Skip to content
This repository was archived by the owner on Feb 25, 2026. It is now read-only.
This repository was archived by the owner on Feb 25, 2026. It is now read-only.

Isolate the Evaluator #6

Open
Open
Isolate the Evaluator#6
Milestone
Usable MVP
@nrdxp

Description

@nrdxp
nrdxp
opened on Aug 23, 2024

It's quite simple:

#!/usr/bin/env bash

cmd="$(readlink -f "$(command -v "$1")")"

shift

NIX_CONFIG="$(nix config show)"
export NIX_CONFIG

bwrap --ro-bind /nix /nix \
      --bind "$PWD" /work \
      --chdir /work \
      --dev /dev \
      --proc /proc \
      --tmpfs /tmp \
      "$cmd" "$@"

to put the evaluator into a context where it has no access to the host file-system beside the current directory. This example uses bubblewrap, but eka should be smart enough to perform certain operations in isolation in general, while also extending this concept to the future Eos backend.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions