[mshal]

Have you tried Rendaw's lua branch at all? I'm curious if that would remove your need for the 'run' command. At some point that will be merged to the mainline. Here's his tree: https://github.com/Rendaw/tup

Is the "Line too long" error an error message from tup, or from the shell when it tries to fork a process? If it's the latter I'm not sure there is an easy fix. If it's the former maybe I was just lazy when implementing something :)

You can run sub-processes in a chroot by specifying a flag (search the man page for 'run inside a chroot'). This will prevent the fuse paths from leaking to sub-processes, but unfortunately it requires the tup executable to be suid root. (If it didn't need suid, this would be the default).

[chubot]

Instead of making the tup process setuid root, just have a small chroot helper that is setuid and shell out to that. That way the entire tup codebase doesn't have to be trusted as root.

It still requires root for installation, but you can basically solve the security problem.

[Peaker]

I didn't try the Lua branch, that sounds OK. Though I'd really prefer to use Haskell :)

IIRC, the "line too long" was from tup.

I think the abstraction may have leaked after specifying the flag and using the setuid tup. But I may be wrong here.