GNU bug report logs -
#70151
[PATCH] doc: Correct the "guix shell --container" example.
Previous Next
Full log
Message #8 received at 70151 <at> debbugs.gnu.org (full text, mbox):
Am Dienstag, dem 02.04.2024 um 19:53 +0200 schrieb Rostislav Svoboda:
> * doc/guix.texi (Invoking @command{guix shell}): Add missing
> parameters
> --preserve='^XAUTHORITY$' --expose=$XAUTHORITY and adjust
> corresponding
> textual description
>
> Change-Id: Ib99c81c107ff9784708ae807ec9b3ab93ad75603
> ---
> doc/guix.texi | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 69a904473c..14856027ca 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -6268,12 +6268,18 @@ Invoking guix shell
> This @option{--container} option can also prove useful if you wish
> to
> run a security-sensitive application, such as a web browser, in an
> isolated environment. For example, the command below launches
> -Ungoogled-Chromium in an isolated environment, this time sharing
> network
> -access with the host and preserving its @code{DISPLAY} environment
> -variable, but without even sharing the current directory:
> +Ungoogled-Chromium in an isolated environment, which:
> +@itemize
> +@item shares network access with the host
> +@item inherits host's environment variables @code{DISPLAY} and
> @code{XAUTHORITY}
> +@item has access to host's authentication records from the
> @code{XAUTHORITY}
> +file
> +@item has no information about host's current directory
> +@end itemize
>
> @example
> guix shell --container --network --no-cwd ungoogled-chromium \
> + --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
Shell injection says "/run/user/$USER/gdm/Xauthority -- oops that
shouldn't happen".
Cheers
This bug report was last modified 1 year and 33 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.