architectural goal of supporting persistent activity instances. This design may be revisited in future releases.
Developing Rainbow
I develop Rainbow in two basic modes, which I call 'snapshot', 'candidate', and 'release' modes:
- By packaging snapshots of a git clone to try out packaging changes.
make snapshot
- With locally-built or scratch-built packages, when I'm getting ready to tag a release.
make release
- With an official release, built with Fedora's Koji build system from sources archived in Fedora CVS.