From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44273) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eeujJ-0001fB-7T for guix-patches@gnu.org; Thu, 25 Jan 2018 22:31:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eeujH-0002xL-Ua for guix-patches@gnu.org; Thu, 25 Jan 2018 22:31:05 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:35110) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eeujH-0002xB-Qz for guix-patches@gnu.org; Thu, 25 Jan 2018 22:31:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eeujH-000246-Lm for guix-patches@gnu.org; Thu, 25 Jan 2018 22:31:03 -0500 Subject: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd. Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44112) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eeuir-0001c0-NZ for guix-patches@gnu.org; Thu, 25 Jan 2018 22:30:39 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eeuiq-0002i5-Ky for guix-patches@gnu.org; Thu, 25 Jan 2018 22:30:37 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34351) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eeuiq-0002hr-Fz for guix-patches@gnu.org; Thu, 25 Jan 2018 22:30:36 -0500 Received: from localhost ([::1]:37485 helo=mikegerwitz-pc.gerwitz.local) by fencepost.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1eeuiq-0007E8-52 for guix-patches@gnu.org; Thu, 25 Jan 2018 22:30:36 -0500 From: Mike Gerwitz In-Reply-To: Date: Thu, 25 Jan 2018 22:29:45 -0500 References: <87vag2wopo.fsf@gnu.org> Message-Id: <7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 30256@debbugs.gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix environment): Add --no-cwd. * guix/scripts/environment.scm (show-help, %options): Add --no-cwd. (launch-environment/container): Add 'map-cwd?' param; only add mapping for = cwd if #t. Only change to cwd within container if #t, otherwise home. (guix-environment): Error if --no-cwd without --container. Provide '(not no-cwd?)' to launch-environment/container as 'map-cwd?'. * tests/guix-environment.sh: Add test for no-cwd. =2D-- doc/guix.texi | 8 ++++++++ guix/scripts/environment.scm | 33 ++++++++++++++++++++++++--------- tests/guix-environment.sh | 8 ++++++++ 3 files changed, 40 insertions(+), 9 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 8218c6637..ce4545038 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -7209,6 +7209,14 @@ While this will limit the leaking of user identity t= hrough home paths and each of the user fields, this is only one useful component of a broader privacy/anonymity solution---not one in and of itself. =20 +@item --no-cwd +For containers, the default behavior is to share the current working +directory with the isolated container and immediately change to that +directory within the container. If this is undesirable, @code{--no-cwd} +will cause the current working directory to @emph{not} be automatically +shared and will change to the user's home directory within the container +instead. See also @code{--user}. + @item --expose=3D@var{source}[=3D@var{target}] For containers, expose the file system @var{source} from the host system as the read-only file system @var{target} within the container. If diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index f50018faf..6be263a64 100644 =2D-- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -165,6 +165,9 @@ COMMAND or an interactive shell in that environment.\n"= )) -u, --user=3DUSER instead of copying the name and home of the cur= rent user into an isolated container, use the name USER with home directory /home/USER")) + (display (G_ " + --no-cwd do not share current working directory with an + isolated container")) (display (G_ " --share=3DSPEC for containers, share writable host file system according to SPEC")) @@ -251,6 +254,9 @@ COMMAND or an interactive shell in that environment.\n"= )) (lambda (opt name arg result) (alist-cons 'user arg (alist-delete 'user result eq?)))) + (option '("no-cwd") #f #f + (lambda (opt name arg result) + (alist-cons 'no-cwd? #t result))) (option '("share") #t #f (lambda (opt name arg result) (alist-cons 'file-system-mapping @@ -399,7 +405,8 @@ environment variables are cleared before setting the ne= w ones." ((_ . status) status))))) =20 (define* (launch-environment/container #:key command bash user user-mappin= gs =2D profile paths link-profile? netwo= rk?) + profile paths link-profile? network? + map-cwd?) "Run COMMAND within a container that features the software in PROFILE. Environment variables are set according to PATHS, a list of native search paths. The global shell is BASH, a file name for a GNU Bash binary in the @@ -425,11 +432,13 @@ will be used for the passwd entry. LINK-PROFILE? cre= ates a symbolic link from (override-user-mappings user home (append user-mappings =2D ;; Current working directory. =2D (list (file-system-mapping =2D (source cwd) =2D (target cwd) =2D (writable? #t))) + ;; Share current working directory, unless asked not= to. + (if map-cwd? + (list (file-system-mapping + (source cwd) + (target cwd) + (writable? #t))) + '()) ;; When in Rome, do as Nix build.cc does: Automagica= lly ;; map common network configuration files. (if network? @@ -488,8 +497,10 @@ will be used for the passwd entry. LINK-PROFILE? crea= tes a symbolic link from (newline port))) =20 ;; For convenience, start in the user's current working =2D ;; directory rather than the root directory. =2D (chdir (override-user-dir user home cwd)) + ;; directory or, if unmapped, the home directory. + (chdir (if map-cwd? + (override-user-dir user home cwd) + home-dir)) =20 (primitive-exit/status ;; A container's environment is already purified, so no need = to @@ -640,6 +651,7 @@ message if any test fails." (container? (assoc-ref opts 'container?)) (link-prof? (assoc-ref opts 'link-profile?)) (network? (assoc-ref opts 'network?)) + (no-cwd? (assoc-ref opts 'no-cwd?)) (user (assoc-ref opts 'user)) (bootstrap? (assoc-ref opts 'bootstrap?)) (system (assoc-ref opts 'system)) @@ -677,6 +689,8 @@ message if any test fails." (leave (G_ "--link-prof cannot be used without --container~%"))) (when (and (not container?) user) (leave (G_ "--user cannot be used without --container~%"))) + (when (and (not container?) no-cwd?) + (leave (G_ "--no-cwd cannot be used without --container~%"))) =20 (with-store store (set-build-options-from-command-line store opts) @@ -729,7 +743,8 @@ message if any test fails." #:profile profile #:paths paths #:link-profile? link-pro= f? =2D #:network? network?))) + #:network? network? + #:map-cwd? (not no-cwd?)= ))) (else (return (exit/status diff --git a/tests/guix-environment.sh b/tests/guix-environment.sh index a1ce96579..abb019794 100644 =2D-- a/tests/guix-environment.sh +++ b/tests/guix-environment.sh @@ -84,6 +84,14 @@ HOME=3D"$tmpdir" guix environment --bootstrap --containe= r --user=3Dfoognu \ --share=3D"$tmpdir/umock" \ -- guile -c "$usertest" =20 +# if not sharing CWD, chdir home +( + cd "$tmpdir" \ + && guix environment --bootstrap --container --no-cwd --user=3Dfoo \ + --ad-hoc guile-bootstrap --pure \ + -- /bin/sh -c 'test $(pwd) =3D=3D "/home/foo" -a ! -d '"$tmpdi= r" +) + # Make sure '-r' works as expected. rm -f "$gcroot" expected=3D"`guix environment --bootstrap --ad-hoc guile-bootstrap \ =2D-=20 2.15.1 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJaaqCpAAoJEIyRe39dxRui3kwP/j/g7RtKUhxxh/6OMocxf4KR +4wO+THWCS/eG23gGsEUAQ9llz56BFGBRF0SR2Cz/ldQafUAUmND27ZXjfA/li2M rCBTLnW65NiMJi8YPMGwaVkDvGoN9GDKpsJYQDxISWLNKn7Mb9Cpdjvesop5aE1d mWYK9K3dafGdUyh+gefCo9aXM/6nHURfwHRbQUsw3i+duQkeqBnE+QSjDjhEY6EU vQk0sBVmgrcCyIBsKcCOo3LL++QggZTUa7n+3KQp9mcIb1ruPu8XMZw4gEfLAZaV Qm0pS6CZYy9dX5g8w1Qbh0jenYFeA93QdSA60vPdfx7SUZgVS08BbIV0b+Svr6yu fumyhmFWAAOyMCoYR3ZPBoydqBEQ+0U3ny1O0HIHzshkGOqLQCcbbW98xGNObZLI TCyiBnCMPDPtzyMJ/X8Xet7jrQIF9tfXnXzOCha+uAK2vd8VLl+DIggtb3bImQ/i XE693bTzu+5KVIVeC1Rapup06Vg3GsvdZNFz4QLHy/TTvMrJCF2YKtYDiCZCOMck LV9qA8ZSh4okc11FQqmaGWJ7VA4Pj97wlMm2y16o6gYXt86SSQf9ET69MadawlXP otqpje3AnLpUv4o3Ubvh0RVRiEbW1LRO9swY0fWCbfyq18EtXUE6ARrmANxlZNG0 nKQwafK4qe7JoxCEn5lc =UKN6 -----END PGP SIGNATURE----- --=-=-=--