/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request - Qubes R3.x - custom default_user value should not break qubes integration (gui, pulse audio) #2372

Closed
yilmi opened this Issue Oct 10, 2016 · 6 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Far in the future
3 participants
@yilmi @marmarek @andrewdavidwong
@yilmi

yilmi commented Oct 10, 2016

Qubes OS version :

R3.x

Affected TemplateVMs :

found on fedora-23 and debian-8 but could be reproduced on any template using qubes-gui-agent-linux

Expected behavior:

When setting a custom default_user value for a TemplateVM / AppVM Qubes, pulse audio sink is working properly

Actual behavior:

If we use a custom default_user value for a TemplateVM / AppVM, pulse audio sink is broken

Steps to reproduce the behavior:

From dom0 :
qvm-prefs -s yourvmname default_user yourcustomusername

From yourvmname :
Run any app using pulseaudio, it should not work

General notes:

Qubes GUI agent service is executing /usr/bin/qubes-gui which itself is executing qubes-run-xorg.sh.

qubes-run-xorg.sh prepare qubes configuration args for Xorg and start it :

exec su -l user -c "/usr/bin/xinit $XSESSION -- $XORG :0 -nolisten tcp vt07 -wr -config xorg-qubes.conf > ~/.xsession-errors 2>&1"

The problem is that X is always started as default qubes vm user, (ie. user). Pulseaudio is also running as the user appearing in qubes-run-xorg.sh because it is started through xdg autostart

I didn't spent a lot of time on this topic but I suppose that qubes-gui could read default_user from somewhere and pass it as an arg to qubes-run-xorg.sh

Related issues:
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 11, 2016

Member

Changing default user in standard templates was never supported (it's only for HVM, and especially Windows), so the bug here is: "changing default_user property is not blocked".
There is much more places than this one where "user" value is hardcoded.
Feature request for supporting different user is very unlikely to be implemented (at least by core team).
Member

marmarek commented Oct 11, 2016

Changing default user in standard templates was never supported (it's only for HVM, and especially Windows), so the bug here is: "changing default_user property is not blocked".
There is much more places than this one where "user" value is hardcoded.
Feature request for supporting different user is very unlikely to be implemented (at least by core team).

@yilmi yilmi changed the title from Qubes R3.x - Pulseaudio broken when using custom default_user to Feature Request - Qubes R3.x - Pulseaudio broken when using custom default_user Oct 11, 2016

@yilmi yilmi changed the title from Feature Request - Qubes R3.x - Pulseaudio broken when using custom default_user to Feature Request - Qubes R3.x - custom default_user value should not break qubes integration (gui, pulse audio) Oct 11, 2016

@yilmi

This comment has been minimized.

Show comment
Hide comment
@yilmi

yilmi Oct 11, 2016

Changed the description to "Feature request"

yilmi commented Oct 11, 2016

Changed the description to "Feature request"

@andrewdavidwong andrewdavidwong added enhancement help wanted P: minor labels Oct 11, 2016

@andrewdavidwong andrewdavidwong added this to the Far in the future milestone Oct 11, 2016

@andrewdavidwong andrewdavidwong added C: other C: templates and removed C: other labels Oct 11, 2016

@yilmi

This comment has been minimized.

Show comment
Hide comment
@yilmi

yilmi Nov 9, 2017

Hi @marmarek,

I would like to fix the issue reported on the qubes-run-xorg.sh script. I understand this is not the only place where we have a hardcoded username but would to start with this.
I was thinking about using the xenstore to push the default_user value so it can be accessed from the VM. Then retrieve to pass it as an argument to the -l switch of the su in the qubes-run-xorg.sh
Would you be ok with this approach?

yilmi commented Nov 9, 2017

Hi @marmarek,

I would like to fix the issue reported on the qubes-run-xorg.sh script. I understand this is not the only place where we have a hardcoded username but would to start with this.
I was thinking about using the xenstore to push the default_user value so it can be accessed from the VM. Then retrieve to pass it as an argument to the -l switch of the su in the qubes-run-xorg.sh
Would you be ok with this approach?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Nov 9, 2017

Member

First of all, use QubesDB instead of xenstore (to ease migration to other hypervisors). It's very similar, simply use qubesdb-* tools instead of xenstore-*.
Do you think the same template could be used with different user names in different VMs? If not, maybe it should be rather configuration inside the VM, later communicated to dom0, instead requiring configuration in both places always - you always need to configure template side, at least to create that custom user.
Member

marmarek commented Nov 9, 2017

First of all, use QubesDB instead of xenstore (to ease migration to other hypervisors). It's very similar, simply use qubesdb-* tools instead of xenstore-*.
Do you think the same template could be used with different user names in different VMs? If not, maybe it should be rather configuration inside the VM, later communicated to dom0, instead requiring configuration in both places always - you always need to configure template side, at least to create that custom user.
@yilmi

This comment has been minimized.

Show comment
Hide comment
@yilmi

yilmi Nov 13, 2017

Thanks for the feedback, I will use qubesdb-* instead.

At the moment, one template VM can't have 2 AppVMs with different usernames. The default_user is ignored when I try to set it directly on the AppVM. The value can only be changed through the TemplateVM and will affect AppVMs based on it.

I'll try to prepare a fix that you can review with more detail.

yilmi commented Nov 13, 2017
edited
Edited 1 time
  • @yilmi yilmi edited Nov 13, 2017 (most recent)

Thanks for the feedback, I will use qubesdb-* instead.

At the moment, one template VM can't have 2 AppVMs with different usernames. The default_user is ignored when I try to set it directly on the AppVM. The value can only be changed through the TemplateVM and will affect AppVMs based on it.

I'll try to prepare a fix that you can review with more detail.

yilmi added a commit to yilmi/qubes-core-admin that referenced this issue Feb 1, 2018

@yilmi
Added the default_user property from the Qube to the qubesdb so it is… 
… available when starting X. This is the 1st part of a fix for issue QubesOS/qubes-issues#2372
Verified
This commit was signed with a verified signature.
@yilmi yilmi Yassine Ilmi
GPG key ID: 2E294120031F1D95 Learn about signing commits
1c3b412

This was referenced Feb 1, 2018

Merged
Merged

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Feb 20, 2018

@marmarek
Merge remote-tracking branch 'qubesos/pr/190' 
* qubesos/pr/190:
  Missed one test, adding default-user in assert for test test_621_qdb_vm_with_network in TC_90
  replaced underscore by dash and update test accordingly
  Updated assert content for test_620_qdb_standalone in TC_90_QubesVM
  Added the default_user property from the Qube to the qubesdb so it is available when starting X. This is the 1st part of a fix for issue QubesOS/qubes-issues#2372
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
b00bbb7

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Feb 20, 2018

Closed

core-admin v4.0.23 (r4.0) #424

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 11, 2018

Member

It's done.
Member

marmarek commented Jul 11, 2018

It's done.

@marmarek marmarek closed this Jul 11, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment