app: close payload_stream in qubesd_call

This is to prevent leaking file descriptors. QubesOS/qubes-issues#2622
2017-05-26 19:09:29 +02:00 · 2017-05-26 19:09:29 +02:00 · 0a556fad8c
commit 0a556fad8c
parent 2675d63579
2 changed files with 8 additions and 2 deletions
--- a/qubesadmin/app.py
+++ b/qubesadmin/app.py
@ -350,6 +350,8 @@ class QubesLocal(QubesBase):
        :param payload: Payload send to the method
        :param payload_stream: file-like object to read payload from
        :return: Data returned by qubesd (string)
+
+        .. warning:: *payload_stream* will get closed by this function
        '''
        if payload and payload_stream:
            raise ValueError(
@ -369,6 +371,7 @@ class QubesLocal(QubesBase):
            qrexec_call_env['QREXEC_REQUESTED_TARGET'] = dest
            proc = subprocess.Popen([method_path, arg], stdin=payload_stream,
                stdout=subprocess.PIPE, env=qrexec_call_env)
+            payload_stream.close()
            (return_data, _) = proc.communicate()
            return self._parse_qubesd_response(return_data)

@ -455,6 +458,8 @@ class QubesRemote(QubesBase):
        :param payload: Payload send to the method
        :param payload_stream: file-like object to read payload from
        :return: Data returned by qubesd (string)
+
+        .. warning:: *payload_stream* will get closed by this function
        '''
        if payload and payload_stream:
            raise ValueError(
@ -467,6 +472,8 @@ class QubesRemote(QubesBase):
            stdin=(payload_stream or subprocess.PIPE),
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE)
+        if payload_stream is not None:
+            payload_stream.close()
        (stdout, stderr) = p.communicate(payload)
        if p.returncode != 0:
            # TODO: use dedicated exception
--- a/qubesadmin/tools/qvm_template_postprocess.py
+++ b/qubesadmin/tools/qvm_template_postprocess.py
@ -96,13 +96,12 @@ def import_root_img(vm, source_dir):
        tar = subprocess.Popen(['tar', 'xSOf', '-'],
            stdin=cat.stdout,
            stdout=subprocess.PIPE)
+        cat.stdout.close()
        vm.volumes['root'].import_data(stream=tar.stdout)
        if tar.wait() != 0:
            raise qubesadmin.exc.QubesException('root.img extraction failed')
        if cat.wait() != 0:
            raise qubesadmin.exc.QubesException('root.img extraction failed')
-        cat.stdout.close()
-        tar.stdout.close()
    elif os.path.exists(root_path):
        if vm.app.qubesd_connection_type == 'socket':
            # check if root.img was already overwritten, i.e. if the source