Hi,
Maxime Devos <maximede...@telenet.be> skribis:
> It might be possible to modify 'make-forkexec-constructor/container' to call
> (exec-command (cons* newuidmap ARGUMENTS-TO-NEWUIDMAP command) ...),
> where newuidmap is (search-input-file "newuidmap" '("/run/setuid-programs"
> "/usr/sbin" "/sbin")).
> That path should work on Guix System and many foreign distro, presuming the
> distro
> is configured to make "newuidmap" setuid.
That looks like opening the door to reproducibility issues.
If we wanted to take that route, it might be slightly more aesthetically
pleasing to rely on a service such as Bubblewrap, but the
non-self-containment issue remains.
Ludo’.
