GNU bug report logs - #42996
icecat can escape from `guix environment --container`

Previous Next

Package: guix;

Reported by: luhux <luhux <at> outlook.com>

Date: Sun, 23 Aug 2020 14:49:01 UTC

Severity: normal

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: luhux <luhux <at> outlook.com>
Cc: 42996 <at> debbugs.gnu.org
Subject: bug#42996: icecat can escape from `guix environment --container`
Date: Sun, 23 Aug 2020 12:45:33 -0400

[Message part 1 (text/plain, inline)]

On Sun, Aug 23, 2020 at 06:18:49PM +0800, luhux wrote:
> I am using guix environment --container to isolate some programs that
> are prone to leak information. guix environment --container works well
> in freerdp and other programs until I use guix environment --container
> to containerize icecat,

More comprehensive reproduction:

$ guix environment --container --share=/tmp/.X11-unix --ad-hoc icecat
[env]$ export DISPLAY=":0.0"
[env]$ icecat

The browser has no fonts but, with careful typing, I was able to open a
text file in my home directory.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 4 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #42996 icecat can escape from `guix environment --container`

GNU bug report logs - #42996
icecat can escape from `guix environment --container`