core: start qubesdb as normal user, even when VM is started by root

On VM start, old qubesdb-daemon is terminated (if still running). In
practice it happen only at VM startart (shutdown and quickly start
again). But in that case, if the VM was started by root, such operation
would fail.
So when VM is started by root, make sure that qubesdb-daemon will be
running as normal user (the first user in group 'qubes' - there should
be only one).

Fixes QubesOS/qubes-issues#1745

core-modules/000QubesVm.py

@@ -1867,10 +1867,19 @@ class QubesVm(object):
         # force connection to a new daemon
         self._qdb_connection = None
 
-        retcode = subprocess.call ([
+        qubesdb_cmd = []
+        if os.getuid() == 0:
+            # try to always have qubesdb running as normal user, otherwise
+            # killing it at VM restart (see above) will always fail
+            qubes_group = grp.getgrnam('qubes')
+            qubesdb_cmd = ['runuser', '-u', qubes_group.gr_mem[0], '--']
+
+        qubesdb_cmd += [
             system_path["qubesdb_daemon_path"],
             str(self.xid),
-            self.name])
+            self.name]
+
+        retcode = subprocess.call (qubesdb_cmd)
         if retcode != 0:
             raise OSError("ERROR: Cannot execute qubesdb-daemon!")