From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id sMcBItqNQl+rCAAA0tVLHw (envelope-from ) for ; Sun, 23 Aug 2020 15:40:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id aPL/HdqNQl85SgAAB5/wlQ (envelope-from ) for ; Sun, 23 Aug 2020 15:40:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1992B940145 for ; Sun, 23 Aug 2020 15:40:10 +0000 (UTC) Received: from localhost ([::1]:33200 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k9s6K-0002XU-US for larch@yhetil.org; Sun, 23 Aug 2020 11:40:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:57600) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9s6E-0002XK-75 for bug-guix@gnu.org; Sun, 23 Aug 2020 11:40:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43380) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k9s6D-0004H4-SJ for bug-guix@gnu.org; Sun, 23 Aug 2020 11:40:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1k9s6D-0005jA-Om for bug-guix@gnu.org; Sun, 23 Aug 2020 11:40:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#42996: icecat can escape from `guix environment --container` Resent-From: Julien Lepiller Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 23 Aug 2020 15:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42996 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: luhux ,42996@debbugs.gnu.org Received: via spool by 42996-submit@debbugs.gnu.org id=B42996.159819714621940 (code B ref 42996); Sun, 23 Aug 2020 15:40:01 +0000 Received: (at 42996) by debbugs.gnu.org; 23 Aug 2020 15:39:06 +0000 Received: from localhost ([127.0.0.1]:54926 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9s5K-0005ho-E7 for submit@debbugs.gnu.org; Sun, 23 Aug 2020 11:39:06 -0400 Received: from lepiller.eu ([89.234.186.109]:43084) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9s5I-0005hf-Ac for 42996@debbugs.gnu.org; Sun, 23 Aug 2020 11:39:05 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 7d85273d; Sun, 23 Aug 2020 15:39:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=EhjqV0YsPhlPpecUREZlWkk+qsKqHvwPxYLEs8FBh1M=; b=hq8OWNd687Rx F7gIJQ6JJi0lHBfHsCUgLO5KT1+lQX2+MHIPLBzfbIfr0zSg/Wp0vysmS/mARhe0 52/xAlfYe9q98bNfa8MB6yUivMboTZVUcRvj9sBUEAuOZiajL+UDOPYNuVj5H1te fCauxqH8RIDjDFIDgrTsndIktAatmAr8NSvYw6mBhtjFP6w70L2wmdCQUKObzQGK YSktAtwI1X1jb4gUYQpkOqwOgZYMz5U4GX03QlVdssqoSmM3OH5llRm8qJjbmeKf jKIOnFRsOqjTNDLZvY6dND5Ftm+X0LL3JbQZ5ozISMHMsDO+kAR8jm5bLEH+V4aa 01MoytKjmA== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id cd625499 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sun, 23 Aug 2020 15:39:01 +0000 (UTC) Date: Sun, 23 Aug 2020 11:38:47 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----GBW2TVI2GV43P01MQ2PCJOWICBSTVM" Content-Transfer-Encoding: 7bit From: Julien Lepiller Message-ID: <0A2DC743-BCC0-4585-8249-938A8632ACC1@lepiller.eu> X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=lepiller.eu header.s=dkim header.b=hq8OWNd6; dmarc=fail reason="SPF not aligned (relaxed)" header.from=lepiller.eu (policy=none); spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: jIZ5IWRUD5wr ------GBW2TVI2GV43P01MQ2PCJOWICBSTVM Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable One possibility is that you're seeing the virtual root filesystem, that thw= uld only have a few direccories and the structure up to the directory you c= reated your container in=2E Are you sure you can access files outside of th= e directory you started icecat in? Another possiblity is that you had a running icecat outside of the contain= er=2E In that case, calling icecat from tge container only opens a new wind= ow in the un-containerized icecat=2E Could it be what's happening? Le 23 ao=C3=BBt 2020 06:18:49 GMT-04:00, luhux a =C3= =A9crit : >I am using guix environment --container to isolate some programs that >are prone to leak information=2E guix environment --container works well >in freerdp and other programs until I use guix environment --container >to containerize icecat, > >Steps to reproduce: > >guix environmnt --container (=2E=2E=2Esome options=2E=2E=2E) --ad-hoc ice= cat > >Select the address bar and write:'file://' and then access, icecat can >still access the content outside the container=2E > >Please forgive me for some inappropriate words=2E My English is not very >good=2E > >luhux ------GBW2TVI2GV43P01MQ2PCJOWICBSTVM Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable One possibility is that you're seeing the virtual = root filesystem, that thwuld only have a few direccories and the structure = up to the directory you created your container in=2E Are you sure you can a= ccess files outside of the directory you started icecat in?

Another = possiblity is that you had a running icecat outside of the container=2E In = that case, calling icecat from tge container only opens a new window in the= un-containerized icecat=2E Could it be what's happening?

Le 23 ao=C3=BBt 2020 06:18:49 GMT-04:00, luhux <luhux@o= utlook=2Ecom> a =C3=A9crit :
I am using guix environment --container to isolate s=
ome programs that are prone to leak information=2E guix environment --conta=
iner works well in freerdp and other programs until I use guix environment =
--container to containerize icecat,

Steps to reproduce:

guix =
environmnt --container (=2E=2E=2Esome options=2E=2E=2E) --ad-hoc icecat
=

Select the address bar and write:'file://' and then access, icecat can =
still access the content outside the container=2E

Please forgive me =
for some inappropriate words=2E My English is not very good=2E

luhux=



------GBW2TVI2GV43P01MQ2PCJOWICBSTVM--