/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VM started via qubes.VMShell has qubes-guid running as root, breaks Qubes clipboard #1768

Closed
mattmccutchen opened this Issue Feb 21, 2016 · 4 comments

Comments

Assignees

@marmarek marmarek

Labels
Projects
None yet
Milestone
  Release 3.0 updates
3 participants
@mattmccutchen @marmarek @andrewdavidwong
@mattmccutchen

mattmccutchen commented Feb 21, 2016

From my main AppVM, I ran a command with qvm-run research ..., which automatically started the research AppVM and left its qubes-guid in dom0 running as root. Then I tried to copy and paste some text from research to main, but nothing happened when I pressed the secure paste key. Looks like the problem was that the /var/run/qubes/qubes-clipboard* files were created with root as owner and couldn't be read by qubes-guid for the main AppVM. Something should change so that this sequence of operations works correctly.

(I don't want to hear heckling about my usage of qubes.VMShell; it's consistent with my current security model, and I presume the same problem would affect restricted inter-AppVM RPC services.)
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Feb 21, 2016

Member

How do you start your main VM? Is it set to autostart? Does it happen
too if you start it manually (for example from Qubes Manager)?

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Member

marmarek commented Feb 21, 2016

How do you start your main VM? Is it set to autostart? Does it happen
too if you start it manually (for example from Qubes Manager)?

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
@mattmccutchen

This comment has been minimized.

Show comment
Hide comment
@mattmccutchen

mattmccutchen Feb 21, 2016

Indeed, my main VM is set to autostart. If I restart main using Qubes Manager, stop research and start it again via qubes.VMShell, then the clipboard works (after I delete the existing root-owned /var/run/qubes/qubes-clipboard* files). Perhaps the difference is that qrexec-daemon appears to run as root for autostarted VMs but as the dom0 user for VMs started with Qubes Manager.

mattmccutchen commented Feb 21, 2016

Indeed, my main VM is set to autostart. If I restart main using Qubes Manager, stop research and start it again via qubes.VMShell, then the clipboard works (after I delete the existing root-owned /var/run/qubes/qubes-clipboard* files). Perhaps the difference is that qrexec-daemon appears to run as root for autostarted VMs but as the dom0 user for VMs started with Qubes Manager.

@andrewdavidwong andrewdavidwong added bug C: core P: minor labels Apr 6, 2016

@marmarek marmarek added this to the Release 3.0 updates milestone May 15, 2016

@marmarek marmarek self-assigned this May 15, 2016

@marmarek marmarek closed this in marmarek/old-qubes-gui-daemon@cc648e4 May 18, 2016

marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue May 25, 2016

@marmarek
core: start qrexec-daemon as normal user, even when VM is started by … 
…root

qrexec-daemon will start new processes for called services, which
include starting new DispVM, starting other required VMs (like backend
GPG VM). Having those processes as root leads to many permissions
problems, like the one linked below. So when VM is started by root, make
sure that qrexec-daemon will be running as normal user (the first user
in group 'qubes' - there should be only one).

QubesOS/qubes-issues#1768
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
3afc7b7

marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue Jun 7, 2016

@marmarek
core: start guid as normal user even when VM started by root 
Another attempt to avoid permissions-related problems...

QubesOS/qubes-issues#1768
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
d0ba43f

marmarek added a commit to QubesOS/qubes-gui-daemon that referenced this issue Jun 25, 2016

@marmarek
xside: create clipboard files qubes-group writable 
This allows other guid processes access the files, even when created by
as root. Files will be owned by group qubes because /var/run/qubes is
owned by it and has setgid bit set.

Fixes QubesOS/qubes-issues#1768

(cherry picked from commit cc648e4)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
b3ac15c
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 25, 2016

Member

Automated announcement from builder-github

The package qubes-gui-dom0-3.1.4-1.fc20 has been pushed to the r3.1 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update
Member

marmarek commented Jun 25, 2016

Automated announcement from builder-github

The package qubes-gui-dom0-3.1.4-1.fc20 has been pushed to the r3.1 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@marmarek marmarek added the r3.1-dom0-cur-test label Jun 25, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 25, 2016

Member

Automated announcement from builder-github

The package qubes-gui-dom0-3.1.4-1.fc20 has been pushed to the r3.1 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update
Member

marmarek commented Jul 25, 2016

Automated announcement from builder-github

The package qubes-gui-dom0-3.1.4-1.fc20 has been pushed to the r3.1 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

@marmarek marmarek added r3.1-dom0-stable and removed r3.1-dom0-cur-test labels Jul 25, 2016

marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue Sep 8, 2016

@marmarek
qubes/vm: start VM daemons as normal user 
This is migration of core2 commits:

commit d0ba43f
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Mon Jun 6 02:21:08 2016 +0200

    core: start guid as normal user even when VM started by root

    Another attempt to avoid permissions-related problems...

    QubesOS/qubes-issues#1768

commit 89d002a
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Mon Jun 6 02:19:51 2016 +0200

    core: use runuser instead of sudo for switching root->user

    There are problems with using sudo in early system startup
    (systemd-logind not running yet, pam_systemd timeouts). Since we don't
    need full session here, runuser is good enough (even better: faster).

commit 2265fd3
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Sat Jun 4 17:42:24 2016 +0200

    core: start qubesdb as normal user, even when VM is started by root

    On VM start, old qubesdb-daemon is terminated (if still running). In
    practice it happen only at VM startart (shutdown and quickly start
    again). But in that case, if the VM was started by root, such operation
    would fail.
    So when VM is started by root, make sure that qubesdb-daemon will be
    running as normal user (the first user in group 'qubes' - there should
    be only one).

    Fixes QubesOS/qubes-issues#1745
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
c534b68
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment