GNU bug report logs - #42996
icecat can escape from `guix environment --container`

Previous Next

Package: guix;

Reported by: luhux <luhux <at> outlook.com>

Date: Sun, 23 Aug 2020 14:49:01 UTC

Severity: normal

Done: Julien Lepiller <julien <at> lepiller.eu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Julien Lepiller <julien <at> lepiller.eu>
To: luhux <luhux <at> outlook.com>,42996 <at> debbugs.gnu.org
Subject: bug#42996: icecat can escape from `guix environment --container`
Date: Sun, 23 Aug 2020 11:38:47 -0400

[Message part 1 (text/plain, inline)]
One possibility is that you're seeing the virtual root filesystem, that thwuld only have a few direccories and the structure up to the directory you created your container in. Are you sure you can access files outside of the directory you started icecat in?

Another possiblity is that you had a running icecat outside of the container. In that case, calling icecat from tge container only opens a new window in the un-containerized icecat. Could it be what's happening?

Le 23 août 2020 06:18:49 GMT-04:00, luhux <luhux <at> outlook.com> a écrit :
>I am using guix environment --container to isolate some programs that
>are prone to leak information. guix environment --container works well
>in freerdp and other programs until I use guix environment --container
>to containerize icecat,
>
>Steps to reproduce:
>
>guix environmnt --container (...some options...) --ad-hoc icecat
>
>Select the address bar and write:'file://' and then access, icecat can
>still access the content outside the container.
>
>Please forgive me for some inappropriate words. My English is not very
>good.
>
>luhux

[Message part 2 (text/html, inline)]
This bug report was last modified 4 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.