GNU bug report logs -
#70151
[PATCH] doc: Correct the "guix shell --container" example.
Previous Next
To reply to this bug, email your comments to 70151 AT debbugs.gnu.org.
There is no need to reopen the bug first.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#70151; Package
guix-patches.
(Tue, 02 Apr 2024 17:55:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Rostislav Svoboda <rostislav.svoboda <at> gmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 02 Apr 2024 17:55:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* doc/guix.texi (Invoking @command{guix shell}): Add missing parameters
--preserve='^XAUTHORITY$' --expose=$XAUTHORITY and adjust corresponding
textual description
Change-Id: Ib99c81c107ff9784708ae807ec9b3ab93ad75603
---
doc/guix.texi | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 69a904473c..14856027ca 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -6268,12 +6268,18 @@ Invoking guix shell
This @option{--container} option can also prove useful if you wish to
run a security-sensitive application, such as a web browser, in an
isolated environment. For example, the command below launches
-Ungoogled-Chromium in an isolated environment, this time sharing network
-access with the host and preserving its @code{DISPLAY} environment
-variable, but without even sharing the current directory:
+Ungoogled-Chromium in an isolated environment, which:
+@itemize
+@item shares network access with the host
+@item inherits host's environment variables @code{DISPLAY} and @code{XAUTHORITY}
+@item has access to host's authentication records from the @code{XAUTHORITY}
+file
+@item has no information about host's current directory
+@end itemize
@example
guix shell --container --network --no-cwd ungoogled-chromium \
+ --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
--preserve='^DISPLAY$' -- chromium
@end example
base-commit: 7af70efd7633b0d70091762cf43ce01a86176e8e
--
2.41.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#70151; Package
guix-patches.
(Fri, 05 Apr 2024 04:08:04 GMT)
Full text and
rfc822 format available.
Message #8 received at 70151 <at> debbugs.gnu.org (full text, mbox):
Am Dienstag, dem 02.04.2024 um 19:53 +0200 schrieb Rostislav Svoboda:
> * doc/guix.texi (Invoking @command{guix shell}): Add missing
> parameters
> --preserve='^XAUTHORITY$' --expose=$XAUTHORITY and adjust
> corresponding
> textual description
>
> Change-Id: Ib99c81c107ff9784708ae807ec9b3ab93ad75603
> ---
> doc/guix.texi | 12 +++++++++---
> 1 file changed, 9 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 69a904473c..14856027ca 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -6268,12 +6268,18 @@ Invoking guix shell
> This @option{--container} option can also prove useful if you wish
> to
> run a security-sensitive application, such as a web browser, in an
> isolated environment. For example, the command below launches
> -Ungoogled-Chromium in an isolated environment, this time sharing
> network
> -access with the host and preserving its @code{DISPLAY} environment
> -variable, but without even sharing the current directory:
> +Ungoogled-Chromium in an isolated environment, which:
> +@itemize
> +@item shares network access with the host
> +@item inherits host's environment variables @code{DISPLAY} and
> @code{XAUTHORITY}
> +@item has access to host's authentication records from the
> @code{XAUTHORITY}
> +file
> +@item has no information about host's current directory
> +@end itemize
>
> @example
> guix shell --container --network --no-cwd ungoogled-chromium \
> + --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
Shell injection says "/run/user/$USER/gdm/Xauthority -- oops that
shouldn't happen".
Cheers
Information forwarded
to
guix-patches <at> gnu.org:
bug#70151; Package
guix-patches.
(Fri, 05 Apr 2024 09:49:03 GMT)
Full text and
rfc822 format available.
Message #11 received at 70151 <at> debbugs.gnu.org (full text, mbox):
> Shell injection says "/run/user/$USER/gdm/Xauthority -- oops that
> shouldn't happen".
??? Shell injection? Which, what, where? What do you mean?
Without the `--preserve='^XAUTHORITY$' --expose=$XAUTHORITY` (both
needed) the Chromium doesn't start, i.e. the example doesn't work:
$ guix shell --container --network --no-cwd ungoogled-chromium
--preserve='^DISPLAY$' -- chromium
[1:12:0405/094428.353734:ERROR:bus.cc(399)] Failed to connect to the
bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No
such file or directory
Authorization required, but no authorization protocol specified
[1:1:0405/094428.361802:ERROR:ozone_platform_x11.cc(239)] Missing X
server or $DISPLAY
[1:1:0405/094428.361812:ERROR:env.cc(255)] The platform failed to
initialize. Exiting.
Cheers
Information forwarded
to
guix-patches <at> gnu.org:
bug#70151; Package
guix-patches.
(Fri, 05 Apr 2024 13:09:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 70151 <at> debbugs.gnu.org (full text, mbox):
Am Freitag, dem 05.04.2024 um 11:47 +0200 schrieb Rostislav Svoboda:
> > Shell injection says "/run/user/$USER/gdm/Xauthority -- oops that
> > shouldn't happen".
>
> ??? Shell injection? Which, what, where? What do you mean?
>
> Without the `--preserve='^XAUTHORITY$' --expose=$XAUTHORITY` (both
> needed) the Chromium doesn't start, i.e. the example doesn't work:
You need to properly quote "${XAUTHORITY}", otherwise bad things can
happen.
Cheers
Information forwarded
to
guix-patches <at> gnu.org:
bug#70151; Package
guix-patches.
(Mon, 08 Apr 2024 11:36:03 GMT)
Full text and
rfc822 format available.
Message #17 received at 70151 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
> You need to properly quote "${XAUTHORITY}"
Fixed. See attachment.
[0001-doc-Correct-the-guix-shell-container-example.patch (text/x-patch, attachment)]
Reply sent
to
Liliana Marie Prikler <liliana.prikler <at> gmail.com>:
You have taken responsibility.
(Sat, 20 Apr 2024 08:57:04 GMT)
Full text and
rfc822 format available.
Notification sent
to
Rostislav Svoboda <rostislav.svoboda <at> gmail.com>:
bug acknowledged by developer.
(Sat, 20 Apr 2024 08:57:04 GMT)
Full text and
rfc822 format available.
Message #22 received at 70151-done <at> debbugs.gnu.org (full text, mbox):
Am Montag, dem 08.04.2024 um 13:34 +0200 schrieb Rostislav Svoboda:
> > You need to properly quote "${XAUTHORITY}"
>
> Fixed. See attachment.
Fixed your markup and pushed.
Cheers
This bug report was last modified 14 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.