From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id WLi4GHdzDmByZgAA0tVLHw (envelope-from ) for ; Mon, 25 Jan 2021 07:29:59 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id aIp2FHdzDmD9IQAAbx9fmQ (envelope-from ) for ; Mon, 25 Jan 2021 07:29:59 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 22B709403C5 for ; Mon, 25 Jan 2021 07:29:59 +0000 (UTC) Received: from localhost ([::1]:48050 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l3wJx-0005bt-Vf for larch@yhetil.org; Mon, 25 Jan 2021 02:29:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:46908) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l3wJo-0005bJ-6b for guix-devel@gnu.org; Mon, 25 Jan 2021 02:29:48 -0500 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21164) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l3wJm-0008BS-5R for guix-devel@gnu.org; Mon, 25 Jan 2021 02:29:47 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1611559779; cv=none; d=zohomail.com; s=zohoarc; b=HmJSkA38WhYLCRl/FDk7uQ0tX06Xs9Dy5PkdAzEK0Gqc7u6uNp1qimWJJgTAP24E7mTWEekzSbLp63xr1qg6c6tU6ekNvRGgbLvGQnoSaDxQRCedru/KRogtpq13ErTBbPuaQnEiVrMWTwq5f9MH0PZN38hi8UDwnlzx4fJLgy8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1611559779; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=En8uLIq0bdmXZv9M7UMCu7EqoWlJQODhV1QWY1bJnvM=; b=WxZYFSDgqpG/f2aSp/+zoI8v9XVFmF11IQWFpYd/fyvSD1cgST7UQzupmOm3QkGY5r+JoGwcK7q6bLuA4rjCkh/Zb32ZEQMbywgEYVSuEixVDwjX8M7Euxz/HQJr5EXodTkIyduEIQ2/wgguNbCGWEozCpNvgaiLISB/UmraqSk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1611559779; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=En8uLIq0bdmXZv9M7UMCu7EqoWlJQODhV1QWY1bJnvM=; b=UYdy/h6m3JW395MLRWJANlNjTfRUQVB7Cc1cnpVdNnvwKl4oLp9+Nj7c8+2m0wsE yNYZ9uDq19rYEgKsuhiE/dNWQcrW9GYs63rVLH62H+0bmMjBdLV9HVURhYto082HZF9 nHxgwTCh1djCTSlZL4oooJ6wR8ADvhP2lcmTsPRI= Received: from localhost (p54ad4ec7.dip0.t-ipconnect.de [84.173.78.199]) by mx.zohomail.com with SMTPS id 1611559776474411.4662827512308; Sun, 24 Jan 2021 23:29:36 -0800 (PST) References: <20210124220544.kmsf3atiouj6zci7@thebird.nl> <9aa892b1c2ec59b15417a5871f1b83d481ab3419@hey.com> User-agent: mu4e 1.4.13; emacs 27.1 From: Ricardo Wurmus To: Ryan Prior Subject: Re: Login to a guix container In-reply-to: <9aa892b1c2ec59b15417a5871f1b83d481ab3419@hey.com> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Mon, 25 Jan 2021 08:29:32 +0100 Message-ID: <87pn1tjwyr.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External Received-SPF: pass client-ip=136.143.188.51; envelope-from=rekado@elephly.net; helo=sender4-of-o51.zoho.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: 0.65 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=elephly.net header.s=zoho header.b="UYdy/h6m"; arc=reject ("signature check failed: fail, {[1] = sig:zohomail.com:reject}"); dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 22B709403C5 X-Spam-Score: 0.65 X-Migadu-Scanner: scn1.migadu.com X-TUID: Oqungzz7d2Pj Ryan Prior writes: > On January 24, 2021, Pjotr Prins wrote: >> I was just thinking that it should be possible to login with ssh into >> a GNU Guix shell running in a container that gets fired up by the >> sshd. I am thinking about a safe shell for fetching files. If this >> works no chroot setup is required. >> >> Or is this a really dumb idea :) > > I haven't seen any serious audit investigating security properties of > Guix containers. I do not think it's dumb to try this as an experiment, > but I do think it would be malpractice to trust user data with this > system before appropriately thorough evaluation. In your requirements for an audit, how does a =E2=80=9CGuix container=E2=80= =9D differ from a =E2=80=9CLinux container=E2=80=9D? Guix uses the kernel features li= ke cloning namespaces and unsharing the filesystem directly. It merely mounts individual store locations into the filesystem namespace. =E2=80=9CMalpractice=E2=80=9D is a very big word for using user namespaces = instead of chroot without a =E2=80=9Cserious audit=E2=80=9D. --=20 Ricardo