core: start qrexec-daemon as normal user, even when VM is started by root

qrexec-daemon will start new processes for called services, which
include starting new DispVM, starting other required VMs (like backend
GPG VM). Having those processes as root leads to many permissions
problems, like the one linked below. So when VM is started by root, make
sure that qrexec-daemon will be running as normal user (the first user
in group 'qubes' - there should be only one).

QubesOS/qubes-issues#1768
This commit is contained in:
Marek Marczykowski-Górecki 2016-05-26 01:34:53 +02:00
parent 7c0f5a4be6
commit 3afc7b7d50
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724

View File

@ -26,6 +26,7 @@ import datetime
import base64 import base64
import hashlib import hashlib
import logging import logging
import grp
import lxml.etree import lxml.etree
import os import os
import os.path import os.path
@ -37,6 +38,7 @@ import time
import uuid import uuid
import xml.parsers.expat import xml.parsers.expat
import signal import signal
import pwd
from qubes import qmemman from qubes import qmemman
from qubes import qmemman_algo from qubes import qmemman_algo
import libvirt import libvirt
@ -1818,13 +1820,21 @@ class QubesVm(object):
self.log.debug('start_qrexec_daemon()') self.log.debug('start_qrexec_daemon()')
if verbose: if verbose:
print >> sys.stderr, "--> Starting the qrexec daemon..." print >> sys.stderr, "--> Starting the qrexec daemon..."
qrexec = []
if os.getuid() == 0:
# try to always have qrexec running as normal user, otherwise
# many qrexec services would need to deal with root/user
# permission problems
qubes_group = grp.getgrnam('qubes')
qrexec = ['sudo', '-u', qubes_group.gr_mem[0]]
qrexec += ['env', 'QREXEC_STARTUP_TIMEOUT=' + str(self.qrexec_timeout),
system_path["qrexec_daemon_path"]]
qrexec_args = [str(self.xid), self.name, self.default_user] qrexec_args = [str(self.xid), self.name, self.default_user]
if not verbose: if not verbose:
qrexec_args.insert(0, "-q") qrexec_args.insert(0, "-q")
qrexec_env = os.environ retcode = subprocess.call(qrexec + qrexec_args)
qrexec_env['QREXEC_STARTUP_TIMEOUT'] = str(self.qrexec_timeout)
retcode = subprocess.call ([system_path["qrexec_daemon_path"]] +
qrexec_args, env=qrexec_env)
if (retcode != 0) : if (retcode != 0) :
raise OSError ("Cannot execute qrexec-daemon!") raise OSError ("Cannot execute qrexec-daemon!")