From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 23 10:48:12 2020 Received: (at submit) by debbugs.gnu.org; 23 Aug 2020 14:48:12 +0000 Received: from localhost ([127.0.0.1]:54897 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9rI4-0004QI-D3 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 10:48:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:60834) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9nKJ-0007Q3-TR for submit@debbugs.gnu.org; Sun, 23 Aug 2020 06:34:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38238) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9nKJ-0000Q8-Mj for bug-guix@gnu.org; Sun, 23 Aug 2020 06:34:15 -0400 Received: from mail-oln040092254047.outbound.protection.outlook.com ([40.92.254.47]:6110 helo=APC01-PU1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9nKG-0005Rd-6S for bug-guix@gnu.org; Sun, 23 Aug 2020 06:34:14 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zj/ynGM3WP4k3KLcUgV8nI4w9x4wW+x7rT/paeRB+R3wKF38JxgDscF7IT6j4TtMvg11ZYXnFC2byvw9+geuK9H/65eXGnE0keLVsWRPG9SROgvZ/JOreATxRfQ0nXVvgNeEb8reheh82QQd9n66Gmcza5UXVrsLXHCUOdofK7suB6Z95JeuCNvZfc8KLTpU++a7fwdX3xaJDnDHCiYT0yK3a+9q1b99MYKJcYBi50mtXFtcknsHvix0D67BCwGvAiSRJNVBg/Q1PUfyF+QTpUDWm87j1/nLzxYV2llL5KHO/JM+NeVBUQfbOTS2IcOY91hB7r1a+FC48y285rU9lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z/eo+mrhHv9vd5h45+K01q1j4/6bIuP5TD0JSnOlK0k=; b=LU1ieVEEEzE6tBLfpBwwBmoIs62DxoCdms29PPDRZMBg5gwi3NK8VXVVDGmsrEzryBkAaPpAKcxqmjEFMRhnh3vlFYsEiAMUgzqAqPuDP3pgCR7lR+GLTxRpWqMGBeyqvmJWJKJnZEMi3vR0D4BRc0FtQhhi7weLSPq9kmDRFLdDUoGoN0my4GlC27uGbiGN5vsKr/CWzM3vZ9fG9vd4ququ6GIXc7mxpNI89iY+1VB1z0SrchUF760dWPb+aZsoJ5OeP/Cy32I3hxjRoekfnRhizLQc69yekl0ugj/Gk82In7JVBhzh7U8UTPyQN6zfkN6/hh1x/y7NALcrwRUbKA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z/eo+mrhHv9vd5h45+K01q1j4/6bIuP5TD0JSnOlK0k=; b=DhS0xDeG8MYaNcsAScXRWhAbyskmYOhlFose9K5bTuoF6E/pD1kBFz2aVl/axmqr5oG3DrlupPwaTGV1aCwp389l5sQuns90L9hkrSHPVlIAFfkmZqFTU1vTECeUPGY0yRQ8R34BW2lk3EVzvwhwhEYmdRFB1Uhl2ZOqesK7Sohcla+ByRrs9/p9/x87Lkbk8OmTVGDsO7CIU1/jQhhdquHumQ5adLHPLIG5S1/K3OsWAcF202ETnzRU29Ipw4vqK1rf98WKZcyt2qWWB9vUwRVxrOh9cbBvxUKxT0GgAY7MuzT7ALrVY6AWjW5zDGB7y0Lr3gklJ46VdEdGkv96rA== Received: from HK2APC01FT011.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::52) by HK2APC01HT114.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.24; Sun, 23 Aug 2020 10:18:54 +0000 Received: from PSXP216MB0136.KORP216.PROD.OUTLOOK.COM (10.152.248.54) by HK2APC01FT011.mail.protection.outlook.com (10.152.248.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.24 via Frontend Transport; Sun, 23 Aug 2020 10:18:53 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:14346FD862DF7304CD5F0E9EF3ED8FA09B8372059EDA62C341A93630953AF3F4; UpperCasedChecksum:4C707EF278F126D014F8B1D2036AF34D3184D2C77C9F05C414DE107EB581D912; SizeAsReceived:7196; Count:44 Received: from PSXP216MB0136.KORP216.PROD.OUTLOOK.COM ([fe80::11fb:8c34:261d:322d]) by PSXP216MB0136.KORP216.PROD.OUTLOOK.COM ([fe80::11fb:8c34:261d:322d%3]) with mapi id 15.20.3305.026; Sun, 23 Aug 2020 10:18:53 +0000 Date: Sun, 23 Aug 2020 18:18:49 +0800 From: luhux To: bug-guix@gnu.org Subject: icecat can escape from `guix environment --container` Message-ID: Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-ClientProxiedBy: HK2P15301CA0018.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::28) To PSXP216MB0136.KORP216.PROD.OUTLOOK.COM (2603:1096:300:14::13) X-Microsoft-Original-Message-ID: <20200823101849.GA545@tencent> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (119.45.133.18) by HK2P15301CA0018.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.0 via Frontend Transport; Sun, 23 Aug 2020 10:18:52 +0000 X-Microsoft-Original-Message-ID: <20200823101849.GA545@tencent> X-TMN: [+VKfrr4Eqz7iJPtS9Yx6XRGOnOG+1HeI] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 44 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 40213f2a-e800-44ff-3b33-08d8474def6f X-MS-TrafficTypeDiagnostic: HK2APC01HT114: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2hVH+Vm5yhTXotwPGpfcmhO8OCtzHqtW8bcQJ9Gmjgo2hFVvuo6XsgweJqAjJwepoRtqoTCl/mvZD7ZGHkaXm+G9AlXg1JQryaFfatsX95tBhKxvKet42HE/7+NBDol7CK1G+Vz0icTgabrNnc2vhDTvFfki6ar8d9hdzev1A5gVI3MxuNEhRirP6jlW7D5WYVAHozIXd6gY8ArXTIVoEw== X-MS-Exchange-AntiSpam-MessageData: jyu4ZNSvgfroPBVcWaC9h9xROMkiw1uxQhfW1AHAf/sNHr8ritPdaTO0Qp/zW+mAvgE6b9VxsNUNxPtnUdZU2kxOGyupsZr0NPUWwncg5jAF0QqPygY1XZaTDI4PFYOJYpZuQZqHfZjKvXo8dLuVUQ== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 40213f2a-e800-44ff-3b33-08d8474def6f X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2020 10:18:53.8388 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT011.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT114 Received-SPF: pass client-ip=40.92.254.47; envelope-from=luhux@outlook.com; helo=APC01-PU1-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/23 06:34:08 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -0.1 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 23 Aug 2020 10:48:11 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) I am using guix environment --container to isolate some programs that are prone to leak information. guix environment --container works well in freerdp and other programs until I use guix environment --container to containerize icecat, Steps to reproduce: guix environmnt --container (...some options...) --ad-hoc icecat Select the address bar and write:'file://' and then access, icecat can still access the content outside the container. Please forgive me for some inappropriate words. My English is not very good. luhux From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 23 11:39:06 2020 Received: (at 42996) by debbugs.gnu.org; 23 Aug 2020 15:39:06 +0000 Received: from localhost ([127.0.0.1]:54926 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9s5K-0005ho-E7 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 11:39:06 -0400 Received: from lepiller.eu ([89.234.186.109]:43084) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9s5I-0005hf-Ac for 42996@debbugs.gnu.org; Sun, 23 Aug 2020 11:39:05 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 7d85273d; Sun, 23 Aug 2020 15:39:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=EhjqV0YsPhlPpecUREZlWkk+qsKqHvwPxYLEs8FBh1M=; b=hq8OWNd687Rx F7gIJQ6JJi0lHBfHsCUgLO5KT1+lQX2+MHIPLBzfbIfr0zSg/Wp0vysmS/mARhe0 52/xAlfYe9q98bNfa8MB6yUivMboTZVUcRvj9sBUEAuOZiajL+UDOPYNuVj5H1te fCauxqH8RIDjDFIDgrTsndIktAatmAr8NSvYw6mBhtjFP6w70L2wmdCQUKObzQGK YSktAtwI1X1jb4gUYQpkOqwOgZYMz5U4GX03QlVdssqoSmM3OH5llRm8qJjbmeKf jKIOnFRsOqjTNDLZvY6dND5Ftm+X0LL3JbQZ5ozISMHMsDO+kAR8jm5bLEH+V4aa 01MoytKjmA== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id cd625499 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sun, 23 Aug 2020 15:39:01 +0000 (UTC) Date: Sun, 23 Aug 2020 11:38:47 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----GBW2TVI2GV43P01MQ2PCJOWICBSTVM" Content-Transfer-Encoding: 7bit Subject: Re: bug#42996: icecat can escape from `guix environment --container` To: luhux ,42996@debbugs.gnu.org From: Julien Lepiller Message-ID: <0A2DC743-BCC0-4585-8249-938A8632ACC1@lepiller.eu> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 42996 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) ------GBW2TVI2GV43P01MQ2PCJOWICBSTVM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable One possibility is that you're seeing the virtual root filesystem, that thw= uld only have a few direccories and the structure up to the directory you c= reated your container in=2E Are you sure you can access files outside of th= e directory you started icecat in? Another possiblity is that you had a running icecat outside of the contain= er=2E In that case, calling icecat from tge container only opens a new wind= ow in the un-containerized icecat=2E Could it be what's happening? Le 23 ao=C3=BBt 2020 06:18:49 GMT-04:00, luhux a =C3= =A9crit : >I am using guix environment --container to isolate some programs that >are prone to leak information=2E guix environment --container works well >in freerdp and other programs until I use guix environment --container >to containerize icecat, > >Steps to reproduce: > >guix environmnt --container (=2E=2E=2Esome options=2E=2E=2E) --ad-hoc ice= cat > >Select the address bar and write:'file://' and then access, icecat can >still access the content outside the container=2E > >Please forgive me for some inappropriate words=2E My English is not very >good=2E > >luhux ------GBW2TVI2GV43P01MQ2PCJOWICBSTVM Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable One possibility is that you're seeing the virtual = root filesystem, that thwuld only have a few direccories and the structure = up to the directory you created your container in=2E Are you sure you can a= ccess files outside of the directory you started icecat in?

Another = possiblity is that you had a running icecat outside of the container=2E In = that case, calling icecat from tge container only opens a new window in the= un-containerized icecat=2E Could it be what's happening?

Le 23 ao=C3=BBt 2020 06:18:49 GMT-04:00, luhux <luhux@o= utlook=2Ecom> a =C3=A9crit :
I am using guix environment --container to isolate s=
ome programs that are prone to leak information=2E guix environment --conta=
iner works well in freerdp and other programs until I use guix environment =
--container to containerize icecat,

Steps to reproduce:

guix =
environmnt --container (=2E=2E=2Esome options=2E=2E=2E) --ad-hoc icecat
=

Select the address bar and write:'file://' and then access, icecat can =
still access the content outside the container=2E

Please forgive me =
for some inappropriate words=2E My English is not very good=2E

luhux=



------GBW2TVI2GV43P01MQ2PCJOWICBSTVM-- From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 23 12:45:48 2020 Received: (at 42996) by debbugs.gnu.org; 23 Aug 2020 16:45:48 +0000 Received: from localhost ([127.0.0.1]:55018 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9t7s-0007Qy-2q for submit@debbugs.gnu.org; Sun, 23 Aug 2020 12:45:48 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:49849) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9t7q-0007Qc-Pf for 42996@debbugs.gnu.org; Sun, 23 Aug 2020 12:45:47 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id A55DF6BB; Sun, 23 Aug 2020 12:45:40 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sun, 23 Aug 2020 12:45:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=qIOTMSfy9rIdUb5rdSwm/M7p 6Fbeuh3KcoAJ3tj/2gI=; b=zd7kPIW0uk4j9H8sJ0+Vv7NsonjvWYT4ULbfFApb iK6rl7QcrmbSNLbwQT7CyyKBIfq9NUyDTGngam+6s0Af4aulUt0Ob+BjeOoS2EHy CVHI4gdJmfRE785uEvjtTVHyCw+sqq1FYMZMynVlKHAvi9DfarcLLWoPVgXoCVnD wxo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=qIOTMS fy9rIdUb5rdSwm/M7p6Fbeuh3KcoAJ3tj/2gI=; b=grfAc6e/T7ozcOpVoQ6qk8 wtAYaSdNE41s0B2MgARf6IXUQrr8N8sW7dnYQN0+kCDrylMhDxxyXNR2f1gRVVXa cFliX/L2ASP6jLCZ92uOof8RARYpRFSkgmoJPa+3tRE8b7hOc7E6kRF6jw0MKuz1 ox0RYNOQA8VNQ/gIvaw3Mvnq+i9u066zTQe0tpxffjKrWiVpxKYH13KbxLj0DNHn 5mebMVjvRdnK3hgxgynkIHeNpQs51GjVugGs0DQWvCn4XBVlbLKhD6/R1/99/NLD 7HBtAdH+wYmMSlGUqo18zgwLZmZ8zljNCGX2xNkXelhpsls/hEWch/RJJJXsjt+A == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudduiedguddtiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd erredttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpedukeevgeetkeeltefgiedtjefgje ekffduteehvdfhueekudelieekjeefheffteenucfkphepjeefrddugedurdduvdejrddu geeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh gvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (c-73-141-127-146.hsd1.pa.comcast.net [73.141.127.146]) by mail.messagingengine.com (Postfix) with ESMTPA id 211383280059; Sun, 23 Aug 2020 12:45:40 -0400 (EDT) Date: Sun, 23 Aug 2020 12:45:33 -0400 From: Leo Famulari To: luhux Subject: Re: bug#42996: icecat can escape from `guix environment --container` Message-ID: <20200823164533.GA1897@jasmine.lan> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 42996 Cc: 42996@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Aug 23, 2020 at 06:18:49PM +0800, luhux wrote: > I am using guix environment --container to isolate some programs that > are prone to leak information. guix environment --container works well > in freerdp and other programs until I use guix environment --container > to containerize icecat, More comprehensive reproduction: $ guix environment --container --share=/tmp/.X11-unix --ad-hoc icecat [env]$ export DISPLAY=":0.0" [env]$ icecat The browser has no fonts but, with careful typing, I was able to open a text file in my home directory. --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl9CnSkACgkQJkb6MLrK fwib9Q/+ICT9PtICRSRQr2mNDIvRtLWyIgZqyJZCwKTjzTzrssXCpxIG59vxXTML hIwremO7VV/V+s2IXesWtnxbncdgD29lXu5JM1Vv8FODapz/uGrFjp1j8ok/g/gr dgRHNeB6obwplj5+LzaYw6jaO6qiCMmehv/7x9Qf0CBnaYkYVm2USCTL3HWdcJNZ PkzURk1yLfIb1bbBelXrNjd6lY7sTMsyBUcm/B/2XffNcpMa/M47+Si9ZFxzKS/9 Mt5SVMNifHnSqZr8+fVR5yyCB4/iL9jIhsCDNzThf+zCzosxNoepiMUCvelmtzTA DDTcsnr64Wt7fBXgiaeISQt2xrD6s9Py1NX/aDb8Fb5jE3XcOux2pkuKDedqfmY4 RqPKdh2raayg1wTUycfhqaxfS3TUIzkn4u6S59+XOPSIQErn+Y6YQicQeDO/uAnD TD263gruQstJJ0MjZ1RTlaVyGiu+k05Rgr7+zOSIERMTka1gdfzeZJkqYjCZ7G87 qsl2auJSUP47tKv/OEn6aWLbH1yu0634Qg6C02J0G4zG5N6dq384I8gNujgBwMxs oT1uTGhuJNtb+RJWPVhKxzZftnmzZGeblpOW606OLciR85CWw5pbQd2xsm/7Cr5c uRXZdZGbMZGI2vbfVc0/YTIHff3nVv+76cBAJ+HVFMEjC0R9hdI= =VA7w -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA-- From debbugs-submit-bounces@debbugs.gnu.org Sun Aug 23 12:55:17 2020 Received: (at 42996) by debbugs.gnu.org; 23 Aug 2020 16:55:17 +0000 Received: from localhost ([127.0.0.1]:55027 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9tH3-0007iL-90 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 12:55:17 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:40115) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9tH1-0007i8-3X for 42996@debbugs.gnu.org; Sun, 23 Aug 2020 12:55:15 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 46EE6679; Sun, 23 Aug 2020 12:55:08 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sun, 23 Aug 2020 12:55:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=TZcUtDl2nuqxfkJU/+L4jyKK EfP4uzOp52oHNZM8e8o=; b=iNpj+Ajsni8FkRjxQpJYy3dA8PN8cfA16UxbjlgC SltGE6OfYMeFFCPWV/IwFgn6oUAPVULVowdPw8gmOsOcu1qxipITGPxu6hAJZw6y a1ilOBtHIKg5pBBAmemllgVW9Vg11OKB66SbCxEz+yijPyKc4wo9Lzk4lyiP68f6 jGU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=TZcUtD l2nuqxfkJU/+L4jyKKEfP4uzOp52oHNZM8e8o=; b=jNDmyV55au4M34SxynSJ5V VP68u21YAGqOAFD4VZXWfmm7Sn/QdUhhVkmox8JCHGwIsixYwZqiROQCfL77lx+4 YCnYK2s78BvMkz6IeNi9/WHmQsOgKn4njFu6U1wTzVtFrf+SyhLSHu2z1YMbY/Qg fvTsOhlUvaMoiDEkRa9S3l5s5cvk8pvTRqzGokt2z78lXBEmkDW8sNCwqQONFzdI JFKAjRSBwiOCfCUTdt/JPh6iZ2q8loz2zbkkL5Pbn4FqQu3s3Oqfc+TTugoZF1JR 7cWciPwBoOAoAbEyYd0Apf6+GE/8PHdHu7w/FpFJGdDvV1s+pxWhW6lg3a2hGg6w == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudduiedguddtkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd erredttdejnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpefhkedvudeiheeftddtudelvdfghe elveeljeehtedtvdffveegjeegteeuffekteenucffohhmrghinhepghhnuhdrohhrghen ucfkphepjeefrddugedurdduvdejrddugeeinecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (c-73-141-127-146.hsd1.pa.comcast.net [73.141.127.146]) by mail.messagingengine.com (Postfix) with ESMTPA id 928A930600A6; Sun, 23 Aug 2020 12:55:07 -0400 (EDT) Date: Sun, 23 Aug 2020 12:55:05 -0400 From: Leo Famulari To: luhux Subject: Re: bug#42996: icecat can escape from `guix environment --container` Message-ID: <20200823165505.GA3636@jasmine.lan> References: <20200823164533.GA1897@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="/9DWx/yDrRhgMJTb" Content-Disposition: inline In-Reply-To: <20200823164533.GA1897@jasmine.lan> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 42996 Cc: 42996@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --/9DWx/yDrRhgMJTb Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I believe that this is expected given the specification of `guix environment`, which is its chapter in the manual. [0] It says, "For containers, the default behavior is to share the current working directory with the isolated container and immediately change to that directory within the container. If this is undesirable, --no-cwd will cause the current working directory to not be automatically shared and will change to the user=E2=80=99s home directory within the container instead." For this command, the word "share" means that the shared directories will be read-write. Did you use the --no-cwd option? If not, were you able to access any files outside of the current working directory of the `guix environment =2E..` command invocation? [0] https://guix.gnu.org/manual/en/html_node/Invoking-guix-environment.html= #Invoking-guix-environment --/9DWx/yDrRhgMJTb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIyBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl9Cn2kACgkQJkb6MLrK fwiz+Q/48RdN8niOZanrBHt8ir93ihb5YjJKDK1/Xtp1ijS5H8EmDDPCRl0O0dWD 7/D7XAjJUIkPja8Cv2TOlSvhFjKGMdhU9kd953nvlnevuuUE3ZaM/8AH+05qjPYS wnsRXNyumiSIry7QgSxw1dmYWfVmEhVfIMDIepVvWqHOTk5WxUHbUzRl9FlbGTj4 1hg2ZDYemnPWlnCcV7ZYQGLg5eFOJZqYQ9mZbP4Gwy6VhcTJEPfoCTqO2l46VJL+ 30qfoFLP//5on/xA1XuVzljwm7VK1CVlUescWg0fg/+XywIf4s4Ce6/RDPxJKb64 QkNEdmHQbbFS1Bvz0ncxgjahFQD8A+ZwF3eXMsx8t7DSgz1dBZ28iiUCyaEZBSe9 9lVAuOeXmi+1gS+cHoIuHUa7xUNGeo/+0E2mNBE5ex8kV+7tsaGvc3xVxW4wl5pu AsSegby9iVX3STEPdg/MFGwx+Ov0MkTKBpl3hWWhgi5FRxAKvx2u+pnBXw+gPd3F PGd6JU9NbeP9dCvMyrCD7ak6WJ0JvHqiW2Wbg4UpHrCJlS9HzKAr7qmfdcQrHg/U 8vt9o0oVR+WgFNCXQh0YMBnv+As2kfn/yXvCjC3ylZnzbIwWye/qV4ALS2OOQZow KL9gvb8aGSQhkszd1E6vdcMNNH2Oa0zJVooqXLbQ9BQYRfpSdQ== =FgWP -----END PGP SIGNATURE----- --/9DWx/yDrRhgMJTb-- From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 24 07:17:20 2020 Received: (at 42996-close) by debbugs.gnu.org; 24 Aug 2020 11:17:20 +0000 Received: from localhost ([127.0.0.1]:56262 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kAATY-00087o-3m for submit@debbugs.gnu.org; Mon, 24 Aug 2020 07:17:20 -0400 Received: from lepiller.eu ([89.234.186.109]:43574) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kAATU-00087c-MW for 42996-close@debbugs.gnu.org; Mon, 24 Aug 2020 07:17:18 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 67ab85ca; Mon, 24 Aug 2020 11:17:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=gmDFZ1fDTiK2soZ02sVTwq90FVp09RZJVWFUUlnHLUs=; b=TIdFzqysnzY9 4XZYH8NZ/rdw+3zAifs1WZpJD5C3Ta0zmVK6wiEdfJ0FnsTZgWsHO/0QylIUIuXG Hk3xxilDkPPlQOiYct77+cOTFAIlEfS+9hTU8ptQmT9u6CYNI92JUqKdZhe+FF+v 2ftjexdcEdrKrnStM0kVZrVKTapjjyY9PR0XrggIvkY/rpL+1KpQp4fD0GHflcKW 8NJjfPfi3TQLmvgd7SbrfeTPW4Wti4UZ3Hzq5SJxfVfI63/lWMgHlRXFrqrxYGDm X8o3w5FP3uMHIIDWSxcSTBN/rgeNEOLoZH4ghPqyoslHrQTDW7AMwc8LRGQU2pLV tjHI6EgxHQ== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 38302891 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Mon, 24 Aug 2020 11:17:13 +0000 (UTC) Date: Mon, 24 Aug 2020 07:17:02 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: <0A2DC743-BCC0-4585-8249-938A8632ACC1@lepiller.eu> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----97YJ006UZNFDR61JVK3IFERIT734S4" Content-Transfer-Encoding: 7bit Subject: Re: bug#42996: icecat can escape from `guix environment --container` To: luhux ,42996-close@debbugs.gnu.org From: Julien Lepiller Message-ID: <1E77B891-9ACA-41A9-93C8-BDA74232AAB5@lepiller.eu> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 42996-close X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) ------97YJ006UZNFDR61JVK3IFERIT734S4 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Then, closing=2E Thank you :) Le 23 ao=C3=BBt 2020 21:15:55 GMT-04:00, luhux a =C3= =A9crit : >On Sun, Aug 23, 2020 at 11:38:47AM -0400, Julien Lepiller wrote: >> One possibility is that you're seeing the virtual root filesystem, >that thwuld only have a few direccories and the structure up to the >directory you created your container in=2E Are you sure you can access >files outside of the directory you started icecat in? >>=20 >> Another possiblity is that you had a running icecat outside of the >container=2E In that case, calling icecat from tge container only opens a >new window in the un-containerized icecat=2E Could it be what's >happening? >>=20 > >It is my fault=2E > >The icecat in the container is connected to the icecat outside the >container, and then a new window is opened using the icecat outside the >container > >Close the icecat outside the container, and then open the icecat inside >the container, everything is correct=2E > >The problem is solved, thank you very much=2E > >luhux ------97YJ006UZNFDR61JVK3IFERIT734S4 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Then, closing=2E Thank you :)

Le 23 ao=C3=BBt 2020 21:15:55 GMT-04:00, luhux <luhux@outl= ook=2Ecom> a =C3=A9crit :
On Sun, Aug 23, 2020 at 11:38:47AM -0400, Julien Lep=
iller wrote:
One possib=
ility is that you're seeing the virtual root filesystem, that thwuld only h=
ave a few direccories and the structure up to the directory you created you=
r container in=2E Are you sure you can access files outside of the director=
y you started icecat in?

Another possiblity is that you had a runnin=
g icecat outside of the container=2E In that case, calling icecat from tge =
container only opens a new window in the un-containerized icecat=2E Could i=
t be what's happening?


It is my fault=2E

The=
 icecat in the container is connected to the icecat outside the container, =
and then a new window is opened using the icecat outside the container
<=
br>Close the icecat outside the container, and then open the icecat inside =
the container, everything is correct=2E

The problem is solved, thank=
 you very much=2E

luhux
------97YJ006UZNFDR61JVK3IFERIT734S4-- From unknown Sun Jul 27 03:20:48 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 21 Sep 2020 11:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator