From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andy Wingo <wingo@igalia.com>
Subject: Re: Profiles/manifests-related command line interface enhancements
Date: Tue, 12 Nov 2019 09:55:27 +0100
Message-ID: <87ftit324g.fsf@igalia.com>
References: <87mudrxvs8.fsf@ambrevar.xyz> <87mudd59ho.fsf@gnu.org>
 <877e4glyc3.fsf@ambrevar.xyz> <m18souet41.fsf@khs-macbook.home>
 <87v9rxx8ri.fsf@gnu.org>
 <m11ruk1640.fsf@ordinateur-de-catherine--konrad.home>
 <87d0e4oy51.fsf@ambrevar.xyz>
 <m1v9rwym48.fsf@ordinateur-de-catherine--konrad.home>
 <878sop6icq.fsf@gnu.org>
 <m18sooyswk.fsf@ordinateur-de-catherine--konrad.home>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:43437)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <wingo@igalia.com>) id 1iURxu-00065n-Ut
 for guix-devel@gnu.org; Tue, 12 Nov 2019 03:56:00 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <wingo@igalia.com>) id 1iURxt-0007oa-7p
 for guix-devel@gnu.org; Tue, 12 Nov 2019 03:55:58 -0500
In-Reply-To: <m18sooyswk.fsf@ordinateur-de-catherine--konrad.home> (Konrad
 Hinsen's message of "Sun, 10 Nov 2019 10:36:43 +0100")
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Konrad Hinsen <konrad.hinsen@fastmail.net>
Cc: guix-devel@gnu.org

On Sun 10 Nov 2019 10:36, Konrad Hinsen <konrad.hinsen@fastmail.net> writes:

> One direction could be to add a sandboxing feature to Guile, which would
> be nice-to-have for other uses as well if Guile is to become a
> general-purpose systems scripting language. There are some interesting
> ideas in shill (http://shill.seas.harvard.edu/) for this scenario.

I wrote this for that purpose:

  https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html

However I can't recommend it as a robust security layer because of the
weaknesses in the heap allocation limit; discussed in the page above.

I agree that Shill has some great patterns that go beyond what Guile or
Guix has, and that adopting some of them is a really interesting idea
:-)

I admit that I was a bit depressed at the impact that Spectre et al has
had on language-level sandboxing abstractions :-( and haven't much
pursued this line since then.  In practice Guix's "containerized" build
jobs are much more effective than in-language barriers.

Cheers,

Andy