When stdout is redirected to some file or command two things will
happen:
- qvm-run will not automatically color the output as stdout is not a
TTY
- even when coloring is forced, it will not work, as the control
sequence (on stdout) will be redirected anyway
Fix this by handling stdout and stderr independently and output color
switching sequence to each of them.
FixesQubesOS/qubes-issues#2190
Long time ago passio=True was used to replace current process with
qrexec-client directly (qvm-run --pass-io was the called), but this
behaviour is not used anymore (qvm-run was the only user). And this
option was left untouched, with misleading name - one would assume that
using passio=False should disallow any I/O, but this isn't the case.
Especially qvm-sync-clock is calling clockvm.run('...', wait=True),
default value for passio=False. This causes to output data from
untrusted VM, without sanitising terminal sequences, which can be fatal.
This patch changes passio semantic to actually do what it means - when
set to True - VM process will be able to interact with
stdin/stdout/stderr. But when set to False, all those FDs will be
connected to /dev/null.
Conflicts:
core-modules/000QubesVm.py
