Running untrusted code as root in a `guix system vm`?

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Running untrusted code as root in a `guix system vm`?

From:	Ben Weinstein-Raun
Subject:	Running untrusted code as root in a `guix system vm`?
Date:	Fri, 29 Dec 2023 23:40:50 +0000

Hello!

I'm considering running some software inside a VM created using `guix
system vm`. The easiest thing to do would be to run the virtualized
software as root. Normally I wouldn't think twice about that, but iiuc
the guest will have the host's /store mounted. Am I right that this
should make me nervous about running untrusted things as root in the VM?
Or is there some trick by which a root process in the VM is prevented
from destructively changing /store?

Thanks!

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Running untrusted code as root in a `guix system vm`?, Ben Weinstein-Raun <=

Prev by Date: Re: torbrowser
Next by Date: Re: A simple question about the Guix logo.
Previous by thread: Instructions for generating the exact ISO on homepage
Next by thread: Some methods of getting a "login shell" do not create /run/user/<uid> or add a session to loginctl
Index(es):
- Date
- Thread