https://pantsbuild.org/ logo
Join Slack
Powered by
Several of our plugins refer to the process sandbo...
# development
p
Several of our plugins refer to the process sandbox as 
chroot
, but the user-facing docs refer to it as 
sandbox
. Is that accurate? Are 
chroot
and 
sandbox
synonyms within pants?
b
Yes, although "chroot" also bleeds into the userspace with 
{chroot}
string replacement
🤦‍♂️ 1
p
I’m writing a rule to build the sandbox/chroot for building packages with 
nFPM
. Should I use 
chroot
or 
sandbox
? I’m thinking of using 
sandbox
since that is the more common user-facing term (
{chroot}
muddies this 😕). But most of the other plugins use the term 
chroot
when building the 
sandbox
, so I’m hesitating.
c
I think sandbox is our less official technical term to describe the chroot.
so perhaps use sandbox in prose and chroot for concrete stuff..? (maybe not very ideal situation.. 😬 )
f
I don't like "chroot" because that word tends to apply a really specific thing to me, namely a chroot jail. There's nothing that really stops code from referencing things outside that chroot (you can link libs, you can open files outside of it) so, it doesn't feel like a chroot to me.
3
👆 1
c
yea in that sense sandbox is maybe more appropriate..?
f
"Sandbox" also often implies something you can't or shouldn't be able to escape, but I'd argue it's a bit more nebulous
maybe something like "process workspace" would be best but it feels like the ship has sailed on that
b
You can get out of a sandbox. You can't get out of Jail (at least, not free, not without some kind of card 😛)
c
yea, there’s always ways, even if you’re not supposed to..
I think it’s not too bad, as the intention is that it should be as tight as a jail.. but visitors are allowed..
f
idk, you literally invoke system binaries to execute pexes
doesn't feel like a jail to me
I don't know if anyone uses naked chroots anymore outside of niche use cases, so that may not bother people as much as me
(most past uses of chroots I think have been subsumed by containers or other namespacing tools these days)
f
how about "exec root"?
c
what it is in reality is working directory
f
well working directory could be the exec root but may not be
so maybe two replacements would be useful 
{execroot}
and 
{workdir}
c
err.. realize that depending on the invoked process, my statement may be false too..
p
chroot
is a key piece of installing Gentoo Linux (which I run on my personal laptop). So, I’ve been using 
chroot
for 15 years or so.
Thus, 
chroot
is not very palatable to me in the context of pants.
I think we use working directory to refer to the checkout that the user uses, so 
workdir
also seems problemantic. 
execroot
could be fine. • 1️⃣ 
chroot
2️⃣ 
sandbox
3️⃣ 
execroot
2️⃣ 3
b
Please at least be consistent 😅
f
chroot
is a key piece of installing Gentoo Linux (which I run on my personal laptop). So, I’ve been using 
chroot
for 15 years or so.
Like I said, niche use cases 😛
😛 1
h
Yes, it is not a true chroot
I think "sandbox" is nicely evocative
👍 1
2 Views
Open in Slack
PreviousNext
Powered by