From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id IEkfNnK272PLZwEAbAwnHQ (envelope-from ) for ; Fri, 17 Feb 2023 18:16:35 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id GKQdNXK272Mo1gAAG6o9tA (envelope-from ) for ; Fri, 17 Feb 2023 18:16:34 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A91583790F for ; Fri, 17 Feb 2023 18:16:34 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=nMg5Zv6P; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=key1; d=yhetil.org; t=1676654194; a=rsa-sha256; cv=none; b=AjghkfWJ0hRdkRZ0hcrS/bhS93yp01InV1rwcgrUg+e5/DdFxiikVBYIt6vpU+znik9fnl VCJ9zsHWm8azTnABFYJPUYE2iHVc9OITPkKkRYeIInGsaqQ0lTKH8TFs6qZ/JaUCOGCzze Y8brllraMLWZvytOppb+NCO+dQ6isfFy6A9Ja0g4KE4yOFar+3KKL+k1ycx/SS9MN8NzgC Bmz6zrTQ+B9UxMtbGOFWCnfQmU+5e2AoR5vTLMz6gtb31xEh6wjGu4kdjBMLSWvTS2Lwob W3YrTDFwbZ4Tqfkt0Z8YGdWZ3dgY4viCYJb9Vj+y+vyAeGKhu6LekX/Nr3Dnsw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=nMg5Zv6P; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1676654194; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=uo1Aaen/04cNyxU12iKkSLdQavCE9XUwKZ9UKp2VEkI=; b=t48HdsV9Iv8zHd80o+y0ONopskeLUc6B/9j54zaE/CRi5k3HxTeAf3udvBQUGKN3sXNKzC LRL7gSbFMpca8d8kD/cCv8B8HzTt/ZUQuUw/wT08BkPUsyZQKYPfa57shBRXAd/5F7tOk5 qc5UZIci0lUb7vlThc7GbaTP68u4w7sTxpMm4gccsg3cI8Ad4llJfplP2fpjB6MS3w2sFD WpTY6zMvFHvEKVSepZ/xffYoAzU+IFgAB4R6yn04wL4AxmG3pbtsvxE9SABEOWpu1KRSwe PTd0OxGYIyDLxXHf/WkrST0DaJjKrAxJTm2GyKrNDPlM8b2yXf+qXldEUDSAAQ== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pT4LG-0000gu-Eg; Fri, 17 Feb 2023 12:16:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pT4LD-0000gW-7g for guix-devel@gnu.org; Fri, 17 Feb 2023 12:16:11 -0500 Received: from mail-wm1-x32a.google.com ([2a00:1450:4864:20::32a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pT4LB-0003UV-ON for guix-devel@gnu.org; Fri, 17 Feb 2023 12:16:10 -0500 Received: by mail-wm1-x32a.google.com with SMTP id f19so1432705wml.3 for ; Fri, 17 Feb 2023 09:16:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uo1Aaen/04cNyxU12iKkSLdQavCE9XUwKZ9UKp2VEkI=; b=nMg5Zv6Pz8hHG6HvXLwEWN5sRQXkaKakE0GT4uG9Sdii5t5fhd9XLm2Cm3qQl9ezex QopnvBU1h1sAy04jAGpJMaIaaIeuvuD8gr3aojNpUakE9QvdJxtokStWL2wuwvHrJjWU 554zFyKEEwAJQ5WXd6ZirVJoGSUD5UwhZkfWgebELCWFRwEYHyMhUrA+j5zno/9Gr0QQ 6sJijEGKdvl69imE8/U5+Fwex+Ez809IRRMSAaJmVjTrqKE5ynfh9EGg1VPAuXfX4NfW YectGFMZFtySiHlk+rm3g2QXWIKHokpIdCKu86xHhKn7kkUyWj6frvbBtJVI50/8NLKW nUog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:to:from:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=uo1Aaen/04cNyxU12iKkSLdQavCE9XUwKZ9UKp2VEkI=; b=1hY7dE92KMVOaH3U5YqbtSP02LR5NvwSBVTNq/9+8Wtv5VayjYaWbIkIS/l8WjDDkk +1RTZNrNFFhrhOuT4zFGCfRbhOu9Usv3sJio3raGi+zgivOy0hjzLceaLRclJTK5sQtn zzFhvkfHs2gDst+BGMXIZIxP+kOidWd5Z/M/d9GrlKvWWVzcpyVs4HYkvkoVyq7J3ecV IpyAsQ/TZJdlwwiGkn+VXp2bTB02rZhVKmhnmIOugjbdogLiMAgxDO6uIGR/hSg/n5TI leMFhGkv0yHZmQj+lmVqiqK4LLqx5GEu6eg4pjDDm2UvZeOmsm2VAM/DmGJ/TzrcZpjX +eeA== X-Gm-Message-State: AO0yUKVZq8KiW3lpiJ/tOoU5LawNZyFHpGAzjzubLeZvwZQrWPvdIrIE 7dTKEu2eLf/u0QsfbVzzoXk= X-Google-Smtp-Source: AK7set/G0PJMuNOEDTOcZAe84NRZ185jDcHRJ4BN77grPMTFKV1FY7VZS1hxVCBXAa5XK1q6XjSR1w== X-Received: by 2002:a05:600c:22c8:b0:3dc:5032:2895 with SMTP id 8-20020a05600c22c800b003dc50322895mr1789220wmg.0.1676654167817; Fri, 17 Feb 2023 09:16:07 -0800 (PST) Received: from pfiuh07 ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id o3-20020a1c7503000000b003e20fa01a86sm5711099wmc.13.2023.02.17.09.16.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Feb 2023 09:16:07 -0800 (PST) From: Simon Tournier To: Konrad Hinsen , Guix Devel , James Thomas , Jim Subject: Re: Using Guix inside a Guix container In-Reply-To: References: <87r0utize9.fsf@gmx.net> Date: Fri, 17 Feb 2023 16:41:59 +0100 Message-ID: <87a61c5mew.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::32a; envelope-from=zimon.toutoune@gmail.com; helo=mail-wm1-x32a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: X-Migadu-Queue-Id: A91583790F X-Spam-Score: -11.34 X-Migadu-Spam-Score: -11.34 X-Migadu-Scanner: scn0.migadu.com List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-TUID: kmekhXuh1c+O Hi Konrad, On mer., 15 f=C3=A9vr. 2023 at 10:49, Konrad Hinsen wrote: > That would create a container from the Guix profile. Not sure if this > works at all, but it's very probably not what I want because I have to > add other packages to my container, to get some real work done :-) I am sure you have good reasons for doing this and I am lacking imagination to find them. :-) Which part of Guix do you need inside the containerized shell that you cannot do outside? Basically, you are authorizing the inside Guix to behave with the same permissions as the outside Guix; therefore, why this dance? Well, I understand the needs for running inside a containerized shell: restricted permissions on filestystem, use of --emulate-fhs for allowing untrusted binaries, etc. But I miss what is the need to run Guix inside a containerized shell where it has the permissions as the non-containerized shell. Considering your use-case with Snakemake, what I am doing is to wrap each rule with one containerized Guix shell which controls the permissions, rule by rule; or a big containerized shell: guix shell -C -m manifest.scm --expose=3D=E2=80=A6 where manifest.scm contains the tools of each rule and snakemake. Could you provide some details about why you also need Guix? Cheers, simon