Add an option for custom vchan buffer size, to override default 64k (for
each direction). This is especially useful when the other side of
connection is MirageOS based, because of limited memory and default
grant table size (128 entries).
This avoids duplicating service call parsing in multiple places.
Further improvements to that code (like avoid using shell) can be
implemented in one place.
Some services require GUI access. Make qrexec-agent handling this, based
on per-service configuration, instead of forcing every caller to call
qubes.WaitForSession service first. This is especially important for
Disposable VMs, because those are destroyed after a single service call.
This needs to be done in qrexec-agent (instead of service script, or
qubes-rpc-multiplexer), because agent will behave differently depending
on GUI session being available or not. Namely, will use
qrexec-fork-server (so the process will be a child of session leader),
or will open new session.
Service configuration lives in /etc/qubes/rpc-config/SERVICE_NAME, can
can contain 'key=value' entries (no space around '=' allowed). Currently
the only settings supported is 'wait-for-session', with value either '0'
or '1'.
QubesOS/qubes-issues#2974
Always set QREXEC_AGENT_PID variable, setup SIGUSR1 handler. And do that
before starting child process to avoid race conditions.
Required for QubesOS/qubes-issues#
FixesQubesOS/qubes-issues#1863
This doesn't cover all the cases, because local process could want to
receive that value (currently it cant), but I can't think of any simple,
*compatible* way to pass it there.
This way qrexec-client-vm will have much more information, at least:
- will know whether the service call was accepted or refused
- potentially will know remote process exit code
This commit implements the first point - the local process will not be
started if service call was refused.
This process should be started from user session (most likely
qubes-session). New processes (of that user) will be created as
children of that session making logind and such crap happy. This should
also solve problems with EOF transmission (no additional "su" process)
and prevent loading all the environment multiple times.
Move (qrexec-agent version of) do_exec to qrexec-agent.c, move
handle_handshake to qrexec-agent-data.c (common to all agent binaries).
Fix indentation (tabs -> spaces).
