From 89d002a031b2b253b0bafc83d15369ecbc3efc08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Mon, 6 Jun 2016 02:19:51 +0200 Subject: [PATCH] core: use runuser instead of sudo for switching root->user There are problems with using sudo in early system startup (systemd-logind not running yet, pam_systemd timeouts). Since we don't need full session here, runuser is good enough (even better: faster). --- core-modules/000QubesVm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index 77685dbf..535304b1 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -1830,7 +1830,7 @@ class QubesVm(object): # many qrexec services would need to deal with root/user # permission problems qubes_group = grp.getgrnam('qubes') - qrexec = ['sudo', '-u', qubes_group.gr_mem[0]] + qrexec = ['runuser', '-u', qubes_group.gr_mem[0], '--'] qrexec += ['env', 'QREXEC_STARTUP_TIMEOUT=' + str(self.qrexec_timeout), system_path["qrexec_daemon_path"]]