guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#70151] [PATCH] doc: Correct the "guix shell --container" example.

From: Liliana Marie Prikler
Subject: [bug#70151] [PATCH] doc: Correct the "guix shell --container" example.
Date: Fri, 05 Apr 2024 06:07:40 +0200
User-agent: Evolution 3.48.4 
Am Dienstag, dem 02.04.2024 um 19:53 +0200 schrieb Rostislav Svoboda:
> * doc/guix.texi (Invoking @command{guix shell}): Add missing
> parameters
> --preserve='^XAUTHORITY$' --expose=$XAUTHORITY and adjust
> corresponding
> textual description
> 
> Change-Id: Ib99c81c107ff9784708ae807ec9b3ab93ad75603
> ---
>  doc/guix.texi | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/doc/guix.texi b/doc/guix.texi
> index 69a904473c..14856027ca 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -6268,12 +6268,18 @@ Invoking guix shell
>  This @option{--container} option can also prove useful if you wish
> to
>  run a security-sensitive application, such as a web browser, in an
>  isolated environment.  For example, the command below launches
> -Ungoogled-Chromium in an isolated environment, this time sharing
> network
> -access with the host and preserving its @code{DISPLAY} environment
> -variable, but without even sharing the current directory:
> +Ungoogled-Chromium in an isolated environment, which:
> +@itemize
> +@item shares network access with the host
> +@item inherits host's environment variables @code{DISPLAY} and
> @code{XAUTHORITY}
> +@item has access to host's authentication records from the
> @code{XAUTHORITY}
> +file
> +@item has no information about host's current directory
> +@end itemize
>  
>  @example
>  guix shell --container --network --no-cwd ungoogled-chromium \
> +  --preserve='^XAUTHORITY$' --expose=$XAUTHORITY \
Shell injection says "/run/user/$USER/gdm/Xauthority -- oops that
shouldn't happen".

Cheers
reply via email to
[Prev in Thread] Current Thread [Next in Thread]