guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Profiles/manifests-related command line interface enhancements

From: Bengt Richter
Subject: Re: Profiles/manifests-related command line interface enhancements
Date: Wed, 13 Nov 2019 12:58:21 -0800
User-agent: Mutt/1.12.1 (2019-06-15) 
Hi Andy, Guix...

On +2019-11-12 09:55:27 +0100, Andy Wingo wrote:
> On Sun 10 Nov 2019 10:36, Konrad Hinsen <address@hidden> writes:
> 
> > One direction could be to add a sandboxing feature to Guile, which would
> > be nice-to-have for other uses as well if Guile is to become a
> > general-purpose systems scripting language. There are some interesting
> > ideas in shill (http://shill.seas.harvard.edu/) for this scenario.
> 
> I wrote this for that purpose:
> 
>   
> https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html
> 
> However I can't recommend it as a robust security layer because of the
> weaknesses in the heap allocation limit; discussed in the page above.
> 
> I agree that Shill has some great patterns that go beyond what Guile or
> Guix has, and that adopting some of them is a really interesting idea
> :-)
> 
> I admit that I was a bit depressed at the impact that Spectre et al has
> had on language-level sandboxing abstractions :-( and haven't much
┌───────────────────────────────────────────────────────────────────────────┐
│ > pursued this line since then.  In practice Guix's "containerized" build │
│ > jobs are much more effective than in-language barriers.                 │
└───────────────────────────────────────────────────────────────────────────┘
> 
> Cheers,
> 
> Andy
> 
Would it be possible to have a sand-box daemon like the build daemon
which could run sandboxed guile expressions safely?

If designed for the future, maybe such a daemon's interface could anticipate
replacing the daemon and talking to a hypervisor dom0 as in Qubes-OS?

-- 
Regards,
Bengt Richter
--8<----(OT PS)-----------cut here---------------start------------->8---
Andy, have you looked at glTF and sketchfab?
Would you be interested in bringing that kind of 3D graphics into
the Guix package world? (or are you or someone already doing something? :)

https://sketchfab.com/features/gltf

Have a look with firefox (my icecat on top of weston-launch shows the static
images beautifully, but no dynamics, need to get js going).
Play with rotating and zooming, really nice, plus animated stuff ;-)
I think it would be super-cool to have this 3D modeling capability
for Guix presentations, toys and fun ;-)
--8<----(OT PS)-----------cut here---------------end--------------->8---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]