Rainbow/Information for Activity Developers: Difference between revisions

From OLPC
Jump to navigation Jump to search
m (New page: == For Activity Developers == Though Rainbow is general-purpose software, it is most frequently encountered in the context of Sugar in that when a human asks Sugar to start an activity, R...)
 
mNo edit summary
Line 1: Line 1:
== For Activity Developers ==
== For Activity Developers ==


Though Rainbow is general-purpose software, it is most frequently encountered in the context of Sugar in that when a human asks Sugar to start an activity, Rainbow is usually the software which actually asks the Linux kernel to do the 'starting'. You can find out more about the restrictions Rainbow places on software that it runs in this context in the [[Low-level Activity API#Security|low-level activity api]] documentation, in the [[Sugar almanac]], or below.
Though [[Rainbow]] is general-purpose software, it is most frequently encountered in the context of Sugar in that when a human asks Sugar to start an activity, Rainbow is usually the software which actually asks the Linux kernel to do the 'starting'. You can find out more about the restrictions Rainbow places on software that it runs in this context in the [[Low-level Activity API#Security|low-level activity api]] documentation, in the [[Sugar almanac]], or below.


=== Filesystem Isolation ===
=== Filesystem Isolation ===

Revision as of 19:36, 12 June 2009

For Activity Developers

Though Rainbow is general-purpose software, it is most frequently encountered in the context of Sugar in that when a human asks Sugar to start an activity, Rainbow is usually the software which actually asks the Linux kernel to do the 'starting'. You can find out more about the restrictions Rainbow places on software that it runs in this context in the low-level activity api documentation, in the Sugar almanac, or below.

Filesystem Isolation

Suppose program A (e.g. sugar) uses rainbow-0.7.x to isolate program B (e.g. your activity).

  1. Rainbow's isolation means that program A's $HOME and program B's $HOME will be different directories and that, in general, program B will have no authority write (or perhaps, to read) files contained in program A's $HOME.
  2. Programs isolated by early versions of rainbow-0.7.x are only permitted to write to three subdirectories of their $HOME directories. You can read the low-level activity api for the gory details; the summary is that if your software needs to be portable over XO software releases 7.1-8.2 (e.g. builds 650, 656, 703, 767), then you are only guaranteed the ability to write to $SUGAR_ACTIVITY_ROOT/{data,tmp,instance}. Note: "$SUGAR_ACTIVITY_ROOT" is commonly abbreviated as "$SAR" in conversations and in this text.
  3. Rainbow-0.7.x guarantees that only $SAR/data will be available the next time your activity is launched. The other two directories will be wiped clean at various convenient times in the future.
  4. Persistent data saved in $SAR/data MUST be group-readable and writable so that new instances of your activity can continue to manipulate it. Rainbow tries to make this easy for you by setting umask(000) but there are some libraries (particularly those provided by Mozilla) which hard-code the use of inappropriate file modes.


Disabling Rainbow for Testing

Sugar's use of Rainbow can be trivially disabled by running

rm /etc/olpc-security

as root. It can be re-enabled by running

touch /etc/olpc-security

also as root.

Customizing Isolation

The Activity bundles' activity/permissions.info documentation offer some hints on how activities may currently customize the isolation provided by rainbow.