[Sugar-devel] ANN: rainbow-0.8.5 release.
Michael Stone
michael at laptop.org
Sat Nov 28 18:27:21 EST 2009
Friends,
I am pleased to announce the release of rainbow-0.8.5. Rainbow implements
portions of the isolation shell described in the Bitfrost threat model and
security architecture.
The key differences between this release and its predecessor are bug fixes,
preliminary support for network isolation, and a better rainbow-sugarize
plugin.
This release was made possible by encouragement from Fabian Affolter, Luke
Faraone, Martin Langhoff, and my friends at sandboxing.org.
Interesting links for this release include:
git: git://dev.laptop.org/users/mstone/security
tar: http://dev.laptop.org/~mstone/releases/SOURCES/rainbow-0.8.5.tar.bz2
browse: http://dev.laptop.org/git/users/mstone/security/tree/?id=rainbow-0.8.5
setup: http://wiki.laptop.org/go/Rainbow/Installation_Instructions
tests: http://wiki.laptop.org/go/Rainbow/Testing
The shortlog from rainbow-0.8.4..rainbow-0.8.5 is:
Michael Stone (10):
Correct a logging statement.
Make rainbow-sugarize set up /{data,instance,tmp}.
Temporarily disable $XAUTHORITY processing in rainbow-sugarize.
Drop config file management from rainbow-sugarize.
Add a network option enabling unshare(CLONE_NEWNET).
Make nss-rainbow's return and error codes more accurate.
Correctly calculate number of members of a struct group.
Make getpwent() resume on the correct uid.
Grant network access to rainbow-easy programs.
rainbow-0.8.5.
Finally, please note that:
* rainbow-run now calls unshare(CLONE_NEWNET) unless the "-o network"
command-line argument is given. This argument is given by the
"rainbow-easy" helper since X11 clients are unable start without it.
* rainbow's nss module must still be activated in /etc/nsswitch.conf in order
for the software to function correctly. See the setup instructions linked
to above for details.
Kind regards,
Michael
More information about the Sugar-devel
mailing list