Hello! Chris Marusich <[email protected]> skribis:
> [email protected] (Ludovic Courtès) writes: > >> Hello Guix! >> >> The hack below allows ‘guix pack’ to produce wrappers that allow, >> through user namespaces, programs to automatically relocate themselves >> when you run them unprivileged on a machine that lacks Guix. > > That's really cool! > > I've noticed that when running in a chroot-like environment, sometimes > programs expect certain files to exist that don't - for example, device > files in /dev, procfs files in /proc, or even things like > /etc/resolv.conf. Does this wrapper automatically create those kinds of > files, or would programs that want to access those kinds of files still > need some special love on an case-by-case basis? The wrapper automatically bind-mounts every entry in /, such that the only difference compared to the “real” system is the extra /gnu/store. Note: we had this discussion about ‘guix run’ with Mike Gerwitz and Rutger not long ago (to run applications in isolated environments). In a pretty similar way, we could generate least-authority wrappers for what you install with ‘guix package’. Like, one could write: guix package -i icecat --least-authority or something like that. Food for thought… Ludo’.
