Drop old documentation.

1 files changed, 4 insertions, 75 deletions

diff --git a/rainbow/rainbow/inject.py b/rainbow/rainbow/inject.py
index 02e8609..991daa9 100644
--- a/rainbow/rainbow/inject.py
+++ b/rainbow/rainbow/inject.py
@@ -1,87 +1,16 @@
 import os
 from os import R_OK, W_OK, X_OK, fork, symlink, unlink, O_CREAT, O_EXCL, readlink, chown, chmod
-from os import setgroups, setgid, setuid, chdir, umask, execvpe, execv, waitpid, WEXITSTATUS
-from os import getpid, getuid, _exit
+from os import setgroups, setgid, setuid, chdir, umask, execvpe, waitpid, WEXITSTATUS
+from os import getpid, getuid, _exit, rename
 from os.path import join, basename, realpath, lexists, islink
-from subprocess import check_call
+from subprocess import check_call, Popen, PIPE
 from stat import S_IFDIR
-from tempfile import mkdtemp
+from tempfile import mkdtemp, mkstemp
 from grp import getgrnam
 import resource
 
 from rainbow.util import Checker, mount, make_dirs, get_fds, read_envdir
 
-USAGE = """
-
-NAME
-
-  rainbow-inject
-
-SYNOPSIS
-
-  rainbow-inject is a security-wrapper for Sugar Activities. Its purpose is to
-  launch them in a low-privilege environment so that, if they are exploited,
-  they are able to do less harm than would be the case if they ran with the
-  full authority of the XO's human operator.
-
-  This isolation is accomplished by running each activity as a separate user
-  from a set of users that is known, at system installation time, to have
-  tightly restricted access to the file-system.
-
-  The environment that rainbow-inject creates for each activity it starts is
-  supposed to be controlled by an instance-specific security-record (usually
-  derived from a prototype record stored per-bundle) but this is not yet
-  implemented. Therefore, Rainbow currently offers no way to customize what
-  kinds of isolation it provides.
-
-ENVIRONMENT VARIABLES
-
-  SUGAR_BUNDLE_PATH    : MUST contain an absolute path to a bundle to launch.
-
-  SUGAR_BUNDLE_ID      : MUST contain the unique bundle-id of the bundle at
-                         SUGAR_BUNDLE_PATH.
-
-  RAINBOW_DIR          : Optional; defaults to $HOME/isolation/1
-                         This directory is used by rainbow-inject for all its
-                         run-time data: currently, this means uid/gid
-                         allocation data and for storing persistent
-                         activity-data storage
-
-  RAINBOW_STRACE_LOG   : Optional; defaults to Nothing.
-                         If set, rainbow-inject will cause strace to write a
-                         complete log to stdout.
-
-  RAINBOW_CONSTANT_UID : Optional; defaults to Nothing.
-                         If set, rainbow-inject will cause strace to write a
-                         complete log to stdout.
-
-ARGUMENTS
-
-  Any arguments will be exec'ed verbatim after rainbow-inject properly
-  configures its environment.
-
-FILE DESCRIPTORS
-
-  rainbow-inject will close all open file descriptors except those marked
-  'safe' by its caller.
-
-  rainbow-inject will print trace information on descriptor 1 and may print
-  error messages on descriptor 2.
-
-RETURN CODES
-
-  Not specified.
-
-"""
-
-# Locations of these two files come from the XAUTHORITY and ICEAUTHORITY
-# environment variables which are, alas, not set yet when rainbow starts.
-# So they're hard-coded here; values should match those set in
-# olpc-dm (in olpc-utils package)
-_AUTH_HOME='/var/tmp/olpc-auth'
-_XAUTHORITY=_AUTH_HOME + '/.Xauthority'
-_ICEAUTHORITY=_AUTH_HOME + '/.ICEauthority'
-
 def strace(log, argv, env):
     log(1, 'applying strace')
     args = ['/usr/bin/strace', '-f']