On January 24, 2021, Pjotr Prins <pjotr.public12@thebird.nl> wrote:

I was just thinking that it should be possible to login with ssh into
a GNU Guix shell running in a container that gets fired up by the
sshd. I am thinking about a safe shell for fetching files. If this
works no chroot setup is required.

Or is this a really dumb idea :)

I haven't seen any serious audit investigating security properties of Guix containers. I do not think it's dumb to try this as an experiment, but I do think it would be malpractice to trust user data with this system before appropriately thorough evaluation.