Hi Eric, Eric Bavier <ericbav...@centurylink.net> skribis:
> On Thu, 20 Dec 2018 11:19:07 -0500 [...] >> > Run icecat, a browser, in a container with >> > >> > guix environment --container --network --share=/tmp/.X11-unix >> > --ad-hoc icecat >> > export DISPLAY=":0.0" >> > icecat >> >> Is there a way to do this automatically? ie: you don't have to type >> guix environment --container .... icecat? You just type "icecat?" > > That is the major advantage Firejail has over 'guix environment > --container' currently. It contains a large collection of "profiles" > for different applications, specifying how exactly to jail them so that > they can still function. We also discussed “guix run icecat” as a simpler option: https://lists.gnu.org/archive/html/help-guix/2018-01/msg00108.html ‘guix run’ can guess parts of the profile, like whether the application needs X11 or Fontconfig stuff, just by looking at the references of the application. That said, I’m curious to see what the Firejail profiles look like and to what extent we’d need to manually annotate packages if we were to provide similar functionality. Firejail looks nice! Ludo’.
