From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37539)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1etH95-000069-N1
	for guix-patches@gnu.org; Tue, 06 Mar 2018 13:17:04 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1etH94-00033W-4U
	for guix-patches@gnu.org; Tue, 06 Mar 2018 13:17:03 -0500
Received: from debbugs.gnu.org ([208.118.235.43]:40093)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1etH94-00033P-0D
	for guix-patches@gnu.org; Tue, 06 Mar 2018 13:17:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1etH93-0000tf-Nh
	for guix-patches@gnu.org; Tue, 06 Mar 2018 13:17:01 -0500
Subject: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd.
Resent-Message-ID: <handler.30256.B30256.15203602003416@debbugs.gnu.org>
From: Mike Gerwitz <mtg@gnu.org>
In-Reply-To: <878tb5zes8.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Tue, 06 Mar 2018 11:20:23 +0100")
Date: Tue, 06 Mar 2018 13:07:52 -0500
Message-ID: <87efkx84cn.fsf@gnu.org>
References: <87vag2wopo.fsf@gnu.org> <cover.1516937216.git.mtg@gnu.org>
	<7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@gnu.org>
	<87tvtyhhnd.fsf@gnu.org> <877equgxx7.fsf@gnu.org>
	<87zi3p9q1w.fsf@gnu.org>
	<87y3j7btwp.fsf@gnu.org> <87tvtv32ec.fsf@gnu.org>
	<87d10ibds4.fsf@gnu.org> <878tb5zes8.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 30256@debbugs.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 06, 2018 at 11:20:23 +0100, Ludovic Court=C3=A8s wrote:
> Mike Gerwitz <mtg@gnu.org> skribis:
>> Currently, I'd have to write a package definition to add a wrapper; that
>> wouldn't be done automatically for me.  But considering a functional
>> package manager, it'd be an interesting problem to try to get around
>> that.  And you don't want containerized versions of _every_
>> package---that's some serious bloat.  Unless maybe they're packages that
>> are generated from existing package definitions (in some
>> yet-to-be-defined manner), and maybe those packages have a special
>> containerized output (in addition to `out',
>> e.g. `icecat:container').  (I suppose short-term, such outputs can be
>> created manually for select packages.)
>
> I was thinking =E2=80=98guix package=E2=80=99 could create those wrappers=
 automatically
> based on a number of criteria: a package property could request
> containerization, command-line options could disable that, and so on.

Yes, I'd much prefer that.  That package definition might not be able to
infer certain things, so we'd need to be able to specify e.g. paths to
include in the container.  Preferably overridable as well---for example,
I don't share ~/.cache/mozilla/icecat with the container (I want it to
be ephemeral), but other users may prefer to.

>> Just spewing thoughts.  I'm still not well-versed in Guix.  So maybe
>> `guix run` is a good starting point and can be used by a wrapper in the
>> future.  It also allows users to containerize something optionally---for
>> example, maybe a user doesn't want to containerize their PDF reader, but
>> if they are opening an untrusted PDF, they'll want to.  A GNOME context
>> menu option to say "Open in isolated container" (sorta like Qubes)
>> sounds attractive.
>
> Yeah, though I very much think least authority would be a better default
> than ambient authority.  :-)

I agree for my needs; I suppose we'd need to see what downsides exist
from containerization (if any) that might make the user think
otherwise.  If containerization by default is suitable, then there may
be no need to provide a non-container option, so long as the user can
choose paths to share with the container (and network access).  This is
sounding more like an AppArmor type of permission system.  (Without the
AppArmor, of course.)

=2D-=20
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJantj5AAoJEIyRe39dxRuiflEQAKYItQrmMaqSrzQG40iELks9
623kK0dFwe/49HHdEDs7qye2u0uSigDrMDR/xMivOFDdbvZ6z+7Jmlg5E0Dhrex6
SSJoQTCKmXcitPRnUXqeVsaj2VN8bcaMxVdzTixxtwHtEKKGfm/503k9K2RxB9o7
1aMgYTMHZPHN8vhCT2EZ4Us1x8RR8TXyjNUpjo989NvoQJxqz33fPjjgUMjrQZE+
aKzCTNKyMrVoU6lzuMsilMvavQ2wfBKv+Z1qOHTo9UDCwvurQe4rAwaUQ+NK0vyH
peyiHWFsh7hd9e18hv4GmGWY9kLfclE8guX/tHPmRWElIClkREezpIbGqT7gYdLE
17SZhe1wPORZT5WDEASikYsWVBvFDZRWy2hxP41Xe8K1LaFbwJf+zAcGkxWaJd0F
OuLtdOFopWpnNRmiZwzxdkWLaEU+UCoNU5jI2Z/WKenE7+gkikaJkuWlqiB6C1+F
XLzwhaQrf2JMzF29Iyg6Z6vDZ03t1aAlTNYCjFZIwupAYY+SXh+YZRkQuChOOx8X
gV4WZXg3PidPCZLpol508kXt9KwQPbmp+5qZJaz9rvhNP4Zw2ZoCRPFHUIWHg5Zt
lzz1Pt+axRT2Z+sBMmeGiGMeXbMwiS0JYbJNfITj2IKu08xM2yA0A+DrYs66+KfP
Gzl0uOYdRxXVcup3oiNy
=6Kf3
-----END PGP SIGNATURE-----
--=-=-=--