Hi, I'm at last in shape (well me and the recipe) to look at this request seriously. Sorry for being so slow.
First, could you please clarify some generalities for me ?
- I'm a bit confused by the jailroot terminology. Do you have something specific and hard in mind (such as a chroot or lxc container), or is this just about promising not to leave some directory, and therefore be admissible for a chroot ?
- I'm not sure to understand the use-case for the she-bang change. I'm used to control the she-bang by bootstrapping with the intended python. What's the difference here ? I got the "no modification of files" and find it a great perspective, but how does it play with the custom shebang (maybe a concrete example making the difference between building and running would help).
For the record, I've been playing with debian repackaging of buildouts lately, and I wonder if it would not precisely been served well by such features. Could it allow, e.g, to build on a CI worker in a certain directory and then run transparently in another ?
This could also be exactly what SlapOS (a distributed cloud system based on zc.buildout) would need
Hi, I'm at last in shape (well me and the recipe) to look at this request seriously. Sorry for being so slow.
First, could you please clarify some generalities for me ?
- I'm a bit confused by the jailroot terminology. Do you have something specific and hard in mind (such as a chroot or lxc container), or is this just about promising not to leave some directory, and therefore be admissible for a chroot ?
- I'm not sure to understand the use-case for the she-bang change. I'm used to control the she-bang by bootstrapping with the intended python. What's the difference here ? I got the "no modification of files" and find it a great perspective, but how does it play with the custom shebang (maybe a concrete example making the difference between building and running would help).
For the record, I've been playing with debian repackaging of buildouts lately, and I wonder if it would not precisely been served well by such features. Could it allow, e.g, to build on a CI worker in a certain directory and then run transparently in another ?
This could also be exactly what SlapOS (a distributed cloud system based on zc.buildout) would need