Mekeor Melire <[email protected]> writes:
> An alternative would be to implement some kind of isolation. But > channels and package declarations are just scheme/guile code, so they > will probably always be able to run arbitrary commands on the server. Guile has some sandboxing features. It would be an option to evaluate channel modules in a restricted environment with (ice-9 sandbox). That would benefit all of Guix. > Another approach would be isolation. For each channel, we could run > hpcguix-web inside a Docker-container so that there's some isolation. > Then, we'd need to run another web-service which "bundles" the > packages.json files of all single-channel, dockerized hpcguix-web > instances. But: > > (1.) Does Docker really offer sufficient isolation? No more than “guix shell -C”. There’s no good reason to use Docker when you already have Guix. The Docker service exists for when you have a Docker container image that you must use, not because its containerization is superior to “guix shell -C”. -- Ricardo
