[sugar] Activity write space

[Michael Burns]

Sugar hackers,

As part of deploying the security system[0], most of the file system will
need to be mounted as read-only for the containers that activities are being
put in. To that end, we are making the Home directory one of these spaces.
This will require patching some activities to handle the change [1].

We are creating '/data' as the disk-backed place for an activity's writable
location. This is not meant to be a substitution for the datastore but
rather a place for sample files and other persistent legacy files. This
directory actually lives in '/home/olpc/.sugar/default/$SERVICE_NAME' when
an activity is not running and the mounting is handled by Rainbow on
activity launch.

To help in the transition, I would encourage activities to check for the
existence of the file '/etc/olpc-security'. If it exists, any files you wish
to be able to write to should be in the /data directory (more on that
later). If it does not exist, you have the same free range on the system as
you have had previously. The fallback of *not* having this file (and thus
not having Rainbow running) will be removed as we get closer to launch and
can migrate activities into the newer, safer system.

(this is the later bit I mentioned:)
To have activities start using the /data directory, there are a couple of
options:
1. Have each activity perform a First Run check of some sort that can copy
necessary files into that /data directory. That is, leave it up to the
individual activity.
2. An option SJ proposed was to have an extension to the activity bundle
spec that would specify which directories are data and copied separately to
the proper place. Put another way, have the Sugar activity installer process
provide a uniform way of handling it.

I am curious to hear your thoughts on which is the better way to handle
this. Option 1 creates flexibility but at the sake of added work for the
developer. Option 2 is seemingly easier for individual developers, but
creates tough corner cases like if Sugar should overwrite the /data
directory on upgrades and the like. Thoughts?

More updates will be on the way. Stay tuned, sports fans. Also, I highly
encourage people to try out Rainbow and test how your activity works. Your
feedback is highly useful.

Cheers!

[0] http://dev.laptop.org/git?p=security;a=summary
[1] http://dev.laptop.org/ticket/2633

-- 
Michael Burns * Intern
One Laptop Per Child
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/sugar/attachments/20070807/4571095f/attachment.htm