[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 14/15] scripts: environment: Add --container option.
From: |
Ludovic Courtès |
Subject: |
Re: [PATCH 14/15] scripts: environment: Add --container option. |
Date: |
Tue, 07 Jul 2015 16:35:45 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
David Thompson <address@hidden> skribis:
> * guix/scripts/enviroment.scm (show-help): Show help for new option.
> (%options): Add --container option.
> (launch-environment, launch-environment/container): New procedures.
> (guix-environment): Spawn new process in a container when requested.
> * doc/guix.texi (Invoking guix environment): Document it.
[...]
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -4191,6 +4191,15 @@ NumPy:
> guix environment --ad-hoc python2-numpy python-2.7 -E python
> @end example
>
> +Sometimes it is desirable to isolate the environment as much as
> +possible, for maximal purity and reproducibility.
+ “In particular, when using Guix on a host distro that is not GuixSD,
it is desirable to prevent access to @file{/usr/bin} and other
system-wide resources from the development environment.”
> +following command spawns a Guile REPL in a ``container'' where only the
> +store and the current working directory are mounted:
@cindex container
> address@hidden --container
> address@hidden -C
> +Run command within an isolated container. The current working directory
@var{command}
Since this works without root privileges, what about adding a test in
tests/guix-environment.sh?
Basically something similar to one of the existing tests, but
additionally checking from within the container that ‘id -u’ returns 0,
that ‘$$’ is 2, and that files outside of $PWD are not in the container.
Which reminds me: In a separate commit, it Would Be Nice to document our
minimal kernel requirements for the container functionality. Could you
look into that?
Thank you!
Ludo’.
- Re: [PATCH 13/15] scripts: system: Add 'container' action., (continued)
[PATCH 12/15] gnu: system: Add Linux container file systems., David Thompson, 2015/07/06
[PATCH 14/15] scripts: environment: Add --container option., David Thompson, 2015/07/06
- Re: [PATCH 14/15] scripts: environment: Add --container option.,
Ludovic Courtès <=
[PATCH 11/15] gnu: system: Add Linux container module., David Thompson, 2015/07/06
[PATCH 15/15] scripts: Add 'container' subcommand., David Thompson, 2015/07/06
Re: [PATCH 01/15] build: syscalls: Add additional mount flags., Ludovic Courtès, 2015/07/07