From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxim Cournoyer Subject: Re: Running services in containers Date: Mon, 13 Feb 2017 22:01:11 -0800 Message-ID: <87mvdp2tw8.fsf@gmail.com> References: <87d1euaxis.fsf@gnu.org> <87tw85lxq5.fsf@elephly.net> <8737fi6gd1.fsf@gmail.com> <871sv2dv0w.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48333) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cdWAm-0004yf-MM for guix-devel@gnu.org; Tue, 14 Feb 2017 01:01:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cdWAl-0002tx-Cq for guix-devel@gnu.org; Tue, 14 Feb 2017 01:01:08 -0500 In-Reply-To: <871sv2dv0w.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 13 Feb 2017 15:29:03 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi again :) ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Howdy! > > Maxim Cournoyer skribis: > >> Ricardo Wurmus writes: >> >>> Ludovic Court=C3=A8s writes: >>> >>>> Those who didn=E2=80=99t have the luck to be at FOSDEM missed this not= -so-visual >>>> demo I made of a Shepherd service running in a container. :-) >>>> >>>> I=E2=80=99ve polished the thing on my way back and pushed the result, = using >>>> BitlBee as an example: >>>> >>>> http://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D63302a4e55241= a41eab4c21d7af9fbd0d5817459 >>>> http://git.savannah.gnu.org/cgit/guix.git/commit/?id=3Da062b6ca99ad6= 1c9df473fe49a93d69f9698c59d >>>> >>> >>> This is very cool! I=E2=80=99m amazed at how you got this ready in tim= e for >>> your talk. I=E2=80=99m sure you didn=E2=80=99t just keep this under wr= aps for weeks :) >>> >> >> +1. I can see myself experimenting with this for SSH soon. Thanks for >> providing the bits required to do this and sharing! > > SSH may be more difficult because (1) sshd (OpenSSH) already does a good > job at isolating itself, and (2) user who log in want to have the full > authority of their account. > I'm looking at a very simple use case which shouldn't require access to much outside of the network: reverse port forwarding. For this specific use case, I'd rather have a specific instance of SSHD serving that purpose and not having access to my full system. > Anyway, it=E2=80=99d be nice to see how much we can get from this! > > Ludo=E2=80=99. Thanks for your response, Maxim --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAliinScACgkQEmDkZILm NWJISxAAk4GoJxkeIDRN9nMMEaC7snnbkeyHdfY16CPoe+2iCh8lfa0HZmocQr6T 2abIFkfEkzXDecqg71l6zHgTSVw1nodQ8PNhA1jMPG4YBW1VkVBmMq3Gx5gGOzLr laxKHcpWsdKjrckzozAbiKprHUTSyBdZicfL1ethvZkdrcDM4mUSN4HIfXRiNvOC OzoHLB0e5wdJkc5guJJOv6fueWH+CJnza3SJtxshTLYSAtKPlTnXTLDCwKZrAXeY Ytxqemwsaec/pb6zYVdx6Bu3MDwPFR/FmcysPUWp9J7CRZa6Ujhg8Uu5vXl34y2b f2Nuj+7YP6eJ5NIM7UWt5Eii7WatVq09LQuL52qU9zUvWdgDGOwK2DWqrDqSewjk NCtkI1rDc8LSwTxR0gePiuFmJan5H1weAiB7ptK/0GXTTIRpNE7Xl6p5rM53F2lV J2Nm4HLIEPYhJ0ksvpkz4/cD/iHRxhldoYk3yq7mho6sY2Q34vkEoMq2hOBtJTfu sEYJ8Miz01vv0ZQpsNiBPbF4OotUdVC6LIjSJlNa1Ppf+uCnYdDspFvFITUTx0eJ Ra56ouKlExS/iUfpJ/+qkcYUNXQkCYEiIWtoi5SpdlBPSkmFciPTl84FSOXzhnbV aKdOmiytNyg8ljL4Tvoob7wV2/qcFUDv4Zwo2/f8tEAp6bYBwZI= =jH5l -----END PGP SIGNATURE----- --=-=-=--