X-Loop: help-debbugs@HIDDEN
Subject: bug#68387: guix shell --container --share=/etc overrides shadow files
Resent-From: Christina O'Donnell <cdo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 11 Jan 2024 15:09:01 +0000
Resent-Message-ID: <handler.68387.B.17049857347604 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 68387
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 68387 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.17049857347604
(code B ref -1); Thu, 11 Jan 2024 15:09:01 +0000
Received: (at submit) by debbugs.gnu.org; 11 Jan 2024 15:08:54 +0000
Received: from localhost ([127.0.0.1]:33591 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rNwfs-0001ya-P1
for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 10:08:53 -0500
Received: from lists.gnu.org ([2001:470:142::17]:38272)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <cdo@HIDDEN>) id 1rNvlb-0005zx-OL
for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 09:10:47 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <cdo@HIDDEN>) id 1rNvlY-0007hB-81
for bug-guix@HIDDEN; Thu, 11 Jan 2024 09:10:40 -0500
Received: from vmi993448.contaboserver.net ([194.163.141.236] helo=mutix.org)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <cdo@HIDDEN>) id 1rNvlW-00031s-2V
for bug-guix@HIDDEN; Thu, 11 Jan 2024 09:10:40 -0500
Received: from [192.168.1.81] (host86-132-246-87.range86-132.btcentralplus.com
[86.132.246.87]) (Authenticated sender: cdo)
by mutix.org (Postfix) with ESMTPSA id 30CB1A6320E
for <bug-guix@HIDDEN>; Thu, 11 Jan 2024 15:10:34 +0100 (CET)
Message-ID: <c4025879-58b3-7524-6e8e-0749059ac086@HIDDEN>
Date: Thu, 11 Jan 2024 14:10:33 +0000
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.15.0
From: Christina O'Donnell <cdo@HIDDEN>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=194.163.141.236; envelope-from=cdo@HIDDEN;
helo=mutix.org
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Mailman-Approved-At: Thu, 11 Jan 2024 10:08:51 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
Hi Guix,
Running the below command as root overrides the running system's shadow
files
(/etc/shadow, /etc/passwd, and /etc/group).
WARNING: Don't run the following outside of a VM!
guix shell --container --share=/etc
This erases the current user from the passwd database, meaning `su` and
`sudo`
no longer work, and you can't log in.
Discussion
The context is that I was tracking down a libreoffice bug using guix
time-machine and ran the very clever command trying to get the display
working.
sudo guix time-machine ... -- environment -C --ad-hoc coreutils sway \
--preserve='DISPLAY' --preserve='XDG' --share=/etc -- sway
Now of course if you write random commands with sudo, you should expect
to brick
your system from time to time. And setting `--share=/etc` wasn't
particularly
smart idea. However, it would have been nice to not have that wipe my
shadow files.
For example, being warned about sharing /etc with a container.
To reproduce, run the Guix command in a basic VM image, connecting to Guix
daemon on the host.[1]
Please let me know if you have any questions!
Kind regards,
- Christina O'Donnell
https://mutix.org/
---
[1] See my blog for more details:
https://mutix.org/pages/blog/20240109-how-to-run-guix-in-vm.html
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Christina O'Donnell <cdo@HIDDEN> Subject: bug#68387: Acknowledgement (guix shell --container --share=/etc overrides shadow files) Message-ID: <handler.68387.B.17049857347604.ack <at> debbugs.gnu.org> References: <c4025879-58b3-7524-6e8e-0749059ac086@HIDDEN> X-Gnu-PR-Message: ack 68387 X-Gnu-PR-Package: guix Reply-To: 68387 <at> debbugs.gnu.org Date: Thu, 11 Jan 2024 15:09:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 68387 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 68387: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D68387 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.