GNU bug report logs - #42996
icecat can escape from `guix environment --container`

Previous Next

Package: guix;

Reported by: luhux <luhux <at> outlook.com>

Date: Sun, 23 Aug 2020 14:49:01 UTC

Severity: normal

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: luhux <luhux <at> outlook.com>
Subject: bug#42996: closed (Re: bug#42996: icecat can escape from `guix
 environment --container`)
Date: Mon, 24 Aug 2020 11:18:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#42996: icecat can escape from `guix environment --container`

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 42996 <at> debbugs.gnu.org.

-- 
42996: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=42996
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Julien Lepiller <julien <at> lepiller.eu>
To: luhux <luhux <at> outlook.com>,42996-close <at> debbugs.gnu.org
Subject: Re: bug#42996: icecat can escape from `guix environment --container`
Date: Mon, 24 Aug 2020 07:17:02 -0400

[Message part 3 (text/plain, inline)]
Then, closing. Thank you :)

Le 23 août 2020 21:15:55 GMT-04:00, luhux <luhux <at> outlook.com> a écrit :
>On Sun, Aug 23, 2020 at 11:38:47AM -0400, Julien Lepiller wrote:
>> One possibility is that you're seeing the virtual root filesystem,
>that thwuld only have a few direccories and the structure up to the
>directory you created your container in. Are you sure you can access
>files outside of the directory you started icecat in?
>> 
>> Another possiblity is that you had a running icecat outside of the
>container. In that case, calling icecat from tge container only opens a
>new window in the un-containerized icecat. Could it be what's
>happening?
>> 
>
>It is my fault.
>
>The icecat in the container is connected to the icecat outside the
>container, and then a new window is opened using the icecat outside the
>container
>
>Close the icecat outside the container, and then open the icecat inside
>the container, everything is correct.
>
>The problem is solved, thank you very much.
>
>luhux

[Message part 4 (text/html, inline)]
[Message part 5 (message/rfc822, inline)]
From: luhux <luhux <at> outlook.com>
To: bug-guix <at> gnu.org
Subject: icecat can escape from `guix environment --container`
Date: Sun, 23 Aug 2020 18:18:49 +0800

I am using guix environment --container to isolate some programs that are prone to leak information. guix environment --container works well in freerdp and other programs until I use guix environment --container to containerize icecat,

Steps to reproduce:

guix environmnt --container (...some options...) --ad-hoc icecat

Select the address bar and write:'file://' and then access, icecat can still access the content outside the container.

Please forgive me for some inappropriate words. My English is not very good.

luhux
This bug report was last modified 4 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.