From 11c1cb0aa2981b3a0d45a8ae2cfb268071c9216b Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Thu, 7 Jul 2011 09:13:51 +0200
Subject: [PATCH] qrexec: temporarily disable auto executing domains upon rpc
 request

There are two problems with qvm-run -a:
1) even with -q flag, it spits to stdout (actually, "xl create" does it), and
this garbage is received by rpc client
2) even with -q flag, it steals input (actually, "qrexec ... wait for session")

These two can be manually fixed (by passing /dev/null appropriately); hovewer,
this is prone to disaster if qvm-run is enhanced/broken later.

We could do
if is_domain_running() ; then
	run qrexec client
else
	qvm-run -a domain true </dev/null >/dev/null
	run qrexec client
fi
which looks safer; but is_domain_running() is a bit expensive even in "running"
case - we need to xl_context.list_domains anyway.

Gotta decide on one of these.
---
 qrexec/qrexec_policy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qrexec/qrexec_policy b/qrexec/qrexec_policy
index f8d2ec42..900d5610 100755
--- a/qrexec/qrexec_policy
+++ b/qrexec/qrexec_policy
@@ -63,7 +63,7 @@ def do_execute(domain, target, user, exec_index, process_ident):
         cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
     else:
 #fixme: qvm-run --pass_io is broken for non-running target domain
-        cmd= "qvm-run -uroot -q -a --pass_io "+target + " -u" + user 
+        cmd= "qvm-run -uroot -q --pass_io "+target + " -u" + user 
         cmd+=" '/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain + "'"
     os.execl(QREXEC_CLIENT, "qrexec_client", "-d", domain, "-l", cmd, "-c", process_ident)