b6c4f8456f
Ask qubesd for admin.vm.Console call. This allows to intercept it with admin-permission event. While at it, extract tty path extraction to python, where libvirt domain object is already available. Fixes QubesOS/qubes-issues#5030
24 lines
714 B
Bash
Executable File
24 lines
714 B
Bash
Executable File
#!/bin/bash
|
|
|
|
lock="/var/run/qubes/$QREXEC_REQUESTED_TARGET.terminal.lock"
|
|
|
|
# use temporary file, because env variables deal poorly with \0 inside
|
|
tmpfile=$(mktemp)
|
|
trap "rm -f $tmpfile" EXIT
|
|
qubesd-query -e \
|
|
"$QREXEC_REMOTE_DOMAIN" \
|
|
"admin.vm.Console" \
|
|
"$QREXEC_REQUESTED_TARGET" \
|
|
"$1" >$tmpfile
|
|
|
|
# exit if qubesd returned an error (not '0\0')
|
|
if [ "$(head -c 2 $tmpfile | xxd -p)" != "3000" ]; then
|
|
cat "$tmpfile"
|
|
exit 1
|
|
fi
|
|
path=$(tail -c +3 "$tmpfile")
|
|
|
|
# Create an exclusive lock to ensure that multiple qubes cannot access to the same socket
|
|
# In the case of multiple qrexec calls it returns a specific exit code
|
|
sudo flock -n -E 200 -x "$lock" socat - OPEN:"$path"
|