These patches form a prototype for Guix inferiors, that are isolated. Access to the inferior Guix is done through running a REPL as a separate process. These patches provide a way of launching that REPL in an isolated environment through Linux namespaces, providing some isolation from the wider system. These patches should work, at least enough to get the derivations for packages within the inferior Guix, as well as doing 'guix pull' within the inferior Guix. They're not ready to be merged just yet though. I think some of the approaches are a little odd (e.g. using (ice-9 popen) internals) and I've got no idea if the isolation is actually working properly. Christopher Baines (4): utils: Add #:base-directory to call-with-temporary-directory. linux-container: Add 'start-child-in-container'. inferior: Add a shared-directory field to inferior: Add 'open-inferior/container'. gnu/build/linux-container.scm | 82 +++++++++++++++++++++++++++++++ guix/inferior.scm | 90 ++++++++++++++++++++++++++++++----- guix/utils.scm | 4 +- 3 files changed, 163 insertions(+), 13 deletions(-)