qubes/vm: start VM daemons as normal user

This is migration of core2 commits: commit d0ba43f253 Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Date: Mon Jun 6 02:21:08 2016 +0200 core: start guid as normal user even when VM started by root Another attempt to avoid permissions-related problems... QubesOS/qubes-issues#1768 commit 89d002a031 Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Date: Mon Jun 6 02:19:51 2016 +0200 core: use runuser instead of sudo for switching root->user There are problems with using sudo in early system startup (systemd-logind not running yet, pam_systemd timeouts). Since we don't need full session here, runuser is good enough (even better: faster). commit 2265fd3d52 Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Date: Sat Jun 4 17:42:24 2016 +0200 core: start qubesdb as normal user, even when VM is started by root On VM start, old qubesdb-daemon is terminated (if still running). In practice it happen only at VM startart (shutdown and quickly start again). But in that case, if the VM was started by root, such operation would fail. So when VM is started by root, make sure that qubesdb-daemon will be running as normal user (the first user in group 'qubes' - there should be only one). Fixes QubesOS/qubes-issues#1745
2016-09-06 13:34:26 +02:00 · 2016-09-06 13:34:26 +02:00 · c534b68665
commit c534b68665
parent 19d9edc291
2 changed files with 31 additions and 8 deletions
--- a/qubes/ext/gui.py
+++ b/qubes/ext/gui.py
@ -183,7 +183,7 @@ class GUI(qubes.ext.Extension):
        guid_cmd += self.kde_guid_args(vm)

        try:
-            subprocess.check_call(guid_cmd)
+            vm.start_daemon(guid_cmd)
        except subprocess.CalledProcessError:
            raise qubes.exc.QubesVMError(vm,
                'Cannot start qubes-guid for domain {!r}'.format(vm.name))
@ -246,7 +246,7 @@ class GUI(qubes.ext.Extension):
        guid_cmd += self.kde_guid_args(vm)

        try:
-            subprocess.check_call(guid_cmd)
+            vm.start_daemon(guid_cmd)
        except subprocess.CalledProcessError:
            raise qubes.exc.QubesVMError(vm, 'Cannot start gui daemon')

--- a/qubes/vm/qubesvm.py
+++ b/qubes/vm/qubesvm.py
@ -39,6 +39,7 @@ import time
 import uuid
 import warnings

+import grp
 import lxml
 import libvirt  # pylint: disable=import-error

@ -926,6 +927,27 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):

        return qmemman_client

+    @staticmethod
+    def start_daemon(command, **kwargs):
+        '''Start a daemon for the VM
+
+        This function take care to run it as appropriate user.
+
+        :param command: command to run (array for
+        :py:meth:`subprocess.check_call`)
+        :param kwargs: args for :py:meth:`subprocess.check_call`
+        :return: None
+        '''
+
+        prefix_cmd = []
+        if os.getuid() == 0:
+            # try to always have VM daemons running as normal user, otherwise
+            # some files (like clipboard) may be created as root and cause
+            # permission problems
+            qubes_group = grp.getgrnam('qubes')
+            prefix_cmd = ['runuser', '-u', qubes_group.gr_mem[0], '--']
+        subprocess.check_call(prefix_cmd + command, **kwargs)
+
    def start_qrexec_daemon(self):
        '''Start qrexec daemon.

@ -946,7 +968,7 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
            qrexec_env['QREXEC_STARTUP_TIMEOUT'] = str(self.qrexec_timeout)

        try:
-            subprocess.check_call(
+            self.start_daemon(
                [qubes.config.system_path["qrexec_daemon_path"]] + qrexec_args,
                env=qrexec_env)
        except subprocess.CalledProcessError:
@ -961,11 +983,12 @@ class QubesVM(qubes.vm.mix.net.NetVMMixin, qubes.vm.BaseVM):
        self.log.info('Starting Qubes DB')

        # FIXME #1694 #1241
-        retcode = subprocess.call([
-            qubes.config.system_path["qubesdb_daemon_path"],
-            str(self.xid),
-            self.name])
-        if retcode != 0:
+        try:
+            self.start_daemon([
+                qubes.config.system_path["qubesdb_daemon_path"],
+                str(self.xid),
+                self.name])
+        except subprocess.CalledProcessError:
            raise qubes.exc.QubesException('Cannot execute qubesdb-daemon')

    def wait_for_session(self):