From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Containers on Guix Date: Thu, 20 Nov 2014 15:51:48 +0100 Message-ID: <877fypudq3.fsf@gnu.org> References: <87lhn6eh12.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55202) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XrT5Y-0001MF-F4 for guix-devel@gnu.org; Thu, 20 Nov 2014 09:52:13 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XrT5L-0004kX-Bs for guix-devel@gnu.org; Thu, 20 Nov 2014 09:52:04 -0500 Received: from hera.aquilenet.fr ([2a01:474::1]:34208) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XrT5L-0004jw-5q for guix-devel@gnu.org; Thu, 20 Nov 2014 09:51:51 -0500 In-Reply-To: <87lhn6eh12.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me> (David Thompson's message of "Wed, 19 Nov 2014 21:34:49 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: David Thompson Cc: guix-devel@gnu.org Hello! Disclaimer: I=E2=80=99ve never used systemd-nspawn, and I=E2=80=99m not kno= wledgeable in this area. :-) AIUI, =E2=80=9Ccontainers=E2=80=9D are basically what the daemon creates: a= n execution environment that uses a separate file system name space, network name space, etc. (see =E2=80=98DerivationGoal::startBuilder=E2=80=99 in libstore= /build.cc.) For what you have in mind, one may want to be able to select which parts should be separate (apparently systemd-nspawn allows that), rather than the completely-isolated policy of guix-daemon. So, in terms of functionality, I think we want that subset of the daemon, in a more modular fashion (that subset would also be useful for Plash-like sandboxed execution, something I=E2=80=99d like to have eventual= ly.) It doesn=E2=80=99t have to be part of the init system IMO, because it doesn= =E2=80=99t have much to do with it. However, there has to be a mediating process with root privileges that can create these containers on behalf on unprivileged users=E2=80=93much like guix-daemon. In terms of code, I can think of several approaches. 1. Fork guix-daemon, and modularize it to do what we want. Perhaps it would be enough to add RPCs to create and configure a container (see worker-protocol.hh and (guix store).) Alternately, create a C library that provides just the container-handling logic (possibly with Guile bindings), and use it to write a separate daemon responsible for container handling. 2. Translate/rewrite the container-handling logic in Scheme. Use it to write a separate daemon, with the eventual goal of having a new build daemon that uses the same code base (all in Scheme.) 3. Use LXC to implement containers (?). liblxc seems to be perhaps too high-level from the examples on the web page; does anyone know? #2 is forward-looking, but quite a lot of work. #1 and #3 are more pragmatic. I hope that makes some sense. Ludo=E2=80=99.