Re: Profiles/manifests-related command line interface enhancements

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Profiles/manifests-related command line interface enhancements

From:	Andy Wingo
Subject:	Re: Profiles/manifests-related command line interface enhancements
Date:	Tue, 12 Nov 2019 09:55:27 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)

On Sun 10 Nov 2019 10:36, Konrad Hinsen <address@hidden> writes:

> One direction could be to add a sandboxing feature to Guile, which would
> be nice-to-have for other uses as well if Guile is to become a
> general-purpose systems scripting language. There are some interesting
> ideas in shill (http://shill.seas.harvard.edu/) for this scenario.

I wrote this for that purpose:

  https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html

However I can't recommend it as a robust security layer because of the
weaknesses in the heap allocation limit; discussed in the page above.

I agree that Shill has some great patterns that go beyond what Guile or
Guix has, and that adopting some of them is a really interesting idea
:-)

I admit that I was a bit depressed at the impact that Spectre et al has
had on language-level sandboxing abstractions :-( and haven't much
pursued this line since then.  In practice Guix's "containerized" build
jobs are much more effective than in-language barriers.

Cheers,

Andy

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Profiles/manifests-related command line interface enhancements, (continued)

Prev by Date: Re: Stackage LTS 14
Next by Date: Re: guix package: Rename "generation" options
Previous by thread: Re: A better XML, config is code (was Re: Profiles/manifests-related command line...)
Next by thread: Re: Profiles/manifests-related command line interface enhancements
Index(es):
- Date
- Thread