[Nix-dev] Stripped down Linux distribution based on Nix/NixOS

Ericson, John john_ericson at brown.edu
Wed May 4 20:00:23 CEST 2016 

Glad to here you switched to NixOS!

For your hydra checksum concerns see https://github.com/NixOS/hydra/pull/277
--- in short it would be nice if we had "non-deterministic derivations" for
this, but in the Eelco has just added a `fetchGit` builtin in the meantime.

I hope NixOS can somebody impose no policy and the user other than using
Nix, but rather just provide support code for every conceivable setup, so
please I hope you continue using it rather than rolling your own with Nix!
Interesting use-cases are exactly needed to pull NixOS in this direction.

On Wed, May 4, 2016 at 8:23 AM, Nahum Shalman <nshalman at omniti.com> wrote:

> On Wed, May 4, 2016 at 10:25 AM, <phreedom at yandex.ru> wrote:
>
>> On Tuesday, May 03, 2016 11:31:37 Nahum Shalman wrote:
>>
>> > I think the two most critical areas for us to work on next are:
>>
>> > 1. Shipping a kernel that enables selinux rather than apparmor. Any
>>
>> > suggestions about how to do this?
>>
>>
>>
>> I'm the person who effectively made the choice in favor of apparmor.
>> "Enabling selinux" is trivial in the sense of turning on the feature in the
>> kernel.
>>
>
> Sadly that's proving tricky to me and making me feel rather clumsy... My
> cerana-test5 branch attempts to do that but fails. I can't yet figure out
> why it's remaining disabled in spite of my changes.
>
>
>> Shipping a working and useful policy would be hard.
>>
>
> For the Cerana project it's not so bad as the Nix store will be very small
> and limited in how much it's doing so the policy for the core system will
> be very limited in scope. For the rest of the software running on the
> system we will have tools automatically generating the appropriate policies
> for sotware that will be living in the ZFS pool rather than in the Nix
> store.
>
>
>> A relevant discussion:
>>
>> http://lists.science.uu.nl/pipermail/nix-dev/2013-May/011091.html
>>
>
> I am by no means suggesting that NixOS should switch to selinux. Just that
> I want my downstream project to be able to use it.
>
> Thanks!
> -Nahum
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160504/1f3fcf34/attachment.html

More information about the nix-dev mailing list