Hi again :)

ludo@gnu.org (Ludovic Courtès) writes:

> Howdy!
>
> Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>
>> Ricardo Wurmus <rekado@elephly.net> writes:
>>
>>> Ludovic Courtès <ludo@gnu.org> writes:
>>>
>>>> Those who didn’t have the luck to be at FOSDEM missed this not-so-visual
>>>> demo I made of a Shepherd service running in a container.  :-)
>>>>
>>>> I’ve polished the thing on my way back and pushed the result, using
>>>> BitlBee as an example:
>>>>
>>>>   http://git.savannah.gnu.org/cgit/guix.git/commit/?id=63302a4e55241a41eab4c21d7af9fbd0d5817459
>>>>   http://git.savannah.gnu.org/cgit/guix.git/commit/?id=a062b6ca99ad61c9df473fe49a93d69f9698c59d
>>>>
>>>
>>> This is very cool!  I’m amazed at how you got this ready in time for
>>> your talk.  I’m sure you didn’t just keep this under wraps for weeks :)
>>>
>>
>> +1. I can see myself experimenting with this for SSH soon. Thanks for
>> providing the bits required to do this and sharing!
>
> SSH may be more difficult because (1) sshd (OpenSSH) already does a good
> job at isolating itself, and (2) user who log in want to have the full
> authority of their account.
>

I'm looking at a very simple use case which shouldn't require access to
much outside of the network: reverse port forwarding. For this specific
use case, I'd rather have a specific instance of SSHD serving that
purpose and not having access to my full system.

> Anyway, it’d be nice to see how much we can get from this!
>
> Ludo’.

Thanks for your response,

Maxim