Rainbow: Difference between revisions
Jump to navigation
Jump to search
m (+cat + cosmetics) |
No edit summary |
||
| Line 1: | Line 1: | ||
{{translations}} |
{{translations}} |
||
Rainbow |
Rainbow implements the isolations shell implicitly described in the [[Bitfrost]] security specification. It is also the name of the [[Build system#Build branches|build branch]] into which this isolation shell is being integrated. |
||
| ⚫ | |||
* Negotiates launching activities and creating a secure, minimal environment for their operation inside a 'Container', a way of isolating one activity from another. This includes limiting the scope of Filesystem, Network Access, and CPU time that each activity has access to. |
* Negotiates launching activities and creating a secure, minimal environment for their operation inside a 'Container', a way of isolating one activity from another. This includes limiting the scope of Filesystem, Network Access, and CPU time that each activity has access to. |
||
| Line 9: | Line 11: | ||
== Installing == |
== Installing == |
||
To install Rainbow, either directly install a build from the [http://xs-dev.laptop.org/~cscott/olpc/streams/rainbow/ Rainbow build branch] or use the [[SoftwareBinaryDifferentialUpdate|network updater]] to migrate to a build from that branch. |
|||
To install Rainbow: |
|||
# Enable the OLPC-temp repository by editing '''<tt>/etc/yum.repos.d/olpc-tmp.repo</tt>''' ''(temporary until packages drift upstream)'' |
|||
# '''<tt>yum install rainbow</tt>''' which installs [[Rainbow]] along with its dependencies like pyvserver, python-sqlalchemy, etc. |
|||
# olpc-update rainbow-NNN |
|||
| ⚫ | |||
# Touch the file '''<tt>/etc/olpc-security</tt>''' |
|||
To disable Rainbow: |
|||
# Delete the file '''<tt>/etc/olpc-security</tt>''' |
|||
== Resources == |
== Resources == |
||
Revision as of 02:35, 27 October 2007
Rainbow implements the isolations shell implicitly described in the Bitfrost security specification. It is also the name of the build branch into which this isolation shell is being integrated.
Rainbow:
- Negotiates launching activities and creating a secure, minimal environment for their operation inside a 'Container', a way of isolating one activity from another. This includes limiting the scope of Filesystem, Network Access, and CPU time that each activity has access to.
- Creates a means for Updates to happen in a reliable and secure way.
- Provides interfaces to VServer and other libraries that make the above possible.
Installing
To install Rainbow, either directly install a build from the Rainbow build branch or use the network updater to migrate to a build from that branch.
# olpc-update rainbow-NNN
Resources
- Code Repository
- OLPC Bitfrost — Bitfrost Spec
- README - A description of the scope and design of Rainbow.
- Notes - Useful notes on design and hurdles in developing Rainbow.
README
<gitembed>security||rainbow/README||660||600</gitembed>