From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 0JCkDlOdQl8IPwAA0tVLHw (envelope-from ) for ; Sun, 23 Aug 2020 16:46:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id 0C9kClOdQl/FNwAAbx9fmQ (envelope-from ) for ; Sun, 23 Aug 2020 16:46:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7C9129403A8 for ; Sun, 23 Aug 2020 16:46:10 +0000 (UTC) Received: from localhost ([::1]:35206 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1k9t8D-0004Mr-FI for larch@yhetil.org; Sun, 23 Aug 2020 12:46:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39926) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k9t86-0004Mj-4r for bug-guix@gnu.org; Sun, 23 Aug 2020 12:46:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43472) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1k9t85-0004fq-SN for bug-guix@gnu.org; Sun, 23 Aug 2020 12:46:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1k9t85-0007Rg-RS for bug-guix@gnu.org; Sun, 23 Aug 2020 12:46:01 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#42996: icecat can escape from `guix environment --container` Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 23 Aug 2020 16:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42996 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: luhux Received: via spool by 42996-submit@debbugs.gnu.org id=B42996.159820114828584 (code B ref 42996); Sun, 23 Aug 2020 16:46:01 +0000 Received: (at 42996) by debbugs.gnu.org; 23 Aug 2020 16:45:48 +0000 Received: from localhost ([127.0.0.1]:55018 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9t7s-0007Qy-2q for submit@debbugs.gnu.org; Sun, 23 Aug 2020 12:45:48 -0400 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:49849) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k9t7q-0007Qc-Pf for 42996@debbugs.gnu.org; Sun, 23 Aug 2020 12:45:47 -0400 Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id A55DF6BB; Sun, 23 Aug 2020 12:45:40 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Sun, 23 Aug 2020 12:45:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=qIOTMSfy9rIdUb5rdSwm/M7p 6Fbeuh3KcoAJ3tj/2gI=; b=zd7kPIW0uk4j9H8sJ0+Vv7NsonjvWYT4ULbfFApb iK6rl7QcrmbSNLbwQT7CyyKBIfq9NUyDTGngam+6s0Af4aulUt0Ob+BjeOoS2EHy CVHI4gdJmfRE785uEvjtTVHyCw+sqq1FYMZMynVlKHAvi9DfarcLLWoPVgXoCVnD wxo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=qIOTMS fy9rIdUb5rdSwm/M7p6Fbeuh3KcoAJ3tj/2gI=; b=grfAc6e/T7ozcOpVoQ6qk8 wtAYaSdNE41s0B2MgARf6IXUQrr8N8sW7dnYQN0+kCDrylMhDxxyXNR2f1gRVVXa cFliX/L2ASP6jLCZ92uOof8RARYpRFSkgmoJPa+3tRE8b7hOc7E6kRF6jw0MKuz1 ox0RYNOQA8VNQ/gIvaw3Mvnq+i9u066zTQe0tpxffjKrWiVpxKYH13KbxLj0DNHn 5mebMVjvRdnK3hgxgynkIHeNpQs51GjVugGs0DQWvCn4XBVlbLKhD6/R1/99/NLD 7HBtAdH+wYmMSlGUqo18zgwLZmZ8zljNCGX2xNkXelhpsls/hEWch/RJJJXsjt+A == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedrudduiedguddtiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepfffhvffukfhfgggtuggjsehgtd erredttddvnecuhfhrohhmpefnvghoucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhl rghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpedukeevgeetkeeltefgiedtjefgje ekffduteehvdfhueekudelieekjeefheffteenucfkphepjeefrddugedurdduvdejrddu geeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheplh gvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: from localhost (c-73-141-127-146.hsd1.pa.comcast.net [73.141.127.146]) by mail.messagingengine.com (Postfix) with ESMTPA id 211383280059; Sun, 23 Aug 2020 12:45:40 -0400 (EDT) Date: Sun, 23 Aug 2020 12:45:33 -0400 From: Leo Famulari Message-ID: <20200823164533.GA1897@jasmine.lan> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="W/nzBZO5zC0uMSeA" Content-Disposition: inline In-Reply-To: X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 42996@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=fail (rsa verify failed) header.d=famulari.name header.s=mesmtp header.b=zd7kPIW0; dkim=fail (rsa verify failed) header.d=messagingengine.com header.s=fm3 header.b=grfAc6e/; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: -2.11 X-TUID: 4erkRV9JPGB5 --W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Aug 23, 2020 at 06:18:49PM +0800, luhux wrote: > I am using guix environment --container to isolate some programs that > are prone to leak information. guix environment --container works well > in freerdp and other programs until I use guix environment --container > to containerize icecat, More comprehensive reproduction: $ guix environment --container --share=/tmp/.X11-unix --ad-hoc icecat [env]$ export DISPLAY=":0.0" [env]$ icecat The browser has no fonts but, with careful typing, I was able to open a text file in my home directory. --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl9CnSkACgkQJkb6MLrK fwib9Q/+ICT9PtICRSRQr2mNDIvRtLWyIgZqyJZCwKTjzTzrssXCpxIG59vxXTML hIwremO7VV/V+s2IXesWtnxbncdgD29lXu5JM1Vv8FODapz/uGrFjp1j8ok/g/gr dgRHNeB6obwplj5+LzaYw6jaO6qiCMmehv/7x9Qf0CBnaYkYVm2USCTL3HWdcJNZ PkzURk1yLfIb1bbBelXrNjd6lY7sTMsyBUcm/B/2XffNcpMa/M47+Si9ZFxzKS/9 Mt5SVMNifHnSqZr8+fVR5yyCB4/iL9jIhsCDNzThf+zCzosxNoepiMUCvelmtzTA DDTcsnr64Wt7fBXgiaeISQt2xrD6s9Py1NX/aDb8Fb5jE3XcOux2pkuKDedqfmY4 RqPKdh2raayg1wTUycfhqaxfS3TUIzkn4u6S59+XOPSIQErn+Y6YQicQeDO/uAnD TD263gruQstJJ0MjZ1RTlaVyGiu+k05Rgr7+zOSIERMTka1gdfzeZJkqYjCZ7G87 qsl2auJSUP47tKv/OEn6aWLbH1yu0634Qg6C02J0G4zG5N6dq384I8gNujgBwMxs oT1uTGhuJNtb+RJWPVhKxzZftnmzZGeblpOW606OLciR85CWw5pbQd2xsm/7Cr5c uRXZdZGbMZGI2vbfVc0/YTIHff3nVv+76cBAJ+HVFMEjC0R9hdI= =VA7w -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--