Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

core: start qubesdb as normal user, even when VM is started by root

Browse Source 
On VM start, old qubesdb-daemon is terminated (if still running). In
practice it happen only at VM startart (shutdown and quickly start
again). But in that case, if the VM was started by root, such operation
would fail.
So when VM is started by root, make sure that qubesdb-daemon will be
running as normal user (the first user in group 'qubes' - there should
be only one).

Fixes QubesOS/qubes-issues#1745
This commit is contained in:
Marek Marczykowski-Górecki 2016-06-04 17:42:24 +02:00
parent a857ac3afb
commit 2265fd3d52
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
core-modules/000QubesVm.py
View File

@ -1867,10 +1867,19 @@ class QubesVm(object):
# force connection to a new daemon
self._qdb_connection = None
retcode = subprocess.call ([
qubesdb_cmd = []
if os.getuid() == 0:
# try to always have qubesdb running as normal user, otherwise
# killing it at VM restart (see above) will always fail
qubes_group = grp.getgrnam('qubes')
qubesdb_cmd = ['runuser', '-u', qubes_group.gr_mem[0], '--']
qubesdb_cmd += [
system_path["qubesdb_daemon_path"],
str(self.xid),
self.name])
self.name]
retcode = subprocess.call (qubesdb_cmd)
if retcode != 0:
raise OSError("ERROR: Cannot execute qubesdb-daemon!")