From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Thompson, David" <dthompson2@worcester.edu>
Subject: Re: Update on GuixSD containers
Date: Fri, 12 Jun 2015 23:41:19 -0400
Message-ID: <CAJ=RwfazOfYO1cP0fPhuc1QXCA5Q2tfP3RRg8gxPAiWre9GduQ@mail.gmail.com>
References: <CAJ=RwfaX2P+VBfCVxH+LnHVNXZZPwebAi7xhE2GvUG5-SDhZGA@mail.gmail.com>
	<87bngok1vt.fsf@gnu.org>
	<CAJ=RwfYh=Jc7sxY42wa-HXu9D1CkK_un0tdPL6-JeWdu0BtNMg@mail.gmail.com>
	<87d211klr7.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35701)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1Z3cJw-0004P3-5i
	for guix-devel@gnu.org; Fri, 12 Jun 2015 23:41:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1Z3cJs-0004Jg-VL
	for guix-devel@gnu.org; Fri, 12 Jun 2015 23:41:24 -0400
Received: from mail-ie0-f182.google.com ([209.85.223.182]:34522)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1Z3cJs-0004JZ-Qv
	for guix-devel@gnu.org; Fri, 12 Jun 2015 23:41:20 -0400
Received: by iebmu5 with SMTP id mu5so34528425ieb.1
	for <guix-devel@gnu.org>; Fri, 12 Jun 2015 20:41:20 -0700 (PDT)
In-Reply-To: <87d211klr7.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel <guix-devel@gnu.org>

On Fri, Jun 12, 2015 at 11:08 AM, Ludovic Court=C3=A8s <ludo@gnu.org> wrote=
:
> "Thompson, David" <dthompson2@worcester.edu> skribis:
>
>> On Tue, Jun 9, 2015 at 5:28 PM, Ludovic Court=C3=A8s <ludo@gnu.org> wrot=
e:
>>
>>> Until there=E2=80=99s a daemon to keep track of containers, =E2=80=9Cgu=
ix system
>>> container=E2=80=9D could return the PID of the container=E2=80=99s PID1=
, to make it
>>> easier to kill it later?
>>
>> I'm actually unsure how to acquire the PID of the container's init
>> process since I clone and exec.  Any ideas?
>
> Isn=E2=80=99t it the return value of =E2=80=98clone=E2=80=99?

Oh, you're right.  I forgot that the exec() *replaces* the process,
rather than spawning a new one.  The script now outputs the PID.

>>> It=E2=80=99s a shame that only CLONE_NEWUSER is available to non-root u=
sers.  I
>>> wonder what the rationale was.  AIUI, Docker=E2=80=99s daemon performs =
clone(2)
>>> on behalf of clients, right?
>>
>> Yeah, our daemon would do the same thing.  We could maybe even have a
>> little Guile library that allows one to evaluate arbitrary scheme code
>> from within the container. :)
>
> Definitely.  Another application I=E2=80=99ve always wanted is a least-au=
thority
> shell, like Plash [0].
>
> (Speaking of which, I just found Shill [1], which seems similar to Plash
> and even has a to-do item regarding package management [2] and is
> written in Racket; unfortunately it runs on FreeBSD, for Capsicum.)

That's really cool.  Using a container + user-specified shared
directories we can achieve something like this, I think.

- Dave