[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V suppo
From: |
Ludovic Courtès |
Subject: |
Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support |
Date: |
Thu, 30 Aug 2018 14:31:42 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hello Guix!
address@hidden (Ludovic Courtès) skribis:
> Specifically there are two things we can implement:
>
> 1. A ‘guix run’ command along the lines of
> <https://lists.gnu.org/archive/html/help-guix/2018-01/msg00108.html>.
>
> 2. A mechanism that would allow, say, ‘guix package -i PKG --pola’ to
> automatically add “least-authority wrappers” around the binaries of
> PKG, pretty much like ‘guix pack --relocatable’ does (see
> ‘wrapped-package’ in (guix scripts pack)).
Speaking of which, a colleague of mine told me about Whalebrew
<https://github.com/bfirsh/whalebrew>, which takes a somewhat similar
approach:
Whalebrew creates aliases for Docker images so you can run them as if
they were native commands. It's like Homebrew, but with Docker images.
Docker works well for packaging up development environments, but there
are lots of tools that aren't tied to a particular project: awscli for
managing your AWS account, ffmpeg for converting video, wget for
downloading files, and so on. Whalebrew makes those things work with
Docker, too.
There’s this important difference:
Packages are Docker images published on Docker Hub.
Ludo’.
- Long term plan for GuixSD security: microkernels, ocap, RISC-V support, Christopher Lemmer Webber, 2018/08/23
- Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support, Ricardo Wurmus, 2018/08/23
- Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support, Ludovic Courtès, 2018/08/24
- Re: Long term plan for GuixSD security: microkernels, ocap, RISC-V support,
Ludovic Courtès <=