Hi, Andres Loeh <[EMAIL PROTECTED]> writes:
> Sorry for the long delay. I've finally typed in the summary > of our FOSDEM meeting. Thanks, that's informative and nice for those of use who weren't able to attend! > - implement an strace/ptrace-based purity checker for Nix packages Have a look at Plash, http://plash.beasts.org/. It allows the creation of sandboxed processes and provides an easy interface to control the creation of the sandbox' file system. Example: pola-run /foo/the-program \ -f /bin/sh \ -t /foo/the-program /usr/bin/the-program \ -tw /home/foo ~/.home-for-the-program This runs `/usr/bin/the-program' in a file system as follows: /bin/sh (read-only) /foo/the-program (read-only, mapped from `/usr/bin/the-program') /home/foo (read-write, mapped from `~/.home-for-the-program') So it would be easy to hide anything beyond `/nix/' and `/bin/sh'. Thanks, Ludovic. _______________________________________________ nix-dev mailing list [email protected] https://mail.cs.uu.nl/mailman/listinfo/nix-dev
