[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#68387: guix shell --container --share=/etc overrides shadow files
|
From: |
Christina O'Donnell |
|
Subject: |
bug#68387: guix shell --container --share=/etc overrides shadow files |
|
Date: |
Thu, 11 Jan 2024 14:10:33 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 |
Hi Guix,
Running the below command as root overrides the running system's shadow
files
(/etc/shadow, /etc/passwd, and /etc/group).
WARNING: Don't run the following outside of a VM!
guix shell --container --share=/etc
This erases the current user from the passwd database, meaning `su` and
`sudo`
no longer work, and you can't log in.
Discussion
The context is that I was tracking down a libreoffice bug using guix
time-machine and ran the very clever command trying to get the display
working.
sudo guix time-machine ... -- environment -C --ad-hoc coreutils sway \
--preserve='DISPLAY' --preserve='XDG' --share=/etc -- sway
Now of course if you write random commands with sudo, you should expect
to brick
your system from time to time. And setting `--share=/etc` wasn't
particularly
smart idea. However, it would have been nice to not have that wipe my
shadow files.
For example, being warned about sharing /etc with a container.
To reproduce, run the Guix command in a basic VM image, connecting to Guix
daemon on the host.[1]
Please let me know if you have any questions!
Kind regards,
- Christina O'Donnell
https://mutix.org/
---
[1] See my blog for more details:
https://mutix.org/pages/blog/20240109-how-to-run-guix-in-vm.html
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#68387: guix shell --container --share=/etc overrides shadow files,
Christina O'Donnell <=