From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 25 22:30:45 2018 Received: (at submit) by debbugs.gnu.org; 26 Jan 2018 03:30:46 +0000 Received: from localhost ([127.0.0.1]:42994 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eeuiy-00022O-UB for submit@debbugs.gnu.org; Thu, 25 Jan 2018 22:30:45 -0500 Received: from eggs.gnu.org ([208.118.235.92]:53134) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eeuiw-000225-Ua for submit@debbugs.gnu.org; Thu, 25 Jan 2018 22:30:43 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eeuiq-0002iF-OV for submit@debbugs.gnu.org; Thu, 25 Jan 2018 22:30:37 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:43957) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eeuiq-0002i6-Lr for submit@debbugs.gnu.org; Thu, 25 Jan 2018 22:30:36 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44081) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eeuip-0001bj-Kt for guix-patches@gnu.org; Thu, 25 Jan 2018 22:30:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eeuio-0002gl-PO for guix-patches@gnu.org; Thu, 25 Jan 2018 22:30:35 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34345) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eeuin-0002fl-AF; Thu, 25 Jan 2018 22:30:33 -0500 Received: from localhost ([::1]:37479 helo=mikegerwitz-pc.gerwitz.local) by fencepost.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1eeuim-000756-TY; Thu, 25 Jan 2018 22:30:33 -0500 From: Mike Gerwitz To: guix-patches@gnu.org Subject: [PATCH 0/3] guix environment --user, --link-profile, --no-cwd In-Reply-To: <87vag2wopo.fsf@gnu.org> Date: Thu, 25 Jan 2018 22:29:02 -0500 References: <87vag2wopo.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) X-From-Line: 7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9 Mon Sep 17 00:00:00 2001 Message-Id: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit Cc: David Thompson X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On help-guix I initiated a conversation on using IceCat within a container (<87vag2wopo.fsf@gnu.org>). This covers some of the lower-level concepts I was thinking off. Specifically: 0. The ability to hide the user (and home directory) from procsses within t= he container. This includes rewritting mapped paths; 1. Suppressing the behavior of automatically sharing cwd; and 2. Linking $GUIX_ENVIRONMENT to ~/.guix-profile. The first two are for privacy (#1 is for conveinence, since creating an emp= ty dir just to cd into it is a bit klugy as a workaround). #2 was motivated by my needs with font-config, but I can imaging that it'd be useful elsewhere as well. It only really makes sense if you're not sharing your home directory. Mike Gerwitz (3): scripts: environment: Add --link-profile. scripts: environment: Add --user. scripts: environment: Add --no-cwd. doc/guix.texi | 59 +++++++++++++- guix/scripts/environment.scm | 178 +++++++++++++++++++++++++++++++++++----= ---- tests/guix-environment.sh | 30 ++++++++ 3 files changed, 233 insertions(+), 34 deletions(-) =2D-=20 2.15.1 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJaaqB+AAoJEIyRe39dxRuiafEP/jmJii6A75ckdrFAqTxPZYtO uxLCDYE4JF38e1n1pnNg8bS8djW0NGkYbXD3p9zqj870zs9zCv+gwsI6hQO+FTXw fhbrSU7cjOXWubNF/u15NM6NMeQ8bMz/MZmCukVO15Wdux+A67LLIGq6w10R/Xkt M01B4KsqTVg1OV8gY/4TJsa7DTVRUpjIJHj5YkEeKXnhiDB3CX/msIz3pCQDwAbh K396M1ZttJQKGhDJbwU9p5MQxdrZY19b2YZHv3x1NdaOECwf7ZvhXQn98b85HJmr 3akpAIlbnt3HL6ZWEZzRsp9ybMSkZupjmrQKTKQCBDUTZDx9ZdbmgFfdhSVXFgxa vYc6XeIIZ6PRFxzdhBQ7adBjkg9fw/N+cnIZi6ykZyfKkZ/wcoYeb8sKSIMeJv6K lqQBGFQFejNXuDruZNOZGSxazRQlsiuAg8ziu4hjNRG2Vm62tIyY6G5cSyfzfj6Z G0e2gei10xLrXKJU6nMEM7BR8G3MwWr2gK5+AG5NxNgiePglxJlZBPpoEUS44Crq fBWOELDjS7RAVrQhP6gdg8TbjoWUFWj88m1gs+cH0IEwM9bTMXA6meOvNbCBK64h NuDkZGdCFwvouNkzEHGI55W6jZO7rHUcLzdULnlRQ8CqVC5t9pF+T2xRRrb9ch+z 9QQepdbHsOhwgvqSAe88 =o/jn -----END PGP SIGNATURE----- --=-=-=--