• ivn
    link
    fedilink
    arrow-up
    17
    arrow-down
    1
    ·
    5 months ago

    It build in a sandbox, but it’s not run in a sandbox.

    • Vilian@lemmy.ca
      link
      fedilink
      arrow-up
      2
      arrow-down
      3
      ·
      5 months ago

      I don’t understand, if you run a program inside the sandbox and the program ask for a library, the kernel need to map the library from inside the sandbox to the program, that overhead that I’m talking about

      • Laser@feddit.org
        link
        fedilink
        arrow-up
        21
        arrow-down
        1
        ·
        5 months ago

        This is not how NixOS works. Programs directly link against libraries in the store. There is no sandbox by default when running the binaries.

      • ivn
        link
        fedilink
        arrow-up
        16
        ·
        5 months ago

        But it’s not run in a sandbox. I’m not sure where you get this from.