core: start qubesdb as normal user, even when VM is started by root

On VM start, old qubesdb-daemon is terminated (if still running). In practice it happen only at VM startart (shutdown and quickly start again). But in that case, if the VM was started by root, such operation would fail. So when VM is started by root, make sure that qubesdb-daemon will be running as normal user (the first user in group 'qubes' - there should be only one). Fixes QubesOS/qubes-issues#1745
2016-06-04 17:42:24 +02:00 · 2016-06-04 17:42:24 +02:00 · 2265fd3d52
--- a/core-modules/000QubesVm.py
+++ b/core-modules/000QubesVm.py
@ -1867,10 +1867,19 @@ class QubesVm(object):
        # force connection to a new daemon
        self._qdb_connection = None

-        retcode = subprocess.call ([
+        qubesdb_cmd = []
+        if os.getuid() == 0:
+            # try to always have qubesdb running as normal user, otherwise
+            # killing it at VM restart (see above) will always fail
+            qubes_group = grp.getgrnam('qubes')
+            qubesdb_cmd = ['runuser', '-u', qubes_group.gr_mem[0], '--']
+
+        qubesdb_cmd += [
            system_path["qubesdb_daemon_path"],
            str(self.xid),
-            self.name])
+            self.name]
+
+        retcode = subprocess.call (qubesdb_cmd)
        if retcode != 0:
            raise OSError("ERROR: Cannot execute qubesdb-daemon!")