bug#42996: icecat can escape from `guix environment --container`

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#42996: icecat can escape from `guix environment --container`

From:	Leo Famulari
Subject:	bug#42996: icecat can escape from `guix environment --container`
Date:	Sun, 23 Aug 2020 12:45:33 -0400

On Sun, Aug 23, 2020 at 06:18:49PM +0800, luhux wrote:
> I am using guix environment --container to isolate some programs that
> are prone to leak information. guix environment --container works well
> in freerdp and other programs until I use guix environment --container
> to containerize icecat,

More comprehensive reproduction:

$ guix environment --container --share=/tmp/.X11-unix --ad-hoc icecat
[env]$ export DISPLAY=":0.0"
[env]$ icecat

The browser has no fonts but, with careful typing, I was able to open a
text file in my home directory.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#42996: icecat can escape from `guix environment --container`, luhux, 2020/08/23
- bug#42996: icecat can escape from `guix environment --container`, Julien Lepiller, 2020/08/23
  - Message not available
    - bug#42996: icecat can escape from `guix environment --container`, Julien Lepiller, 2020/08/24
- bug#42996: icecat can escape from `guix environment --container`, Leo Famulari <=
  - bug#42996: icecat can escape from `guix environment --container`, Leo Famulari, 2020/08/23

Prev by Date: bug#42740: Segfault in libssh during ‘guix copy’
Next by Date: bug#42996: icecat can escape from `guix environment --container`
Previous by thread: bug#42996: icecat can escape from `guix environment --container`
Next by thread: bug#42996: icecat can escape from `guix environment --container`
Index(es):
- Date
- Thread