From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Running IceCat in a container
Date: Thu, 25 Jan 2018 15:34:48 +0100
Message-ID: <87efmeuhvb.fsf@gnu.org>
References: <87vag2wopo.fsf@gnu.org> <877esh3gwd.fsf@gnu.org>
	<87tvvlrzlc.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52276)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1eeicB-0007Vh-6Z
	for help-guix@gnu.org; Thu, 25 Jan 2018 09:34:56 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1eeic7-0000lc-TO
	for help-guix@gnu.org; Thu, 25 Jan 2018 09:34:55 -0500
In-Reply-To: <87tvvlrzlc.fsf@gnu.org> (Mike Gerwitz's message of "Tue, 16 Jan
	2018 21:25:19 -0500")
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix/>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: Mike Gerwitz <mtg@gnu.org>
Cc: help-guix@gnu.org

Mike Gerwitz <mtg@gnu.org> skribis:

> On Tue, Jan 16, 2018 at 17:30:42 +0100, Ludovic Court=C3=A8s wrote:

[...]

>> But really, we should make a specific tool for this.
>>
>> Thoughts?
>
> Yes, though I'd be curious how you'd approach it---each package requires
> certain paths be shared, and those paths would further depend on user
> privacy preferences, so need to be able to be overridden.

For a start, we could simply share everything that=E2=80=99s in:

  guix gc -R $(guix build the-package)

plus /tmp/.X11-unix, maybe $PWD, and a few more.

After that we could add the option to let users define what needs to be
shared (like the =E2=80=98file-system-mapping=E2=80=99 API we already have)=
.  We could
have a predefined settings for X11 and console apps to minimize
boilerplate.  And like you write, the settings could be added as package
metadata.

Plash (Mark Seaborn=E2=80=99s POLA shell which used to live at
<http://plash.beasts.org/>) would automatically determine what needs to
be mapped based on the command line.  For instance, if you typed:

  gcc -o foo.o ~/src/bar/foo.c

then it would map ~/src/bar/foo.c as read-only and $(dirname foo.o) as
read-write.

Food for thought!

Ludo=E2=80=99.