[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help understand some guix concepts

From: Amirouche Boubekki
Subject: Re: Help understand some guix concepts
Date: Mon, 01 Jan 2018 21:39:35 +0000

On Mon, Jan 1, 2018 at 8:31 PM Amirouche Boubekki <address@hidden> wrote:

It's a long time I did not read the manual. So I read he manual this afternoon.

I have to say that I don't really understand some guix concepts and how they map to the rest of the world.

Can someone try to explain to me how the following concepts are related to each other:

Environments, profiles, gc roots, root filesystem, chroot, containers, docker and lxc


Sorry, it deserves a bit more explanation.

I know what chroot command is. It change the root directory. For instance, I can do the following:

$ mkdir tmp && cd tmp
$ tar xvf $(guix pack --symlink=/bin=bin guile)
$ sudo chroot . /bin/guile

And then guile will be running inside the tmp directory without access to the rest of the filesystem except if I mount --bind something inside the tmp directory.

As wikipedia explains it, it used for:

- Testing and development
- Dependency control
- Compatibility
- Recovery
- Privilege separation

In the past I used, chroot to run a gentoo build system on top of any other distribution. The result is that the developer is free to use whatever distribution they want as long as they can chroot inside the development rootfs which is possibly another distro or another version of the same distribution.

Q: Does chroot guix/sd use chroot?
Q: Do guix developers use chroot somehow?

In particular, using chroot, processus are not separated somehow from the host system; You don't get another IP and you have the same ports namespace.

What I call root filesystem is what is found that / in the filesystem where in debian there is /usr, /proc, /dev etc...

That's the result of the following command:

$ guix system init ~/src/guile/guix/git/gnu/system/install.scm .

Then I can chroot inside that directory if I want and I will be somewhat like in a guixsd.

Q: Do guix developers use 'guix system init' in combination with chroot?

Now, I will mention containers. I know little about cgroups, but I know it's a feature of the Linux kernel.

Q: Does guix/sd use cgroups?

The most popular tools using cgroups are Docker and LXC. They have very different approach to containers. AFAIU, Docker re-invent the wheel (?) of how networking, filesystem and prolly how other stuff happens in the GNU/Linux world. Whereas LXC re-use concepts with which people that used to play with VMs are familiar with. For instance, LXC networking setup re-use commands like ip or brctl. Docker use a concept of images that made Docker famous and a single command to download & execute whatever program you want... But the most intriguing thing in Docker, is that they are against using systemd (or similar tool) inside containers to run multiple procesus inside the container. Basically, PID 1 in the container must be the PID of the application. That's why Docker call it: application containers. Whereas LXC containers are system containers.

One thing that took me long time to understand regarding the distinction between containers and simple chroot, is that in the case of chroot there is no processus managing the chroot. Whereas a container appears as processus in the host system.

Q: Does guix/sd containers enforce an image format?
Q: Can guix/sd use images? What are the advantages?
Q: How does networking happens in guix/sd?
Q: Is it possible to bind multiple interfaces via a bridge on the host system to the container?
Q: Is it possible or recommended to run shepherd inside a guix container?

Q: isn't AppImage a "combination" of 'guix pack' and 'guix container'.

Q: Is it possible to have Xorg running inside a container and then use ssh -X to access it? Is there a way to avoid the ssh -X?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]