Hi, I'm currently working on packaging Rainbow<http://wiki.laptop.org/go/Rainbow>, an implementation of the Bitfrost <http://wiki.laptop.org/go/OLPC_Bitfrost> security spesification. Rainbow runs user-level desktop applications with the same level of resource isolation already used with a variety of system daemons, giving each application instance its own UID, GID, and persistent storage directory.
In order to function, Rainbow requires a NSS module, libnss-rainbow, to be installed and enabled in /etc/nsswitch.conf. >From what I can tell (as seen on bug 388864<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388864> ), libnss-mdns modifies /etc/nsswitch.conf directly as part of its postinst. I thought this wasn't allowed by Debian policy, but if I'm misunderstanding I'm more than happy to adopt their solution. On Ubuntu AuthClientConfig <https://wiki.ubuntu.com/AuthClientConfig> seems to serve a similar purpose. Assuming the above workaround was not acceptable, would porting ACC to Debian and using that hook in my package be so? Please CC me, as I'm not subscribed to this list. -- Luke Faraone http://luke.faraone.cc
