From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44236) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eeujH-0001ez-Mm for guix-patches@gnu.org; Thu, 25 Jan 2018 22:31:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eeujG-0002vr-Eh for guix-patches@gnu.org; Thu, 25 Jan 2018 22:31:03 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:35106) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eeujG-0002vd-Bd for guix-patches@gnu.org; Thu, 25 Jan 2018 22:31:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eeujG-00023b-3S for guix-patches@gnu.org; Thu, 25 Jan 2018 22:31:02 -0500 Subject: [bug#30254] [PATCH 0/3] guix environment --user, --link-profile, --no-cwd Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44081) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eeuip-0001bj-Kt for guix-patches@gnu.org; Thu, 25 Jan 2018 22:30:36 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eeuio-0002gl-PO for guix-patches@gnu.org; Thu, 25 Jan 2018 22:30:35 -0500 From: Mike Gerwitz In-Reply-To: <87vag2wopo.fsf@gnu.org> Date: Thu, 25 Jan 2018 22:29:02 -0500 References: <87vag2wopo.fsf@gnu.org> Message-Id: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 30254@debbugs.gnu.org Cc: David Thompson --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On help-guix I initiated a conversation on using IceCat within a container (<87vag2wopo.fsf@gnu.org>). This covers some of the lower-level concepts I was thinking off. Specifically: 0. The ability to hide the user (and home directory) from procsses within t= he container. This includes rewritting mapped paths; 1. Suppressing the behavior of automatically sharing cwd; and 2. Linking $GUIX_ENVIRONMENT to ~/.guix-profile. The first two are for privacy (#1 is for conveinence, since creating an emp= ty dir just to cd into it is a bit klugy as a workaround). #2 was motivated by my needs with font-config, but I can imaging that it'd be useful elsewhere as well. It only really makes sense if you're not sharing your home directory. Mike Gerwitz (3): scripts: environment: Add --link-profile. scripts: environment: Add --user. scripts: environment: Add --no-cwd. doc/guix.texi | 59 +++++++++++++- guix/scripts/environment.scm | 178 +++++++++++++++++++++++++++++++++++----= ---- tests/guix-environment.sh | 30 ++++++++ 3 files changed, 233 insertions(+), 34 deletions(-) =2D-=20 2.15.1 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJaaqB+AAoJEIyRe39dxRuiafEP/jmJii6A75ckdrFAqTxPZYtO uxLCDYE4JF38e1n1pnNg8bS8djW0NGkYbXD3p9zqj870zs9zCv+gwsI6hQO+FTXw fhbrSU7cjOXWubNF/u15NM6NMeQ8bMz/MZmCukVO15Wdux+A67LLIGq6w10R/Xkt M01B4KsqTVg1OV8gY/4TJsa7DTVRUpjIJHj5YkEeKXnhiDB3CX/msIz3pCQDwAbh K396M1ZttJQKGhDJbwU9p5MQxdrZY19b2YZHv3x1NdaOECwf7ZvhXQn98b85HJmr 3akpAIlbnt3HL6ZWEZzRsp9ybMSkZupjmrQKTKQCBDUTZDx9ZdbmgFfdhSVXFgxa vYc6XeIIZ6PRFxzdhBQ7adBjkg9fw/N+cnIZi6ykZyfKkZ/wcoYeb8sKSIMeJv6K lqQBGFQFejNXuDruZNOZGSxazRQlsiuAg8ziu4hjNRG2Vm62tIyY6G5cSyfzfj6Z G0e2gei10xLrXKJU6nMEM7BR8G3MwWr2gK5+AG5NxNgiePglxJlZBPpoEUS44Crq fBWOELDjS7RAVrQhP6gdg8TbjoWUFWj88m1gs+cH0IEwM9bTMXA6meOvNbCBK64h NuDkZGdCFwvouNkzEHGI55W6jZO7rHUcLzdULnlRQ8CqVC5t9pF+T2xRRrb9ch+z 9QQepdbHsOhwgvqSAe88 =o/jn -----END PGP SIGNATURE----- --=-=-=--