'guix environment --container' equivalent

Is there an equivalent of ‘guix environment --container’ in nix that can run a command in a “ad-hoc” container?


Short answer: no.

Long answer:

I think this is what @edolstra wants to integrate into nix run though:



I build something for VMs: GitHub - Mic92/nixos-shell: Spawns lightweight nixos vms in a shell There was also a system-nspawn aquivalent somewhere…

Is this on the roadmap? That feature would be nice.

I’m not sure whether it’s similar to what the OP meant, but I’ve written something like this a while ago to sandbox proprietary games:

It’s not yet very extensive, but the basic usage is like this:

{ pkgs ? import <nixpkgs> {} }:

  vuizvuiPkgs = import ("${builtins.fetchTarball {
    url = "https://github.com/openlab-aux/vuizvui/archive/"
        + "cffd945c9a8b00164a3240f92be81bfcb821ec4d.tar.gz";
    sha256 = "0zfg1k1cvgs4c662ma2s2qagpigbwp3583m9lgn1l0bq7bk9wgz3";
  }}/pkgs") { inherit pkgs; };

in vuizvuiPkgs.buildSandbox (pkgs.writeScriptBin "sandbox-me" ''
  ${pkgs.coreutils}/bin/ls -l "$HOME"
'') {}

The first argument is the derivation, where every executable in $out/bin is wrapped and the second argument are various flags.

However, this still has a few shortcomings, eg. right now the full /etc and /run are bind-mounted (although read-only) and some other things™ need to be improved.

1 Like