app: close payload_stream in qubesd_call
This is to prevent leaking file descriptors. QubesOS/qubes-issues#2622
This commit is contained in:
parent
2675d63579
commit
0a556fad8c
@ -350,6 +350,8 @@ class QubesLocal(QubesBase):
|
|||||||
:param payload: Payload send to the method
|
:param payload: Payload send to the method
|
||||||
:param payload_stream: file-like object to read payload from
|
:param payload_stream: file-like object to read payload from
|
||||||
:return: Data returned by qubesd (string)
|
:return: Data returned by qubesd (string)
|
||||||
|
|
||||||
|
.. warning:: *payload_stream* will get closed by this function
|
||||||
'''
|
'''
|
||||||
if payload and payload_stream:
|
if payload and payload_stream:
|
||||||
raise ValueError(
|
raise ValueError(
|
||||||
@ -369,6 +371,7 @@ class QubesLocal(QubesBase):
|
|||||||
qrexec_call_env['QREXEC_REQUESTED_TARGET'] = dest
|
qrexec_call_env['QREXEC_REQUESTED_TARGET'] = dest
|
||||||
proc = subprocess.Popen([method_path, arg], stdin=payload_stream,
|
proc = subprocess.Popen([method_path, arg], stdin=payload_stream,
|
||||||
stdout=subprocess.PIPE, env=qrexec_call_env)
|
stdout=subprocess.PIPE, env=qrexec_call_env)
|
||||||
|
payload_stream.close()
|
||||||
(return_data, _) = proc.communicate()
|
(return_data, _) = proc.communicate()
|
||||||
return self._parse_qubesd_response(return_data)
|
return self._parse_qubesd_response(return_data)
|
||||||
|
|
||||||
@ -455,6 +458,8 @@ class QubesRemote(QubesBase):
|
|||||||
:param payload: Payload send to the method
|
:param payload: Payload send to the method
|
||||||
:param payload_stream: file-like object to read payload from
|
:param payload_stream: file-like object to read payload from
|
||||||
:return: Data returned by qubesd (string)
|
:return: Data returned by qubesd (string)
|
||||||
|
|
||||||
|
.. warning:: *payload_stream* will get closed by this function
|
||||||
'''
|
'''
|
||||||
if payload and payload_stream:
|
if payload and payload_stream:
|
||||||
raise ValueError(
|
raise ValueError(
|
||||||
@ -467,6 +472,8 @@ class QubesRemote(QubesBase):
|
|||||||
stdin=(payload_stream or subprocess.PIPE),
|
stdin=(payload_stream or subprocess.PIPE),
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
stderr=subprocess.PIPE)
|
stderr=subprocess.PIPE)
|
||||||
|
if payload_stream is not None:
|
||||||
|
payload_stream.close()
|
||||||
(stdout, stderr) = p.communicate(payload)
|
(stdout, stderr) = p.communicate(payload)
|
||||||
if p.returncode != 0:
|
if p.returncode != 0:
|
||||||
# TODO: use dedicated exception
|
# TODO: use dedicated exception
|
||||||
|
@ -96,13 +96,12 @@ def import_root_img(vm, source_dir):
|
|||||||
tar = subprocess.Popen(['tar', 'xSOf', '-'],
|
tar = subprocess.Popen(['tar', 'xSOf', '-'],
|
||||||
stdin=cat.stdout,
|
stdin=cat.stdout,
|
||||||
stdout=subprocess.PIPE)
|
stdout=subprocess.PIPE)
|
||||||
|
cat.stdout.close()
|
||||||
vm.volumes['root'].import_data(stream=tar.stdout)
|
vm.volumes['root'].import_data(stream=tar.stdout)
|
||||||
if tar.wait() != 0:
|
if tar.wait() != 0:
|
||||||
raise qubesadmin.exc.QubesException('root.img extraction failed')
|
raise qubesadmin.exc.QubesException('root.img extraction failed')
|
||||||
if cat.wait() != 0:
|
if cat.wait() != 0:
|
||||||
raise qubesadmin.exc.QubesException('root.img extraction failed')
|
raise qubesadmin.exc.QubesException('root.img extraction failed')
|
||||||
cat.stdout.close()
|
|
||||||
tar.stdout.close()
|
|
||||||
elif os.path.exists(root_path):
|
elif os.path.exists(root_path):
|
||||||
if vm.app.qubesd_connection_type == 'socket':
|
if vm.app.qubesd_connection_type == 'socket':
|
||||||
# check if root.img was already overwritten, i.e. if the source
|
# check if root.img was already overwritten, i.e. if the source
|
||||||
|
Loading…
Reference in New Issue
Block a user