Start a nix-shell with only the current directory mounted (similar to a container)

Question

I am looking for a way to launch a shell with specific packages installed within, but no unnecessary access to the rest of the system, i.e:

Only the current directory (pwd) mounted, no access to other parts of the filesystem*
Only the requested packages being available*, plus the shell
Being able to disable network access would be a plus
Generally no access to other parts of the system*
So I'm looking for an environment similar to what can be achieved with docker: (or podman, etc...)
```
docker run -it -v "$PWD:/pwd" -w /pwd $someImage
```
or Guix:
```
guix shell --pure --container --network $somePackage
```

*except strictly necessary ones

Is this possible with nix? The advantage would be that storage for the contents of packages is shared with the host system, familiarity with the system, and so on; and, compared to guix, that Nix has a lot more packages available..

I think you look for something like a jail – djdomi Apr 09 '23 at 18:35 — djdomi, Apr 09 '23 at 18:35

score 0 · Answer 1 · answered Apr 10 '23 at 08:50

0

containers' underlying technologies are chroots and namespaces which you can use to achieve what you're looking for.

The chroot part which will limit filesystem view is often called a jail (by analogy with BSD), network access can be restricted via namespaces.

However, if you're looking for a copy-pastable solution, I'd highly suggest you stick with containers which will wrap most of it for you.

answered Apr 10 '23 at 08:50

Ginnungagap

2,595
10
13

This is a question about `nix-shell` specifically. – P Varga Apr 11 '23 at 07:04

Start a nix-shell with only the current directory mounted (similar to a container)

1 Answers1