GNU bug report logs - #42996
icecat can escape from `guix environment --container`

Previous Next

Package: guix;

Reported by: luhux <luhux <at> outlook.com>

Date: Sun, 23 Aug 2020 14:49:01 UTC

Severity: normal

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 42996 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: luhux <luhux <at> outlook.com>
Cc: 42996 <at> debbugs.gnu.org
Subject: Re: bug#42996: icecat can escape from `guix environment --container`
Date: Sun, 23 Aug 2020 12:55:05 -0400

[Message part 1 (text/plain, inline)]
I believe that this is expected given the specification of `guix
environment`, which is its chapter in the manual. [0]

It says, "For containers, the default behavior is to share the current
working directory with the isolated container and immediately change to
that directory within the container. If this is undesirable, --no-cwd
will cause the current working directory to not be automatically shared
and will change to the user’s home directory within the container
instead."

For this command, the word "share" means that the shared directories
will be read-write.

Did you use the --no-cwd option? If not, were you able to access any
files outside of the current working directory of the `guix environment
...` command invocation?

[0] https://guix.gnu.org/manual/en/html_node/Invoking-guix-environment.html#Invoking-guix-environment

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.