@boo_ My bad there. Just edited my post. Meant least-authority wrapper which allows gives a program only the priviliges you declare, and nothing more. Done by it forking a child process that lives in an entirely different namespace, and setting up mounts in that child process. If you don't mount anything, that child won't see the directly. It's a more secure way of running programs in g-exps. More here: https://issues.guix.gnu.org/54997
=> More informations about this toot | View the thread | More toots from saitama@hachyderm.io
=> View boo_@im-in.space profile
text/geminiThis content has been proxied by September (3851b).