[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Generating wrappers for execution in non-root non-Guix contexts
From: |
Ludovic Courtès |
Subject: |
Re: Generating wrappers for execution in non-root non-Guix contexts |
Date: |
Fri, 27 Apr 2018 18:38:36 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Hello!
Chris Marusich <address@hidden> skribis:
> address@hidden (Ludovic Courtès) writes:
>
>> Hello Guix!
>>
>> The hack below allows ‘guix pack’ to produce wrappers that allow,
>> through user namespaces, programs to automatically relocate themselves
>> when you run them unprivileged on a machine that lacks Guix.
>
> That's really cool!
>
> I've noticed that when running in a chroot-like environment, sometimes
> programs expect certain files to exist that don't - for example, device
> files in /dev, procfs files in /proc, or even things like
> /etc/resolv.conf. Does this wrapper automatically create those kinds of
> files, or would programs that want to access those kinds of files still
> need some special love on an case-by-case basis?
The wrapper automatically bind-mounts every entry in /, such that the
only difference compared to the “real” system is the extra /gnu/store.
Note: we had this discussion about ‘guix run’ with Mike Gerwitz and
Rutger not long ago (to run applications in isolated environments). In
a pretty similar way, we could generate least-authority wrappers for
what you install with ‘guix package’. Like, one could write:
guix package -i icecat --least-authority
or something like that. Food for thought…
Ludo’.