| ▲ | ogUsername 2 hours ago | |
That's hard given most apps have dependencies and often share them. It will always look like curl is available or bash or something What's wrong with another user account for such isolation? They can be isolated to namespaces and cgroups. Docker and Nix are just wrappers around a lot of OS functionality with their own semantics attempting to describe how their abstraction works. Every OS already ships with tools for control users access to memory, disk, cpu and network. Nix is just another chef, ansible, cfengine, apt, pacman Building ones own distro isn't hard anymore. If you want ultimate control have a bot read and build the LFS documentation to your needs. Nothing more powerful than the raw git log and source. Nix and everything else are layers of indirection we don't need | ||
| ▲ | otabdeveloper4 2 hours ago | parent [-] | |
> Nix is just another chef, ansible, cfengine, apt, pacman No, because Nix code is actually composable. These other tools aren't. | ||