Neil Mitchell
Neil Mitchell
Turning this issue into a task to more generally try and make it easier to keep the prelude and binary in sync.
Landlock does seem plausible - I imagine we'd have a trait representing the isolation mechanism, since Bazel has a number of options to choose from with various trade offs. Landlock...
The Bazel folks seem to have spent a lot of time doing sandboxing implementations - ideally we just get a Rust library that supplies everything and is cross-platform and we...
@burdiyan - that is only for C++. And it's really being done to make sure private headers don't leak too much - so even though the action has access to...
I can think of three ways to go: 1. Have inherited env vars as @thoughtpolice suggest. I think the issue with that is really the NIX_ENV_VAR_PREFIXES field. That seems a...
Is it likely that some people would want the whole Nix hermetic toolchain (which should certainly be available) and some other Nix users would want to just use direnv? If...
OK, so this seems a complicated issue. It would be great to make some progress on it. * @davidbarsky - are you saying that if we land a variant of...
I think there are some nightly features we are using for bad reasons, or where the alternative is not that much worse. Those can go. Think https://github.com/thoughtpolice/buck2/commit/c69f195e0e85d9de994358723bd1f7a40f0143eb. There are some...
@thoughtpolice - are you planning to follow up on this or should we close it?
Agreed, definitely a hole in our documentation.