Ancestors

Written by Ludovic Courtès on 2025-01-25 at 15:42

‘guix container run’ for least-authority program execution:

https://issues.guix.gnu.org/75595

Yay? Meh?

[#]Guix

=> More informations about this toot | More toots from civodul@toot.aquilenet.fr

Toot

Written by Ludovic Courtès on 2025-01-26 at 20:10

On this topic, while I was looking for something else :-) I found that Lix (and Nix?) has what they call “installables”, which ‘nix run’ runs in a container:

https://git.lix.systems/lix-project/lix/src/branch/main/lix/nix/run.md

‘nix run’ seems to have the same goal as the wrapper produced by ‘guix pack -R’: mapping the store at the right place in the application’s namespace. It’s not about running an application with the least authority.

=> More informations about this toot | More toots from civodul@toot.aquilenet.fr

Descendants

Written by Else, Someone on 2025-01-26 at 20:40

@civodul Nah nix run (man nix3-run) is just a less inconsistent version of nix-shell --run, there's no containers there

=> More informations about this toot | More toots from nobody@mastodon.acm.org

Written by Else, Someone on 2025-01-26 at 20:43

@civodul The closest to guix pack we've got is nix bundle, which conceptually is promising but the interface is imo really lacking in terms of composability

https://github.com/NixOS/bundlers

=> More informations about this toot | More toots from nobody@mastodon.acm.org

Written by Else, Someone on 2025-01-26 at 20:44

And we haven't caught up with the coolest feature of guix pack yet: https://github.com/NixOS/bundlers/issues/18

=> More informations about this toot | More toots from nobody@mastodon.acm.org

Written by Ludovic Courtès on 2025-01-26 at 22:51

@nobody ‘run.cc’ has that chroot-helper thing with ‘unshare’ calls. :-)

=> More informations about this toot | More toots from civodul@toot.aquilenet.fr