Is there an equivalent of ‘guix environment --container’ in nix that can run a command in a “ad-hoc” container?
Short answer: no.
Long answer:
I think this is what @edolstra wants to integrate into nix run though:
https://github.com/NixOS/nix/issues/2154#issuecomment-388753582
I build something for VMs: GitHub - Mic92/nixos-shell: Spawns lightweight nixos vms in a shell There was also a system-nspawn aquivalent somewhere…
Is this on the roadmap? That feature would be nice.
I’m not sure whether it’s similar to what the OP meant, but I’ve written something like this a while ago to sandbox proprietary games:
It’s not yet very extensive, but the basic usage is like this:
{ pkgs ? import <nixpkgs> {} }:
let
vuizvuiPkgs = import ("${builtins.fetchTarball {
url = "https://github.com/openlab-aux/vuizvui/archive/"
+ "cffd945c9a8b00164a3240f92be81bfcb821ec4d.tar.gz";
sha256 = "0zfg1k1cvgs4c662ma2s2qagpigbwp3583m9lgn1l0bq7bk9wgz3";
}}/pkgs") { inherit pkgs; };
in vuizvuiPkgs.buildSandbox (pkgs.writeScriptBin "sandbox-me" ''
#!${pkgs.stdenv.shell}
${pkgs.coreutils}/bin/ls -l "$HOME"
'') {}
The first argument is the derivation, where every executable in $out/bin
is wrapped and the second argument are various flags.
However, this still has a few shortcomings, eg. right now the full /etc
and /run
are bind-mounted (although read-only) and some other things™ need to be improved.