"Zhu Zihao" writes: > Hi, Guix users! > > > I found guix container "created by `guix > environment --container` or `guix system > container`" is very useful to isolate some > service. But it only supports fully isolated > network namespace or just share with host, it's > not so safe IMO. > > > > In Docker, there's port forwarding, allows you to > share some ports of Guix container with host. I > just learn something about docker's network > mechanism, it looks quite complicated. It use veth > pair, network bridge and even iptables. Is there > some idiomatic way to implement such port > forwarding feature for Guix containers? > > > Any answer or suggestions are appreicated. > I don't know if this is helpful, but you could start a container with network access by passing the "-N" flag. Here's an example: --8<---------------cut here---------------start------------->8--- ./pre-inst-env guix environment -N --ad-hoc wget -- wget "some-url" --8<---------------cut here---------------end--------------->8--- I don't know if this is feasible, but you could try using some third party tool to limit ports from _inside_ the container... HTH! -- Bonface M. K. Chief Emacs Bazu / Rieng ya software sare Mchochezi of: / Twitter: @BonfaceKilz GPG Key: D4F09EB110177E03C28E2FE1F5BBAE1E0392253F