From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Bavier Subject: Re: Anyone working on packaging Firejail? Date: Fri, 21 Dec 2018 09:39:22 -0600 Message-ID: <20181221093922.174232e0@centurylink.net> References: <0e147b49-4a5a-c269-5973-8709e6c37ba6@riseup.net> <87r2eciqge.fsf@ambrevar.xyz> <579539a2-0818-fc75-4a04-ddeb6708ef7a@riseup.net> <878t0kkw78.fsf@dismail.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/HDyPY0scGBB5ElrNWctv9U_"; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45462) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gaMtl-0004eX-1D for guix-devel@gnu.org; Fri, 21 Dec 2018 10:39:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gaMth-00028Q-OC for guix-devel@gnu.org; Fri, 21 Dec 2018 10:39:36 -0500 Received: from mail.onyx.syn-alias.com ([206.152.134.66]:8237 helo=smtp.centurylink.net) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gaMth-00027l-Fg for guix-devel@gnu.org; Fri, 21 Dec 2018 10:39:33 -0500 In-Reply-To: <878t0kkw78.fsf@dismail.de> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Joshua Branson Cc: guix-devel@gnu.org --Sig_/HDyPY0scGBB5ElrNWctv9U_ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 20 Dec 2018 11:19:07 -0500 Joshua Branson wrote: > swedebugia writes: >=20 > > On 2018-12-20 13:17, swedebugia wrote: =20 > >> On 2018-12-20 08:53, Pierre Neidhardt wrote: =20 > >>> Can anyone weigh the pros and cons between Firejail and Guix containe= rs? > >>> =20 > >> > >> Yeah, good idea. > >> > >> Is guix container using kernel namespaces? > >> > >> Our manual[1] did not say. If yes then I think we should advertise > >> this on the front page! > >> > >> A run your browser in a container example script would also be nice. > >> > >> I think we already have all the features beside the gui of firetools. = :D > >> =20 > > > > Found this! > > > > Run icecat, a browser, in a container with > > > > guix environment --container --network --share=3D/tmp/.X11-unix > > --ad-hoc icecat > > export DISPLAY=3D":0.0" > > icecat =20 >=20 > Is there a way to do this automatically? ie: you don't have to type > guix environment --container .... icecat? You just type "icecat?" That is the major advantage Firejail has over 'guix environment --container' currently. It contains a large collection of "profiles" for different applications, specifying how exactly to jail them so that they can still function. I believe we'd be able to achieve something similar with some sort of "environment configuration" manifest-type thing. `~Eric --Sig_/HDyPY0scGBB5ElrNWctv9U_ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoMXjUi7471xkzbfw/XPKxxnTJWYFAlwdCSoACgkQ/XPKxxnT JWaexw//d+6Lmxoh2GDuFHICOBLzem1/Do30a4Q2wVc4mreHpHiho2NWItTeZNFM ntp/U3SLr94OO002XsI9Di/M7WYLW96bbdOBvN8lXDhDmO+jO4SrCnLZFs37c4fI ZuIC3pqUQq8JzAiN4AAHQoVoLt9p3hlnpwEkeoohV7T9hPghfnkLclHVt0N4Qpje aMv6TDUdIzwZOTJjyMhEVJzwXSWcWvl3a+DYbECrIebbjCwdQjEwVYpNjOhEWqVv mVxyoLj+7Frn/9RLvIl8bYL2I8Gg3FsU0rUmbb/4TdSN3O8ct5PAN1BjpgVijs5w BuS45yviVh87UG9mzrh5tIvHmJK9WqIBu4tcC8DCcReamLIQhbnzEVAm6d+lGVwl q4qTA8gj37SjMA9hjbay7IpRI6Vp/fuEgBQ53WIcjd/fnN1UR7Ktg+ZgExTcuM0Z BqdyCH7TcR6GafVNZOv0Mw0Gbq744/x4ltzJBRBNDEWswjCkgc5VEkoKzJswKVh/ 6xgxjUePiMqTvlz0qqtew+j6gnzLz0X6FxkPDMu+o4sKnsVGxHeSMXAsh+36X14P VExH9uzVWbf+vm4uXa72ibMs0oSp76eykxVmvMLPg/WHk71/EBCkU0gZVlQucdxU 2x/ohjCxJsyIg+LMLDnh0lRBzybAdtyFMhZ/JPecXk4KUHyqNOM= =2mPO -----END PGP SIGNATURE----- --Sig_/HDyPY0scGBB5ElrNWctv9U_--