From unknown Sun Jul 27 03:21:35 2025 X-Loop: help-debbugs@gnu.org Subject: bug#42996: icecat can escape from `guix environment --container` Resent-From: luhux Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 23 Aug 2020 14:49:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 42996 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 42996@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.159819409217011 (code B ref -1); Sun, 23 Aug 2020 14:49:01 +0000 Received: (at submit) by debbugs.gnu.org; 23 Aug 2020 14:48:12 +0000 Received: from localhost ([127.0.0.1]:54897 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9rI4-0004QI-D3 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 10:48:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:60834) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9nKJ-0007Q3-TR for submit@debbugs.gnu.org; Sun, 23 Aug 2020 06:34:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38238) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9nKJ-0000Q8-Mj for bug-guix@gnu.org; Sun, 23 Aug 2020 06:34:15 -0400 Received: from mail-oln040092254047.outbound.protection.outlook.com ([40.92.254.47]:6110 helo=APC01-PU1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9nKG-0005Rd-6S for bug-guix@gnu.org; Sun, 23 Aug 2020 06:34:14 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zj/ynGM3WP4k3KLcUgV8nI4w9x4wW+x7rT/paeRB+R3wKF38JxgDscF7IT6j4TtMvg11ZYXnFC2byvw9+geuK9H/65eXGnE0keLVsWRPG9SROgvZ/JOreATxRfQ0nXVvgNeEb8reheh82QQd9n66Gmcza5UXVrsLXHCUOdofK7suB6Z95JeuCNvZfc8KLTpU++a7fwdX3xaJDnDHCiYT0yK3a+9q1b99MYKJcYBi50mtXFtcknsHvix0D67BCwGvAiSRJNVBg/Q1PUfyF+QTpUDWm87j1/nLzxYV2llL5KHO/JM+NeVBUQfbOTS2IcOY91hB7r1a+FC48y285rU9lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z/eo+mrhHv9vd5h45+K01q1j4/6bIuP5TD0JSnOlK0k=; b=LU1ieVEEEzE6tBLfpBwwBmoIs62DxoCdms29PPDRZMBg5gwi3NK8VXVVDGmsrEzryBkAaPpAKcxqmjEFMRhnh3vlFYsEiAMUgzqAqPuDP3pgCR7lR+GLTxRpWqMGBeyqvmJWJKJnZEMi3vR0D4BRc0FtQhhi7weLSPq9kmDRFLdDUoGoN0my4GlC27uGbiGN5vsKr/CWzM3vZ9fG9vd4ququ6GIXc7mxpNI89iY+1VB1z0SrchUF760dWPb+aZsoJ5OeP/Cy32I3hxjRoekfnRhizLQc69yekl0ugj/Gk82In7JVBhzh7U8UTPyQN6zfkN6/hh1x/y7NALcrwRUbKA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z/eo+mrhHv9vd5h45+K01q1j4/6bIuP5TD0JSnOlK0k=; b=DhS0xDeG8MYaNcsAScXRWhAbyskmYOhlFose9K5bTuoF6E/pD1kBFz2aVl/axmqr5oG3DrlupPwaTGV1aCwp389l5sQuns90L9hkrSHPVlIAFfkmZqFTU1vTECeUPGY0yRQ8R34BW2lk3EVzvwhwhEYmdRFB1Uhl2ZOqesK7Sohcla+ByRrs9/p9/x87Lkbk8OmTVGDsO7CIU1/jQhhdquHumQ5adLHPLIG5S1/K3OsWAcF202ETnzRU29Ipw4vqK1rf98WKZcyt2qWWB9vUwRVxrOh9cbBvxUKxT0GgAY7MuzT7ALrVY6AWjW5zDGB7y0Lr3gklJ46VdEdGkv96rA== Received: from HK2APC01FT011.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::52) by HK2APC01HT114.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.24; Sun, 23 Aug 2020 10:18:54 +0000 Received: from PSXP216MB0136.KORP216.PROD.OUTLOOK.COM (10.152.248.54) by HK2APC01FT011.mail.protection.outlook.com (10.152.248.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.24 via Frontend Transport; Sun, 23 Aug 2020 10:18:53 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:14346FD862DF7304CD5F0E9EF3ED8FA09B8372059EDA62C341A93630953AF3F4; UpperCasedChecksum:4C707EF278F126D014F8B1D2036AF34D3184D2C77C9F05C414DE107EB581D912; SizeAsReceived:7196; Count:44 Received: from PSXP216MB0136.KORP216.PROD.OUTLOOK.COM ([fe80::11fb:8c34:261d:322d]) by PSXP216MB0136.KORP216.PROD.OUTLOOK.COM ([fe80::11fb:8c34:261d:322d%3]) with mapi id 15.20.3305.026; Sun, 23 Aug 2020 10:18:53 +0000 Date: Sun, 23 Aug 2020 18:18:49 +0800 From: luhux Message-ID: Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-ClientProxiedBy: HK2P15301CA0018.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::28) To PSXP216MB0136.KORP216.PROD.OUTLOOK.COM (2603:1096:300:14::13) X-Microsoft-Original-Message-ID: <20200823101849.GA545@tencent> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (119.45.133.18) by HK2P15301CA0018.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.0 via Frontend Transport; Sun, 23 Aug 2020 10:18:52 +0000 X-Microsoft-Original-Message-ID: <20200823101849.GA545@tencent> X-TMN: [+VKfrr4Eqz7iJPtS9Yx6XRGOnOG+1HeI] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 44 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 40213f2a-e800-44ff-3b33-08d8474def6f X-MS-TrafficTypeDiagnostic: HK2APC01HT114: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2hVH+Vm5yhTXotwPGpfcmhO8OCtzHqtW8bcQJ9Gmjgo2hFVvuo6XsgweJqAjJwepoRtqoTCl/mvZD7ZGHkaXm+G9AlXg1JQryaFfatsX95tBhKxvKet42HE/7+NBDol7CK1G+Vz0icTgabrNnc2vhDTvFfki6ar8d9hdzev1A5gVI3MxuNEhRirP6jlW7D5WYVAHozIXd6gY8ArXTIVoEw== X-MS-Exchange-AntiSpam-MessageData: jyu4ZNSvgfroPBVcWaC9h9xROMkiw1uxQhfW1AHAf/sNHr8ritPdaTO0Qp/zW+mAvgE6b9VxsNUNxPtnUdZU2kxOGyupsZr0NPUWwncg5jAF0QqPygY1XZaTDI4PFYOJYpZuQZqHfZjKvXo8dLuVUQ== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 40213f2a-e800-44ff-3b33-08d8474def6f X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2020 10:18:53.8388 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT011.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT114 Received-SPF: pass client-ip=40.92.254.47; envelope-from=luhux@outlook.com; helo=APC01-PU1-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/23 06:34:08 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -0.1 (/) X-Mailman-Approved-At: Sun, 23 Aug 2020 10:48:11 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) I am using guix environment --container to isolate some programs that are prone to leak information. guix environment --container works well in freerdp and other programs until I use guix environment --container to containerize icecat, Steps to reproduce: guix environmnt --container (...some options...) --ad-hoc icecat Select the address bar and write:'file://' and then access, icecat can still access the content outside the container. Please forgive me for some inappropriate words. My English is not very good. luhux From unknown Sun Jul 27 03:21:35 2025 X-Loop: help-debbugs@gnu.org Subject: bug#42996: icecat can escape from `guix environment --container` Resent-From: Julien Lepiller Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 23 Aug 2020 15:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42996 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: luhux ,42996@debbugs.gnu.org Received: via spool by 42996-submit@debbugs.gnu.org id=B42996.159819714621940 (code B ref 42996); Sun, 23 Aug 2020 15:40:01 +0000 Received: (at 42996) by debbugs.gnu.org; 23 Aug 2020 15:39:06 +0000 Received: from localhost ([127.0.0.1]:54926 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9s5K-0005ho-E7 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 11:39:06 -0400 Received: from lepiller.eu ([89.234.186.109]:43084) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9s5I-0005hf-Ac for 42996@debbugs.gnu.org; Sun, 23 Aug 2020 11:39:05 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 7d85273d; Sun, 23 Aug 2020 15:39:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=EhjqV0YsPhlPpecUREZlWkk+qsKqHvwPxYLEs8FBh1M=; b=hq8OWNd687Rx F7gIJQ6JJi0lHBfHsCUgLO5KT1+lQX2+MHIPLBzfbIfr0zSg/Wp0vysmS/mARhe0 52/xAlfYe9q98bNfa8MB6yUivMboTZVUcRvj9sBUEAuOZiajL+UDOPYNuVj5H1te fCauxqH8RIDjDFIDgrTsndIktAatmAr8NSvYw6mBhtjFP6w70L2wmdCQUKObzQGK YSktAtwI1X1jb4gUYQpkOqwOgZYMz5U4GX03QlVdssqoSmM3OH5llRm8qJjbmeKf jKIOnFRsOqjTNDLZvY6dND5Ftm+X0LL3JbQZ5ozISMHMsDO+kAR8jm5bLEH+V4aa 01MoytKjmA== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id cd625499 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sun, 23 Aug 2020 15:39:01 +0000 (UTC) Date: Sun, 23 Aug 2020 11:38:47 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----GBW2TVI2GV43P01MQ2PCJOWICBSTVM" Content-Transfer-Encoding: 7bit From: Julien Lepiller Message-ID: <0A2DC743-BCC0-4585-8249-938A8632ACC1@lepiller.eu> X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) ------GBW2TVI2GV43P01MQ2PCJOWICBSTVM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable One possibility is that you're seeing the virtual root filesystem, that thw= uld only have a few direccories and the structure up to the directory you c= reated your container in=2E Are you sure you can access files outside of th= e directory you started icecat in? Another possiblity is that you had a running icecat outside of the contain= er=2E In that case, calling icecat from tge container only opens a new wind= ow in the un-containerized icecat=2E Could it be what's happening? Le 23 ao=C3=BBt 2020 06:18:49 GMT-04:00, luhux a =C3= =A9crit : >I am using guix environment --container to isolate some programs that >are prone to leak information=2E guix environment --container works well >in freerdp and other programs until I use guix environment --container >to containerize icecat, > >Steps to reproduce: > >guix environmnt --container (=2E=2E=2Esome options=2E=2E=2E) --ad-hoc ice= cat > >Select the address bar and write:'file://' and then access, icecat can >still access the content outside the container=2E > >Please forgive me for some inappropriate words=2E My English is not very >good=2E > >luhux ------GBW2TVI2GV43P01MQ2PCJOWICBSTVM Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable One possibility is that you're seeing the virtual = root filesystem, that thwuld only have a few direccories and the structure = up to the directory you created your container in=2E Are you sure you can a= ccess files outside of the directory you started icecat in?

Another = possiblity is that you had a running icecat outside of the container=2E In = that case, calling icecat from tge container only opens a new window in the= un-containerized icecat=2E Could it be what's happening?

Le 23 ao=C3=BBt 2020 06:18:49 GMT-04:00, luhux <luhux@o= utlook=2Ecom> a =C3=A9crit :
I am using guix environment --container to isolate s=
ome programs that are prone to leak information=2E guix environment --conta=
iner works well in freerdp and other programs until I use guix environment =
--container to containerize icecat,

Steps to reproduce:

guix =
environmnt --container (=2E=2E=2Esome options=2E=2E=2E) --ad-hoc icecat
=

Select the address bar and write:'file://' and then access, icecat can =
still access the content outside the container=2E

Please forgive me =
for some inappropriate words=2E My English is not very good=2E

luhux=



------GBW2TVI2GV43P01MQ2PCJOWICBSTVM-- From unknown Sun Jul 27 03:21:35 2025 X-Loop: help-debbugs@gnu.org Subject: bug#42996: icecat can escape from `guix environment --container` Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 23 Aug 2020 16:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42996 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: luhux Cc: 42996@debbugs.gnu.org Received: via spool by 42996-submit@debbugs.gnu.org id=B42996.159820114828584 (code B ref 42996); Sun, 23 Aug 2020 16:46:01 +0000 Received: (at 42996) by debbugs.gnu.org; 23 Aug 2020 16:45:48 +0000 Received: from localhost ([127.0.0.1]:55018 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9t7s-0007Qy-2q for submit@debbugs.gnu.org; Sun, 23 Aug 2020 12:45:48 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:49849) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9t7q-0007Qc-Pf for 42996@debbugs.gnu.org; Sun, 23 Aug 2020 12:45:47 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id A55DF6BB; Sun, 23 Aug 2020 12:45:40 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sun, 23 Aug 2020 12:45:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=qIOTMSfy9rIdUb5rdSwm/M7p 6Fbeuh3KcoAJ3tj/2gI=; b=zd7kPIW0uk4j9H8sJ0+Vv7NsonjvWYT4ULbfFApb iK6rl7QcrmbSNLbwQT7CyyKBIfq9NUyDTGngam+6s0Af4aulUt0Ob+BjeOoS2EHy CVHI4gdJmfRE785uEvjtTVHyCw+sqq1FYMZMynVlKHAvi9DfarcLLWoPVgXoCVnD wxo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=qIOTMS fy9rIdUb5rdSwm/M7p6Fbeuh3KcoAJ3tj/2gI=; b=grfAc6e/T7ozcOpVoQ6qk8 wtAYaSdNE41s0B2MgARf6IXUQrr8N8sW7dnYQN0+kCDrylMhDxxyXNR2f1gRVVXa cFliX/L2ASP6jLCZ92uOof8RARYpRFSkgmoJPa+3tRE8b7hOc7E6kRF6jw0MKuz1 ox0RYNOQA8VNQ/gIvaw3Mvnq+i9u066zTQe0tpxffjKrWiVpxKYH13KbxLj0DNHn 5mebMVjvRdnK3hgxgynkIHeNpQs51GjVugGs0DQWvCn4XBVlbLKhD6/R1/99/NLD 7HBtAdH+wYmMSlGUqo18zgwLZmZ8zljNCGX2xNkXelhpsls/hEWch/RJJJXsjt+A == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudduiedguddtiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd erredttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpedukeevgeetkeeltefgiedtjefgje ekffduteehvdfhueekudelieekjeefheffteenucfkphepjeefrddugedurdduvdejrddu geeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh gvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (c-73-141-127-146.hsd1.pa.comcast.net [73.141.127.146]) by mail.messagingengine.com (Postfix) with ESMTPA id 211383280059; Sun, 23 Aug 2020 12:45:40 -0400 (EDT) Date: Sun, 23 Aug 2020 12:45:33 -0400 From: Leo Famulari Message-ID: <20200823164533.GA1897@jasmine.lan> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Aug 23, 2020 at 06:18:49PM +0800, luhux wrote: > I am using guix environment --container to isolate some programs that > are prone to leak information. guix environment --container works well > in freerdp and other programs until I use guix environment --container > to containerize icecat, More comprehensive reproduction: $ guix environment --container --share=/tmp/.X11-unix --ad-hoc icecat [env]$ export DISPLAY=":0.0" [env]$ icecat The browser has no fonts but, with careful typing, I was able to open a text file in my home directory. --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl9CnSkACgkQJkb6MLrK fwib9Q/+ICT9PtICRSRQr2mNDIvRtLWyIgZqyJZCwKTjzTzrssXCpxIG59vxXTML hIwremO7VV/V+s2IXesWtnxbncdgD29lXu5JM1Vv8FODapz/uGrFjp1j8ok/g/gr dgRHNeB6obwplj5+LzaYw6jaO6qiCMmehv/7x9Qf0CBnaYkYVm2USCTL3HWdcJNZ PkzURk1yLfIb1bbBelXrNjd6lY7sTMsyBUcm/B/2XffNcpMa/M47+Si9ZFxzKS/9 Mt5SVMNifHnSqZr8+fVR5yyCB4/iL9jIhsCDNzThf+zCzosxNoepiMUCvelmtzTA DDTcsnr64Wt7fBXgiaeISQt2xrD6s9Py1NX/aDb8Fb5jE3XcOux2pkuKDedqfmY4 RqPKdh2raayg1wTUycfhqaxfS3TUIzkn4u6S59+XOPSIQErn+Y6YQicQeDO/uAnD TD263gruQstJJ0MjZ1RTlaVyGiu+k05Rgr7+zOSIERMTka1gdfzeZJkqYjCZ7G87 qsl2auJSUP47tKv/OEn6aWLbH1yu0634Qg6C02J0G4zG5N6dq384I8gNujgBwMxs oT1uTGhuJNtb+RJWPVhKxzZftnmzZGeblpOW606OLciR85CWw5pbQd2xsm/7Cr5c uRXZdZGbMZGI2vbfVc0/YTIHff3nVv+76cBAJ+HVFMEjC0R9hdI= =VA7w -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA-- From unknown Sun Jul 27 03:21:35 2025 X-Loop: help-debbugs@gnu.org Subject: bug#42996: icecat can escape from `guix environment --container` Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 23 Aug 2020 16:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42996 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: luhux Cc: 42996@debbugs.gnu.org Received: via spool by 42996-submit@debbugs.gnu.org id=B42996.159820171729661 (code B ref 42996); Sun, 23 Aug 2020 16:56:02 +0000 Received: (at 42996) by debbugs.gnu.org; 23 Aug 2020 16:55:17 +0000 Received: from localhost ([127.0.0.1]:55027 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9tH3-0007iL-90 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 12:55:17 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:40115) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9tH1-0007i8-3X for 42996@debbugs.gnu.org; Sun, 23 Aug 2020 12:55:15 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 46EE6679; Sun, 23 Aug 2020 12:55:08 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sun, 23 Aug 2020 12:55:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=TZcUtDl2nuqxfkJU/+L4jyKK EfP4uzOp52oHNZM8e8o=; b=iNpj+Ajsni8FkRjxQpJYy3dA8PN8cfA16UxbjlgC SltGE6OfYMeFFCPWV/IwFgn6oUAPVULVowdPw8gmOsOcu1qxipITGPxu6hAJZw6y a1ilOBtHIKg5pBBAmemllgVW9Vg11OKB66SbCxEz+yijPyKc4wo9Lzk4lyiP68f6 jGU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=TZcUtD l2nuqxfkJU/+L4jyKKEfP4uzOp52oHNZM8e8o=; b=jNDmyV55au4M34SxynSJ5V VP68u21YAGqOAFD4VZXWfmm7Sn/QdUhhVkmox8JCHGwIsixYwZqiROQCfL77lx+4 YCnYK2s78BvMkz6IeNi9/WHmQsOgKn4njFu6U1wTzVtFrf+SyhLSHu2z1YMbY/Qg fvTsOhlUvaMoiDEkRa9S3l5s5cvk8pvTRqzGokt2z78lXBEmkDW8sNCwqQONFzdI JFKAjRSBwiOCfCUTdt/JPh6iZ2q8loz2zbkkL5Pbn4FqQu3s3Oqfc+TTugoZF1JR 7cWciPwBoOAoAbEyYd0Apf6+GE/8PHdHu7w/FpFJGdDvV1s+pxWhW6lg3a2hGg6w == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudduiedguddtkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd erredttdejnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpefhkedvudeiheeftddtudelvdfghe elveeljeehtedtvdffveegjeegteeuffekteenucffohhmrghinhepghhnuhdrohhrghen ucfkphepjeefrddugedurdduvdejrddugeeinecuvehluhhsthgvrhfuihiivgeptdenuc frrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (c-73-141-127-146.hsd1.pa.comcast.net [73.141.127.146]) by mail.messagingengine.com (Postfix) with ESMTPA id 928A930600A6; Sun, 23 Aug 2020 12:55:07 -0400 (EDT) Date: Sun, 23 Aug 2020 12:55:05 -0400 From: Leo Famulari Message-ID: <20200823165505.GA3636@jasmine.lan> References: <20200823164533.GA1897@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="/9DWx/yDrRhgMJTb" Content-Disposition: inline In-Reply-To: <20200823164533.GA1897@jasmine.lan> X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --/9DWx/yDrRhgMJTb Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I believe that this is expected given the specification of `guix environment`, which is its chapter in the manual. [0] It says, "For containers, the default behavior is to share the current working directory with the isolated container and immediately change to that directory within the container. If this is undesirable, --no-cwd will cause the current working directory to not be automatically shared and will change to the user=E2=80=99s home directory within the container instead." For this command, the word "share" means that the shared directories will be read-write. Did you use the --no-cwd option? If not, were you able to access any files outside of the current working directory of the `guix environment =2E..` command invocation? [0] https://guix.gnu.org/manual/en/html_node/Invoking-guix-environment.html= #Invoking-guix-environment --/9DWx/yDrRhgMJTb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIyBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl9Cn2kACgkQJkb6MLrK fwiz+Q/48RdN8niOZanrBHt8ir93ihb5YjJKDK1/Xtp1ijS5H8EmDDPCRl0O0dWD 7/D7XAjJUIkPja8Cv2TOlSvhFjKGMdhU9kd953nvlnevuuUE3ZaM/8AH+05qjPYS wnsRXNyumiSIry7QgSxw1dmYWfVmEhVfIMDIepVvWqHOTk5WxUHbUzRl9FlbGTj4 1hg2ZDYemnPWlnCcV7ZYQGLg5eFOJZqYQ9mZbP4Gwy6VhcTJEPfoCTqO2l46VJL+ 30qfoFLP//5on/xA1XuVzljwm7VK1CVlUescWg0fg/+XywIf4s4Ce6/RDPxJKb64 QkNEdmHQbbFS1Bvz0ncxgjahFQD8A+ZwF3eXMsx8t7DSgz1dBZ28iiUCyaEZBSe9 9lVAuOeXmi+1gS+cHoIuHUa7xUNGeo/+0E2mNBE5ex8kV+7tsaGvc3xVxW4wl5pu AsSegby9iVX3STEPdg/MFGwx+Ov0MkTKBpl3hWWhgi5FRxAKvx2u+pnBXw+gPd3F PGd6JU9NbeP9dCvMyrCD7ak6WJ0JvHqiW2Wbg4UpHrCJlS9HzKAr7qmfdcQrHg/U 8vt9o0oVR+WgFNCXQh0YMBnv+As2kfn/yXvCjC3ylZnzbIwWye/qV4ALS2OOQZow KL9gvb8aGSQhkszd1E6vdcMNNH2Oa0zJVooqXLbQ9BQYRfpSdQ== =FgWP -----END PGP SIGNATURE----- --/9DWx/yDrRhgMJTb-- From unknown Sun Jul 27 03:21:35 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: luhux Subject: bug#42996: closed (Re: bug#42996: icecat can escape from `guix environment --container`) Message-ID: References: <1E77B891-9ACA-41A9-93C8-BDA74232AAB5@lepiller.eu> X-Gnu-PR-Message: they-closed 42996 X-Gnu-PR-Package: guix Reply-To: 42996@debbugs.gnu.org Date: Mon, 24 Aug 2020 11:18:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1598267882-31293-1" This is a multi-part message in MIME format... ------------=_1598267882-31293-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #42996: icecat can escape from `guix environment --container` which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 42996@debbugs.gnu.org. --=20 42996: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D42996 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1598267882-31293-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 42996-close) by debbugs.gnu.org; 24 Aug 2020 11:17:20 +0000 Received: from localhost ([127.0.0.1]:56262 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kAATY-00087o-3m for submit@debbugs.gnu.org; Mon, 24 Aug 2020 07:17:20 -0400 Received: from lepiller.eu ([89.234.186.109]:43574) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kAATU-00087c-MW for 42996-close@debbugs.gnu.org; Mon, 24 Aug 2020 07:17:18 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 67ab85ca; Mon, 24 Aug 2020 11:17:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=gmDFZ1fDTiK2soZ02sVTwq90FVp09RZJVWFUUlnHLUs=; b=TIdFzqysnzY9 4XZYH8NZ/rdw+3zAifs1WZpJD5C3Ta0zmVK6wiEdfJ0FnsTZgWsHO/0QylIUIuXG Hk3xxilDkPPlQOiYct77+cOTFAIlEfS+9hTU8ptQmT9u6CYNI92JUqKdZhe+FF+v 2ftjexdcEdrKrnStM0kVZrVKTapjjyY9PR0XrggIvkY/rpL+1KpQp4fD0GHflcKW 8NJjfPfi3TQLmvgd7SbrfeTPW4Wti4UZ3Hzq5SJxfVfI63/lWMgHlRXFrqrxYGDm X8o3w5FP3uMHIIDWSxcSTBN/rgeNEOLoZH4ghPqyoslHrQTDW7AMwc8LRGQU2pLV tjHI6EgxHQ== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 38302891 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Mon, 24 Aug 2020 11:17:13 +0000 (UTC) Date: Mon, 24 Aug 2020 07:17:02 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: <0A2DC743-BCC0-4585-8249-938A8632ACC1@lepiller.eu> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----97YJ006UZNFDR61JVK3IFERIT734S4" Content-Transfer-Encoding: 7bit Subject: Re: bug#42996: icecat can escape from `guix environment --container` To: luhux ,42996-close@debbugs.gnu.org From: Julien Lepiller Message-ID: <1E77B891-9ACA-41A9-93C8-BDA74232AAB5@lepiller.eu> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 42996-close X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) ------97YJ006UZNFDR61JVK3IFERIT734S4 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Then, closing=2E Thank you :) Le 23 ao=C3=BBt 2020 21:15:55 GMT-04:00, luhux a =C3= =A9crit : >On Sun, Aug 23, 2020 at 11:38:47AM -0400, Julien Lepiller wrote: >> One possibility is that you're seeing the virtual root filesystem, >that thwuld only have a few direccories and the structure up to the >directory you created your container in=2E Are you sure you can access >files outside of the directory you started icecat in? >>=20 >> Another possiblity is that you had a running icecat outside of the >container=2E In that case, calling icecat from tge container only opens a >new window in the un-containerized icecat=2E Could it be what's >happening? >>=20 > >It is my fault=2E > >The icecat in the container is connected to the icecat outside the >container, and then a new window is opened using the icecat outside the >container > >Close the icecat outside the container, and then open the icecat inside >the container, everything is correct=2E > >The problem is solved, thank you very much=2E > >luhux ------97YJ006UZNFDR61JVK3IFERIT734S4 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Then, closing=2E Thank you :)

Le 23 ao=C3=BBt 2020 21:15:55 GMT-04:00, luhux <luhux@outl= ook=2Ecom> a =C3=A9crit :
On Sun, Aug 23, 2020 at 11:38:47AM -0400, Julien Lep=
iller wrote:
One possib=
ility is that you're seeing the virtual root filesystem, that thwuld only h=
ave a few direccories and the structure up to the directory you created you=
r container in=2E Are you sure you can access files outside of the director=
y you started icecat in?

Another possiblity is that you had a runnin=
g icecat outside of the container=2E In that case, calling icecat from tge =
container only opens a new window in the un-containerized icecat=2E Could i=
t be what's happening?


It is my fault=2E

The=
 icecat in the container is connected to the icecat outside the container, =
and then a new window is opened using the icecat outside the container
<=
br>Close the icecat outside the container, and then open the icecat inside =
the container, everything is correct=2E

The problem is solved, thank=
 you very much=2E

luhux
------97YJ006UZNFDR61JVK3IFERIT734S4-- ------------=_1598267882-31293-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 23 Aug 2020 14:48:12 +0000 Received: from localhost ([127.0.0.1]:54897 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9rI4-0004QI-D3 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 10:48:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:60834) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9nKJ-0007Q3-TR for submit@debbugs.gnu.org; Sun, 23 Aug 2020 06:34:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38238) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9nKJ-0000Q8-Mj for bug-guix@gnu.org; Sun, 23 Aug 2020 06:34:15 -0400 Received: from mail-oln040092254047.outbound.protection.outlook.com ([40.92.254.47]:6110 helo=APC01-PU1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9nKG-0005Rd-6S for bug-guix@gnu.org; Sun, 23 Aug 2020 06:34:14 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Zj/ynGM3WP4k3KLcUgV8nI4w9x4wW+x7rT/paeRB+R3wKF38JxgDscF7IT6j4TtMvg11ZYXnFC2byvw9+geuK9H/65eXGnE0keLVsWRPG9SROgvZ/JOreATxRfQ0nXVvgNeEb8reheh82QQd9n66Gmcza5UXVrsLXHCUOdofK7suB6Z95JeuCNvZfc8KLTpU++a7fwdX3xaJDnDHCiYT0yK3a+9q1b99MYKJcYBi50mtXFtcknsHvix0D67BCwGvAiSRJNVBg/Q1PUfyF+QTpUDWm87j1/nLzxYV2llL5KHO/JM+NeVBUQfbOTS2IcOY91hB7r1a+FC48y285rU9lA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z/eo+mrhHv9vd5h45+K01q1j4/6bIuP5TD0JSnOlK0k=; b=LU1ieVEEEzE6tBLfpBwwBmoIs62DxoCdms29PPDRZMBg5gwi3NK8VXVVDGmsrEzryBkAaPpAKcxqmjEFMRhnh3vlFYsEiAMUgzqAqPuDP3pgCR7lR+GLTxRpWqMGBeyqvmJWJKJnZEMi3vR0D4BRc0FtQhhi7weLSPq9kmDRFLdDUoGoN0my4GlC27uGbiGN5vsKr/CWzM3vZ9fG9vd4ququ6GIXc7mxpNI89iY+1VB1z0SrchUF760dWPb+aZsoJ5OeP/Cy32I3hxjRoekfnRhizLQc69yekl0ugj/Gk82In7JVBhzh7U8UTPyQN6zfkN6/hh1x/y7NALcrwRUbKA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=z/eo+mrhHv9vd5h45+K01q1j4/6bIuP5TD0JSnOlK0k=; b=DhS0xDeG8MYaNcsAScXRWhAbyskmYOhlFose9K5bTuoF6E/pD1kBFz2aVl/axmqr5oG3DrlupPwaTGV1aCwp389l5sQuns90L9hkrSHPVlIAFfkmZqFTU1vTECeUPGY0yRQ8R34BW2lk3EVzvwhwhEYmdRFB1Uhl2ZOqesK7Sohcla+ByRrs9/p9/x87Lkbk8OmTVGDsO7CIU1/jQhhdquHumQ5adLHPLIG5S1/K3OsWAcF202ETnzRU29Ipw4vqK1rf98WKZcyt2qWWB9vUwRVxrOh9cbBvxUKxT0GgAY7MuzT7ALrVY6AWjW5zDGB7y0Lr3gklJ46VdEdGkv96rA== Received: from HK2APC01FT011.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::52) by HK2APC01HT114.eop-APC01.prod.protection.outlook.com (2a01:111:e400:7ebc::252) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.24; Sun, 23 Aug 2020 10:18:54 +0000 Received: from PSXP216MB0136.KORP216.PROD.OUTLOOK.COM (10.152.248.54) by HK2APC01FT011.mail.protection.outlook.com (10.152.248.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3305.24 via Frontend Transport; Sun, 23 Aug 2020 10:18:53 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:14346FD862DF7304CD5F0E9EF3ED8FA09B8372059EDA62C341A93630953AF3F4; UpperCasedChecksum:4C707EF278F126D014F8B1D2036AF34D3184D2C77C9F05C414DE107EB581D912; SizeAsReceived:7196; Count:44 Received: from PSXP216MB0136.KORP216.PROD.OUTLOOK.COM ([fe80::11fb:8c34:261d:322d]) by PSXP216MB0136.KORP216.PROD.OUTLOOK.COM ([fe80::11fb:8c34:261d:322d%3]) with mapi id 15.20.3305.026; Sun, 23 Aug 2020 10:18:53 +0000 Date: Sun, 23 Aug 2020 18:18:49 +0800 From: luhux To: bug-guix@gnu.org Subject: icecat can escape from `guix environment --container` Message-ID: Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-ClientProxiedBy: HK2P15301CA0018.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::28) To PSXP216MB0136.KORP216.PROD.OUTLOOK.COM (2603:1096:300:14::13) X-Microsoft-Original-Message-ID: <20200823101849.GA545@tencent> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost (119.45.133.18) by HK2P15301CA0018.APCP153.PROD.OUTLOOK.COM (2603:1096:202:1::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.0 via Frontend Transport; Sun, 23 Aug 2020 10:18:52 +0000 X-Microsoft-Original-Message-ID: <20200823101849.GA545@tencent> X-TMN: [+VKfrr4Eqz7iJPtS9Yx6XRGOnOG+1HeI] X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 44 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 40213f2a-e800-44ff-3b33-08d8474def6f X-MS-TrafficTypeDiagnostic: HK2APC01HT114: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2hVH+Vm5yhTXotwPGpfcmhO8OCtzHqtW8bcQJ9Gmjgo2hFVvuo6XsgweJqAjJwepoRtqoTCl/mvZD7ZGHkaXm+G9AlXg1JQryaFfatsX95tBhKxvKet42HE/7+NBDol7CK1G+Vz0icTgabrNnc2vhDTvFfki6ar8d9hdzev1A5gVI3MxuNEhRirP6jlW7D5WYVAHozIXd6gY8ArXTIVoEw== X-MS-Exchange-AntiSpam-MessageData: jyu4ZNSvgfroPBVcWaC9h9xROMkiw1uxQhfW1AHAf/sNHr8ritPdaTO0Qp/zW+mAvgE6b9VxsNUNxPtnUdZU2kxOGyupsZr0NPUWwncg5jAF0QqPygY1XZaTDI4PFYOJYpZuQZqHfZjKvXo8dLuVUQ== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 40213f2a-e800-44ff-3b33-08d8474def6f X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2020 10:18:53.8388 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT011.eop-APC01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HK2APC01HT114 Received-SPF: pass client-ip=40.92.254.47; envelope-from=luhux@outlook.com; helo=APC01-PU1-obe.outbound.protection.outlook.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/23 06:34:08 X-ACL-Warn: Detected OS = Windows NT kernel [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -0.1 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sun, 23 Aug 2020 10:48:11 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) I am using guix environment --container to isolate some programs that are prone to leak information. guix environment --container works well in freerdp and other programs until I use guix environment --container to containerize icecat, Steps to reproduce: guix environmnt --container (...some options...) --ad-hoc icecat Select the address bar and write:'file://' and then access, icecat can still access the content outside the container. Please forgive me for some inappropriate words. My English is not very good. luhux ------------=_1598267882-31293-1--