Re: guix pack isolation

[Kyle Andrews]

Simon Tournier <zimon.toutoune@gmail.com> writes:

> About squashfs (Singularity container), you can try:
>
>     guix pack -f squashfs python python-numpy bash-minimal -S /bin=bin
>
> which will produce a compressed squashfs that you then import with
> Singularity.

This is pretty much what I had tried minus the `-S /bin=bin' part which
I don't understand. Thankfully, reading the manual informs me that:

```
‘guix pack -f squashfs’ always implies ‘-S /bin=bin’
```

So, atleast I don't have to understand it yet.

> I do not have Singularity at hand, let demo with Docker
> which is very similar.

Too bad! My system admistrators are against running Docker on the
cluster. The "relocatable" option didn't seem relevant to me since it wouldn't 
apply any file system isolation.

> $ docker run -ti python-python-numpy-bash:latest python3

The arguments in this command atleast gave me an idea. Maybe I am just
ignorant about how singularity works? I didn't know what -ti could
possibly mean without first looking them up. Maybe I just need to add
some additional arguments to singularity exec?

Arguments in the manual which look particularly interesting to me are:

--contain
--containall
--bind=/path/to/shared/file/system/location
--no-home
--workdir

=>
https://docs.sylabs.io/guides/3.1/user-guide/cli/singularity_exec.html

If you or anyone else have have any tips on how to best mimic the
behavior of the analogous `guix shell' command with an `singularity
exec' call I would use if guix was available, I am all ears.

Thanks,
Kyle