Rainbow/Current Situation: Difference between revisions

From OLPC
Jump to navigation Jump to search
m (New page: == Current Design and Implementation == Rainbow has been implemented according to three designs to date. The present design, implemented in the "rainbow-...)
 
mNo edit summary
Line 1: Line 1:
{{Rainbow page}}
== Current Design and Implementation ==

[[Rainbow]] has been implemented according to [[Rainbow/Historical Designs|three designs]] to date. The present design, implemented in the "rainbow-0.8.*" series, works like this:
[[Rainbow]] has been implemented according to [[Rainbow/Historical Designs|three designs]] to date. The present design, implemented in the "rainbow-0.8.*" series, works like this:



Revision as of 19:51, 12 June 2009

Rainbow :: git :: sources :: rainbow-0.8.6.tar.bz2 :: announcement


Rainbow has been implemented according to three designs to date. The present design, implemented in the "rainbow-0.8.*" series, works like this:

rainbow-0.8.* isolates programs (processes) by confining them to accounts with access control credentials which limit the confined programs' ability to commit side-effects like filesystem I/O.

In particular, rainbow-0.8.* provides isolation by means of traditional Unix permissions. It creates the accounts used for this task by means of an NSS module which modifies the appropriate system databases.

rainbow-0.8.* is used via the rainbow-run "exec-wrapper" or some higher-level tool based on that program such as the rainbow-easy convenience wrapper. Either way, the rainbow-run wrapper eventually receives control from a higher-level shell, performs any requested isolation steps, and hands control over to isolated program. This way, rainbow can be used from freedesktop.org .desktop launcher files, from the command-line, and from custom graphical shells like Sugar with equal ease.