[Nix-dev] Re: FOSDEM meeting summary
Ludovic Courtès
ludo at gnu.org
Thu Mar 13 23:56:14 CET 2008
Hi,
Andres Loeh <andres at cs.uu.nl> writes:
> Sorry for the long delay. I've finally typed in the summary
> of our FOSDEM meeting.
Thanks, that's informative and nice for those of use who weren't able to
attend!
> - implement an strace/ptrace-based purity checker for Nix packages
Have a look at Plash, http://plash.beasts.org/. It allows the creation
of sandboxed processes and provides an easy interface to control the
creation of the sandbox' file system.
Example:
pola-run /foo/the-program \
-f /bin/sh \
-t /foo/the-program /usr/bin/the-program \
-tw /home/foo ~/.home-for-the-program
This runs `/usr/bin/the-program' in a file system as follows:
/bin/sh (read-only)
/foo/the-program (read-only, mapped from `/usr/bin/the-program')
/home/foo (read-write, mapped from `~/.home-for-the-program')
So it would be easy to hide anything beyond `/nix/' and `/bin/sh'.
Thanks,
Ludovic.
More information about the nix-dev
mailing list