Re: Running untrusted code as root in a `guix system vm`?

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Running untrusted code as root in a `guix system vm`?

From:	Simon Tournier
Subject:	Re: Running untrusted code as root in a `guix system vm`?
Date:	Thu, 15 Feb 2024 17:56:09 +0100

Hi,

On ven., 29 déc. 2023 at 23:40, Ben Weinstein-Raun <root@benwr.net> wrote:

> I'm considering running some software inside a VM created using `guix
> system vm`. The easiest thing to do would be to run the virtualized
> software as root. Normally I wouldn't think twice about that, but iiuc
> the guest will have the host's /store mounted. Am I right that this
> should make me nervous about running untrusted things as root in the VM?
> Or is there some trick by which a root process in the VM is prevented
> from destructively changing /store?

What do you mean by “destructively changing /store”?

Cheers,
simon

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Running untrusted code as root in a `guix system vm`?, Simon Tournier <=

Prev by Date: Re: guix offload
Next by Date: Re: Guix-packaged Emacs 29+ alpha-background parameter does not work
Previous by thread: Re: guix offload
Next by thread: Re: Guix-packaged Emacs 29+ alpha-background parameter does not work
Index(es):
- Date
- Thread