Re: Profiles/manifests-related command line interface enhancements

unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Bengt Richter <bokr@bokr.com>
To: Andy Wingo <wingo@igalia.com>
Cc: guix-devel@gnu.org
Subject: Re: Profiles/manifests-related command line interface enhancements
Date: Wed, 13 Nov 2019 12:58:21 -0800	[thread overview]
Message-ID: <20191113201424.GA899@PhantoNv4ArchGx.localdomain> (raw)
In-Reply-To: <87ftit324g.fsf@igalia.com>

Hi Andy, Guix...

On +2019-11-12 09:55:27 +0100, Andy Wingo wrote:
> On Sun 10 Nov 2019 10:36, Konrad Hinsen <konrad.hinsen@fastmail.net> writes:
> 
> > One direction could be to add a sandboxing feature to Guile, which would
> > be nice-to-have for other uses as well if Guile is to become a
> > general-purpose systems scripting language. There are some interesting
> > ideas in shill (http://shill.seas.harvard.edu/) for this scenario.
> 
> I wrote this for that purpose:
> 
>   https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html
> 
> However I can't recommend it as a robust security layer because of the
> weaknesses in the heap allocation limit; discussed in the page above.
> 
> I agree that Shill has some great patterns that go beyond what Guile or
> Guix has, and that adopting some of them is a really interesting idea
> :-)
> 
> I admit that I was a bit depressed at the impact that Spectre et al has
> had on language-level sandboxing abstractions :-( and haven't much
┌───────────────────────────────────────────────────────────────────────────┐
│ > pursued this line since then.  In practice Guix's "containerized" build │
│ > jobs are much more effective than in-language barriers.                 │
└───────────────────────────────────────────────────────────────────────────┘
> 
> Cheers,
> 
> Andy
> 
Would it be possible to have a sand-box daemon like the build daemon
which could run sandboxed guile expressions safely?

If designed for the future, maybe such a daemon's interface could anticipate
replacing the daemon and talking to a hypervisor dom0 as in Qubes-OS?

-- 
Regards,
Bengt Richter
--8<----(OT PS)-----------cut here---------------start------------->8---
Andy, have you looked at glTF and sketchfab?
Would you be interested in bringing that kind of 3D graphics into
the Guix package world? (or are you or someone already doing something? :)

https://sketchfab.com/features/gltf

Have a look with firefox (my icecat on top of weston-launch shows the static
images beautifully, but no dynamics, need to get js going).
Play with rotating and zooming, really nice, plus animated stuff ;-)
I think it would be super-cool to have this 3D modeling capability
for Guix presentations, toys and fun ;-)
--8<----(OT PS)-----------cut here---------------end--------------->8---

next prev parent reply	other threads:[~2019-11-13 20:58 UTC|newest]

Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-23 16:37 Profiles/manifests-related command line interface enhancements Pierre Neidhardt
2019-10-24  9:00 ` Mark H Weaver
2019-10-24  9:32   ` Pierre Neidhardt
2019-10-24 16:28     ` Pierre Neidhardt
2019-10-24 16:42     ` Danny Milosavljevic
2019-10-24 18:16       ` Pierre Neidhardt
2019-10-24 19:23         ` Mark H Weaver
2019-10-24 20:04           ` Pierre Neidhardt
2019-10-24 21:35             ` Mark H Weaver
2019-10-25  9:29               ` Pierre Neidhardt
2019-10-31 11:38                 ` Pierre Neidhardt
2019-11-03 14:18 ` Ludovic Courtès
2019-11-04 10:39   ` Pierre Neidhardt
2019-11-04 11:06     ` zimoun
2019-11-05  6:26     ` Konrad Hinsen
2019-11-05  8:35       ` Hartmut Goebel
2019-11-05  9:03         ` Konrad Hinsen
2019-11-05  9:09           ` Hartmut Goebel
2019-11-05  9:22             ` Pierre Neidhardt
2019-11-05 15:36       ` zimoun
2019-11-05 16:05         ` Konrad Hinsen
2019-11-06 12:09           ` zimoun
2019-11-07 13:07             ` Konrad Hinsen
2019-11-06 17:07           ` Ludovic Courtès
2019-11-06 22:21             ` Bengt Richter
2019-11-07 13:52             ` Konrad Hinsen
2019-11-06 16:35       ` Ludovic Courtès
2019-11-07  7:46         ` Konrad Hinsen
2019-11-07  9:04           ` Pierre Neidhardt
2019-11-07 11:14             ` Konrad Hinsen
2019-11-07 11:36               ` Pierre Neidhardt
2019-11-09 17:59               ` Ludovic Courtès
2019-11-10  9:36                 ` Konrad Hinsen
2019-11-11 15:56                   ` A better XML, config is code (was Re: Profiles/manifests-related command line...) Giovanni Biscuolo
2019-11-13 15:28                     ` Konrad Hinsen
2019-11-12  8:55                   ` Profiles/manifests-related command line interface enhancements Andy Wingo
2019-11-12 20:07                     ` Konrad Hinsen
2019-11-13 20:58                     ` Bengt Richter [this message]
2019-11-16 22:02                   ` Ludovic Courtès
2019-11-17 10:44                     ` Konrad Hinsen
2019-11-18 14:25                       ` zimoun
2019-11-19 10:24                         ` Konrad Hinsen
2019-11-23 17:10                       ` Ludovic Courtès
2019-11-25 11:06                         ` Konrad Hinsen
2019-11-26  9:51                           ` On DSLs Ludovic Courtès
2019-12-02 19:05                             ` zimoun
2019-12-02 19:11                               ` Julien Lepiller
2019-12-03 10:19                                 ` Konrad Hinsen
2019-12-03 14:12                                   ` Ricardo Wurmus
2019-12-03 15:46                                     ` zimoun
2019-12-04  6:33                                     ` Bengt Richter
2019-12-10 16:26                                 ` Ludovic Courtès
2019-12-08  8:48                               ` Konrad Hinsen
2019-12-03 10:26                             ` Konrad Hinsen
2019-12-03 12:00                               ` zimoun
2019-11-11 14:13           ` Profiles/manifests-related command line interface enhancements Hartmut Goebel
2019-11-16 22:27           ` Ludovic Courtès
2019-11-17 11:30             ` Konrad Hinsen
2019-11-18 14:40               ` zimoun
2019-12-22 19:40               ` Andreas Enge
2019-12-22 20:39                 ` Pjotr Prins
2019-11-18 14:15             ` zimoun
2019-11-26  9:36               ` Ludovic Courtès
2019-11-06 16:42     ` Ludovic Courtès
2019-11-07 12:57       ` zimoun
2019-11-17 10:35         ` Package inputs in manifests Ludovic Courtès
2019-11-17 23:11           ` Bengt Richter
2019-11-18 17:14             ` zimoun
2019-11-23 14:05             ` Ludovic Courtès
2019-11-24  5:49               ` Bengt Richter
2019-11-24  7:17                 ` Timothy Sample
2019-11-25  3:42                   ` Bengt Richter
2019-11-18 16:18           ` zimoun

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191113201424.GA899@PhantoNv4ArchGx.localdomain \
    --to=bokr@bokr.com \
    --cc=guix-devel@gnu.org \
    --cc=wingo@igalia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).