This will probably break some user configuration. Do that only when
installing for the first time (during template build), during upgrade
set only those installed by this package instead of all.
systemctl is-enabled always reports "disabled" for them (actually not a
real "disabled", but and error, but exit code is the same). So simply
always disable the unit, it is no-op for already disabled ones.
BTW systemctl preset also do not work for them.
Simply forget about that connection, instead of waiting for further
messages. If that connection is no longer available, select would return
EBADF, which would cause qrexec-agent termination.
/usr/local resides in private.img, so it is possible to define per-appvm RPC
Also, with the upcoming 3.0 release support for old (R1) paths is
removed.
In case of remote process exit even when some messages are still
waiting, vchan connection can be already closed. If we try to send some
data in this case (for example stdout of local process), there will be
an error, which will terminate qrexec-client-vm/qrexec-agent child. So
first check vchan data (where could be MSG_EXIT_CODE queued) , then
local process.
There is still some race condition in this code - remote process could
exit just after we check vchan, but before we send some data. But this
is much less probable and in the worst case we only loose remote process
exit code.
Child process can request to use single socket for both stdin and
stdout by sending SIGUSR1 signal. If it does so twice or more, previous
code broke the connection by closing the socket.
This doesn't cover all the cases, because local process could want to
receive that value (currently it cant), but I can't think of any simple,
*compatible* way to pass it there.
This way qrexec-client-vm will have much more information, at least:
- will know whether the service call was accepted or refused
- potentially will know remote process exit code
This commit implements the first point - the local process will not be
started if service call was refused.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJU8N9vAAoJEBu5sftaTG2twC4P/A+AhTkx6VL7GtzuPKTlGSrL
nwdDgazTKm7ZuZrRdr5H5vuSH9FQhcjcEg3yC3DR4AMebd4KHVggL15CpUwp/LpI
BuVIIi5Apn0e3QkXU2VpU+EzlY0fcIxVUqhskfTGzgnq9qd+uKOM5O2i9Z/263Ld
UV4RGaWXt9hKIO4AbGafRuadQYJVC5/DdTKKA/H61vng6EiXwi3jMlZJyS5Lfgdr
NWedy9l5scUBElzKyplz/htPmghi3LQx7uJSEvHJYgGCrbksRDRD73TUmG6OV6mB
CT8ApZ3rOiekhuYdT7d0E8MOdID/LBCipabLpXEHfmtwYTtM3YZzxrnBXM7CcS0s
j7OKQyMeWMHvmEVvZzBpFuq/bjxL6ltBPoJ0uYTjIaK2RkiJajEUqjtt9d0mBMDq
qN2wPvDqpWCfDps10Iu/zLIBejo71bTTve9M9G0Z13M8g/6MjUDmSESar0tEhnEG
zlEwwTCk4Tqu2zdGpJSpKjAY7rmsI4IpdREvXbuXXwvMKlVIG6eR91muyz4gAxx3
KsPKPQKKGDNO9ZuJAqYt6+Ec2xp+BhlnhN0vvgciPvpK48YRkyFUaRM52Q0hVaUA
kZPc9JjPbyDX44S9EA+HBNzMKSaPSqyPDv8cH0ws83MoOLdi+xItK4e5rLyKQVd+
Kw502V+yos6e/72lhAnm
=f3yD
-----END PGP SIGNATURE-----
Merge tag 'jm_da2b0cde'
Tag for commit da2b0cde16
# gpg: Signature made Fri Feb 27 22:19:43 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD