Rainbow: Difference between revisions
m (→Next Steps) |
|||
| Line 18: | Line 18: | ||
== Next Steps == |
== Next Steps == |
||
* Debian packaging + cli interface + pristine-root + automated testing -- see the 'integration' branches of [http://dev.laptop.org/git?p=users/mstone/security;hb=integration;a=commit rainbow] and [http://dev.laptop.org/git?p=users/mstone/nss-rainbow;hb=integration;a=commit nss-rainbow] and the 'master' branch of [http://dev.laptop.org/git?p=users/mstone/test-rainbow;a=commit test-rainbow] |
|||
* P_NETWORK -- [[Isolation LSM]] |
* P_NETWORK -- [[Isolation LSM]] |
||
* cli interface: [http://dev.laptop.org/git?p=users/mstone/security;hb=cli;a=log rainbow-cli] |
|||
* pristine root patches -- [http://dev.laptop.org/git/users/mstone/nss-rainbow nss-rainbow] |
|||
* P_DOCUMENT -- [[Olpcfs]] |
* P_DOCUMENT -- [[Olpcfs]] |
||
* P_X -- we'll start by trying out XSECURITY (i.e. by making activities untrusted clients) and see where that leaves us. Then on to XACE as per [http://lists.laptop.org/pipermail/security/2008-April/000390.html previous discussion] |
* P_X -- we'll start by trying out XSECURITY (i.e. by making activities untrusted clients) and see where that leaves us. Then on to XACE as per [http://lists.laptop.org/pipermail/security/2008-April/000390.html previous discussion] |
||
Revision as of 02:41, 4 October 2008
Introduction
Rainbow implements the isolation shell implicitly described in the Bitfrost security specification. This means that it isolates activities (and eventually system services) that it is asked to run from one another and the rest of the system.
Rainbow implements this isolation by generating a new uid (and perhaps a new gid) for each program it is asked to run. Running each activity as a separate user means that standard Unix access checks can be used as the primary 'gate' to control the visibility of activity-driven side-effects like reading from or writing to files or devices or signalling other processes.
For Activity Developers
When the user asks Sugar to start your activity, Rainbow is the software which actually asks the Linux kernel to do the 'starting'. However, in order to achieve the security goals described in Bitfrost, it places some restrictions on your software. You can find out more about these restrictions in the low-level activity api documentation. (In the future, the Sugar almanac may also contain some similar information).
Design and Implementation
The basic design principles of the present 0.7-series incarnation of rainbow were presented in rainbow.txt. The implementation of rainbow can be found alongside that file in the "rainbow/rainbow" subdirectory of security git repo and in its several forks. Finally, a somewhat dated guided tour of the source code is available.
Next Steps
- Debian packaging + cli interface + pristine-root + automated testing -- see the 'integration' branches of rainbow and nss-rainbow and the 'master' branch of test-rainbow
- P_NETWORK -- Isolation LSM
- P_DOCUMENT -- Olpcfs
- P_X -- we'll start by trying out XSECURITY (i.e. by making activities untrusted clients) and see where that leaves us. Then on to XACE as per previous discussion
Items of Historical Interest
- README - A description of the original scope and design of Rainbow.
- Notes - Notes on design and hurdles in developing Rainbow.
- Rainbow/DataStore Access - thoughts on datastore access mechanisms, superseded by Olpcfs.
- "Why not SELinux?"
- "Bitfrost Compliance for Update.1" announcement mail