From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id UCNJG9iOUGDqQQAA0tVLHw (envelope-from ) for ; Tue, 16 Mar 2021 10:56:24 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id 69AVF9iOUGA1SgAA1q6Kng (envelope-from ) for ; Tue, 16 Mar 2021 10:56:24 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 928EF1721E for ; Tue, 16 Mar 2021 11:56:23 +0100 (CET) Received: from localhost ([::1]:34806 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lM7N7-00082C-6i for larch@yhetil.org; Tue, 16 Mar 2021 06:56:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:49706) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lM7Mo-0007wO-U8 for bug-guix@gnu.org; Tue, 16 Mar 2021 06:56:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54977) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lM7Mo-0004h0-Ky for bug-guix@gnu.org; Tue, 16 Mar 2021 06:56:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lM7Mo-0001s6-IQ for bug-guix@gnu.org; Tue, 16 Mar 2021 06:56:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#47106: Bubblewrap hates Guix containers =?UTF-8?Q?=F0=9F=98=9E?= Resent-From: Bengt Richter Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 16 Mar 2021 10:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47106 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Prikler Received: via spool by 47106-submit@debbugs.gnu.org id=B47106.16158921027086 (code B ref 47106); Tue, 16 Mar 2021 10:56:02 +0000 Received: (at 47106) by debbugs.gnu.org; 16 Mar 2021 10:55:02 +0000 Received: from localhost ([127.0.0.1]:38290 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lM7Lq-0001q3-1c for submit@debbugs.gnu.org; Tue, 16 Mar 2021 06:55:02 -0400 Received: from imta-38.everyone.net ([216.200.145.38]:39154) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lM7Ln-0001ph-ID for 47106@debbugs.gnu.org; Tue, 16 Mar 2021 06:55:00 -0400 Received: from pps.filterd (omta003.sj2.proofpoint.com [127.0.0.1]) by imta-38.everyone.net (8.16.0.43/8.16.0.43) with SMTP id 12GAqYbI022416; Tue, 16 Mar 2021 03:54:57 -0700 X-Eon-Originating-Account: PWA8kbIySTUxJ6dzi1ZYH4BQ7FXTSavK3r6B33nlqms X-Eon-Dm: m0116787.ppops.net Received: by m0116787.mta.everyone.net (EON-AUTHRELAY2 - 5a81cfb8) id m0116787.603eb1d4.c9f2e; Tue, 16 Mar 2021 03:54:56 -0700 X-Eon-Sig: AQMHrIJgUI6AfXZsnwIAAAAD,b83093b5dea7232fc859ca7f427bda9f X-Eip: YnAcN7gtBeI2ArwYFoYcxeXAwCoAc6_gE8YjC0Jqixg Date: Tue, 16 Mar 2021 11:54:42 +0100 From: Bengt Richter Message-ID: <20210316105442.GA3903@LionPure> References: <87r1kjpbvx.fsf@gnu.org> <2922127e61435e64f95d3d398ef6932a02336188.camel@student.tugraz.at> <20210313122718.GA11708@LionPure> <20210313170704.GA3712@LionPure> <20210314174539.GA10548@LionPure> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-16_03:2021-03-16, 2021-03-16 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 clxscore=1034 impostorscore=0 malwarescore=0 suspectscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103160075 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Bengt Richter Cc: 47106@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1615892184; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=O89WVAIFx0llAeD5MigaGLph+GAi0th9EI28yx05QgY=; b=pIWVmmJ48/BRXKHHHJNJvVWNfeEk6O8m2lh77dO4FwckTEvkq3QI4ZUbaSzHp02+XaNgck kz0bKrn3oZY5PdU+Dz6dPn8TPKcfT2/cG1eP4Ud2LATMvVwJ9L9vg2Fi/9bCw293RxYPpM Q6st5OE9mnvKFPQbfgyZWla8Rabq4weq6vvfYMb2rveYOI8V7d1Pr/fTgB2THIEZBufqfm mwb42I8KYL6xa+Uvot7QY9nX3KXjeDvNocmJbOTkNj0guzrne8y+PpxI+8ha+5cDt6mtz8 M4XUUym/N3gRSaWy1yjbnPtJone/S2l9aegU80WPzhr7Hx9FgL+MIdAkd9/v6g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615892184; a=rsa-sha256; cv=none; b=t0O+HSbM2ObCjJGNUcnPuk3b7IKuVv14sZzvFeJ0lSZGBFpcMKBqsbmRku/KWtb/t47sYq /iIS592YnukJLyce/C6Wos1nwSIufB1cK8m/IclAC8YSd+qlOaeYMlXUpTV01v64X3O6nO 8dnxNBNnkfBwiUKGSPY15GoK5Hj+WXVqghIkTBAGinbqd9/EeK7paiPVJ/V3bJ4LqgTV+i ZQ30hN6qGDKa+CzXxOAJE1bF+5hJqbVH6E+t4tytPHkrnUIO9/zUWYzg2mUWvH1r1AILkn eXOU7TZxyjtLrjR8sF3/aT9bvaKU2+DFm0PToQOL7JK4b78P0pYwVvwtYynXLg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -1.90 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 928EF1721E X-Spam-Score: -1.90 X-Migadu-Scanner: scn0.migadu.com X-TUID: oapIE+W6aG8v Hi Leo, One more favor? ;) On +2021-03-14 19:05:24 +0100, Leo Prikler wrote: > Hi againĀ³ > > Am Sonntag, den 14.03.2021, 18:45 +0100 schrieb Bengt Richter: > > Hi again^2, > > > > Maybe > > pstree -at > > would show a little more? > sh > |-dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 > --sess > |-dbus-launch --autolaunch=fa7a4d52637958ddd37547bb5d8bd9d2--binary- > synt > `-screen > `-screen > |-sh > | `-.epiphany-real > | |-WebKitNetworkPr 3 21 > | | |-{BMScavenger} > | | |-{ReceiveQueue} > | | |-{StorageTask} > | | |-{Storage} > | | |-{WebStorage} > | | |-{background} > | | |-{dconf worker} > | | |-{erialBackground} > | | |-{gdbus} > | | `-{gmain} > | |-bwrap --args 37 -- > /gnu/store/hqhxgw0i8xh38h6kwmyrkywcd24q5f1z-webk > | | `-bwrap --args 37 -- > /gnu/store/hqhxgw0i8xh38h6kwmyrkywcd24q5f1z-webk > | | `-WebKitWebProces 1277 28 > | |-{.epiphany-real} > | |-{BMScavenger} > | |-{HashSaltStorage} > | |-{IconDatabase} > | |-{PressureMonitor} > | |-2*[{ReceiveQueue}] > | |-{dconf worker} > | |-{e Compile Queue} > | |-{ebsiteDataStore} > | |-{gdbus} > | |-{gmain} > | |-{re Remove Queue} > | `-{tore Read Queue} > `-sh > `-pstree -at > > Also, > > ls -lr /sys/class/drm > total 0 > -r--r--r-- 1 65534 overflow 4096 Mar 14 17:59 version > lrwxrwxrwx 1 65534 overflow 0 Mar 14 17:58 ttm -> > ../../devices/virtual/drm/ttm > lrwxrwxrwx 1 65534 overflow 0 Mar 14 17:59 renderD128 -> > ../../devices/pci0000:00/0000:00:02.0/0000:01:00.0/drm/renderD128 > lrwxrwxrwx 1 65534 overflow 0 Mar 14 17:59 card0-VGA-1 -> > ../../devices/pci0000:00/0000:00:02.0/0000:01:00.0/drm/card0/card0-VGA- > 1 > lrwxrwxrwx 1 65534 overflow 0 Mar 14 17:59 card0-HDMI-A-1 -> > ../../devices/pci0000:00/0000:00:02.0/0000:01:00.0/drm/card0/card0- > HDMI-A-1 > lrwxrwxrwx 1 65534 overflow 0 Mar 14 17:58 card0-DVI-D-1 -> > ../../devices/pci0000:00/0000:00:02.0/0000:01:00.0/drm/card0/card0-DVI- > D-1 > lrwxrwxrwx 1 65534 overflow 0 Mar 14 17:58 card0 -> > ../../devices/pci0000:00/0000:00:02.0/0000:01:00.0/drm/card0 > > if that's accessible -- I'm wondering if the version of screen > > in the container is built with libdrm and is bypassing X or ?? > I doubt it is being built differently than screen normally is. > > > Do you have a makefile or a guix something.scm defining > > what's built/packed into your container? > Nah, it's a rather ad-hoc definition grown from what should be an Eolie > container from the cookbook (also refer to #47097). > > guix environment --preserve='^DISPLAY$' --preserve=XAUTHORITY \ > --preserve=TERM \ > --expose=$XAUTHORITY \ > --expose=/etc/machine-id \ > --expose=/etc/ssl/certs/ \ > --expose=/sys/block --expose=/sys/class --expose=/sys/bus \ > --expose=/sys/dev --expose=/sys/devices \ > --ad-hoc epiphany nss-certs dbus procps coreutils psmisc screen > > Given that I expose most of /sys explicitly, you should take the above > with a grain of salt. > > > Sorry if my curiosity is making work for you, but I'd like to > > try containers down the road -- tho right now I'm taking a break > > from events IRL, so I may disappear for a while... > I'm not personally impacted by this bug or anything, it's much rather a > follow-up to my attempted fix of #47097. I think there might be some > flaw in trying to run a sandbox inside a sandbox (like bubblewrap > inside `guix container`), that doesn't actually improve security in any > meaningful way. > > Regards, > Leo > If you can run this inside your container, I think it will be interesting: lsof -U|grep -i wayland The above ought to show quickly if wayland is running. lsof -U shows the open sockets. If the above shows nothing, try lsof -U|grep -i x11 or lsof -U|grep X finally, it is interesting to see lsof -U|less but on my laptop I just got lsof -U|wc 403 3760 34643 so its a lot to look at. Hopefully less in a container ;) -- Regards, Bengt Richter