On Thu, 20 Dec 2018 11:19:07 -0500
Joshua Branson <jbranso@dismail.de> wrote:

> swedebugia <swedebugia@riseup.net> writes:
> 
> > On 2018-12-20 13:17, swedebugia wrote:  
> >> On 2018-12-20 08:53, Pierre Neidhardt wrote:  
> >>> Can anyone weigh the pros and cons between Firejail and Guix containers?
> >>>  
> >>
> >> Yeah, good idea.
> >>
> >> Is guix container using kernel namespaces?
> >>
> >> Our manual[1] did not say. If yes then I think we should advertise
> >> this on the front page!
> >>
> >> A run your browser in a container example script would also be nice.
> >>
> >> I think we already have all the features beside the gui of firetools. :D
> >>  
> >
> > Found this!
> >
> > Run icecat, a browser, in a container with
> >
> >     guix environment --container --network --share=/tmp/.X11-unix
> > --ad-hoc icecat
> >     export DISPLAY=":0.0"
> >     icecat  
> 
> Is there a way to do this automatically?  ie:  you don't have to type
> guix environment --container .... icecat?  You just type "icecat?"

That is the major advantage Firejail has over 'guix environment
--container' currently.  It contains a large collection of "profiles"
for different applications, specifying how exactly to jail them so that
they can still function.

I believe we'd be able to achieve something similar with some sort of
"environment configuration" manifest-type thing.

`~Eric