[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running IceCat in a container

From: Mike Gerwitz
Subject: Re: Running IceCat in a container
Date: Tue, 16 Jan 2018 21:25:19 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)

On Tue, Jan 16, 2018 at 17:30:42 +0100, Ludovic Courtès wrote:
> “guix environment -C” makes $PWD shared; if you do (cd /tmp; guix
> environment -C …), then /tmp is shared but not $HOME.

I am doing that (I made a ~/.empty so as not to expose /tmp contents),
but that still creates the home dir (as documented):

  $ pwd && guix environment -C coreutils -- ls /home

>> Is there a reasonable solution here?  Should I create a separate user
>> entirely and then just share the entire home directory?  I'm not sure
>> how that might impact X11 socket sharing, though.  Can I maybe
>> pre-create an image, already having run fc-cache, and run that image as
>> a container (like one would with Docker?)?  But that wouldn't solve my
>> user privacy issue.
> Perhaps you could define a package that simply runs “fc-cache” with the
> fonts it has as inputs, and then pass that to ‘guix environment’.

Oh, interesting; I wouldn't have thought of that.  If there is a general
solution/script, I think this needs to be considered---automatically
including system fonts; any program that displays text needs a broad
range of UTF-8/multi-lingual font support.  If I were to containerize my
shell, I'd have the same problem.

> But really, we should make a specific tool for this.
> Thoughts?

Yes, though I'd be curious how you'd approach it---each package requires
certain paths be shared, and those paths would further depend on user
privacy preferences, so need to be able to be overridden.  Perhaps it'd
be useful for those paths to be part of a package definition---the paths
that a program creates/uses at runtime, and perhaps additional metadata
associated with them, such as whether the path is necessary for its
operation (will it break the program if it's ephemeral or
read-only?).  Something extensible for the future.

Those directory metadata may have other uses that may make it worth
adding, but I haven't given it much thought.  For example, if a user
wishes to purge a package from her system, she could opt to purge those
paths from her home directory.  Or maybe Guix could create a backup of
user preferences such that a restoration would involve only a list of
packages and a tarball of those directories.  Might be useful for
provisioning as well.

Just some thoughts.  I'm too new to Guix to provide much.

Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]