/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qrexec-client-vm sometimes exit with code 255 (-1) #2861

Closed
marmarek opened this Issue Jun 20, 2017 · 14 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.2 updates
2 participants
@marmarek @qubesos-bot
@marmarek
Member

marmarek commented Jun 20, 2017

Qubes OS version (e.g., R3.2): R3.2 (probably all R3.x)

Affected TemplateVMs (e.g., fedora-23, if applicable): all

When qrexec-client-vm is started with a local process (i.e. with third argument), it reports "-1" exit code when local process is terminated before the remote one.

Expected behavior:

Remote (or local) process exit status is reported.

Actual behavior:

Exit status is -1 (255).

Steps to reproduce the behavior:

  1. Create /etc/qubes-rpc/test.Abort in vm1:
sleep 1
  1. Create policy allowing call to test.Abort from vm2 to vm1.
  2. Call qrexec-client-vm vm1 test.Abort /bin/cat /dev/zero

Similar thing is tested by vm_qrexec_gui/TC_00_AppVM_*/test_055_qrexec_dom0_service_abort.

General notes:

It is not documented which exit code should be returned. In fact, its very inconsistently handled - depending on order of actions, arguments and some other factors.
Before fixing this issue, it should be defined (and documented!) which exit code should be returned.

IMO if local process is started, its exit code should be reported - the local process can then properly verify service response and report if requested action was properly handled. If in some case remote exit code is desired - qrexec-client-vm should be started without third argument.

@marmarek marmarek added bug C: core C: doc P: major labels Jun 20, 2017

@marmarek marmarek added this to the Release 3.2 updates milestone Jun 20, 2017

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jun 20, 2017

@marmarek
tests: fix checking exit code 
Since run_for_stdio raise an exception for non-zero exit code, it isn't
ignored anymore. So, check if qrexec-client-vm return expected value,
instead of keep ignoring it.

QubesOS/qubes-issues#2861
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
a0f616f

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jun 21, 2017

@marmarek
tests: improve tests for qrexe exit code handling 
Check if exit code retrieved from dom0 is really the one expected.

Fix typo in test_065_qrexec_exit_code_vm (testvm1/testvm2), adjust for
reporing remote exit code and remove expectedFailure.

QubesOS/qubes-issues#2861
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
ea0cbe3

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

@marmarek
Add qrexec-client-vm man page 
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
7fb30da

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

@marmarek
qrexec: exit with code 126 when service request was refused 
Exit code 1 is very common in all kind of programs, including qrexec
services, so it is hard to distinguish remote failure from service call
refusal. Use something from top of the range here (but not 127, as it is
commonly used to report "Command not found")

QubesOS/qubes-issues#2861
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
345c53b

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

@marmarek
qrexec: fix reporting exit code in qrexec-client-vm 
1. If local process is started, report its exit code, instaed of remote
one. To get remote exit code, simply start qrexec-client-vm without
third argument (and connect its stdin/stdout with the other process some
other way).

2. Report process terminated by signal.
Don't pretend that process terminated by signal finished successfuly.
Copy shell behaviour of reporting it as 128+signum.

3. Do not wait() for any child process, just the one we expect. In case
of qrexec-client-vm the child process is started differently and
wait()ing on it inside main loop would break its exit code reporting.

Fixes QubesOS/qubes-issues#2861
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
dd5bee9

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

@marmarek
Add qrexec-client-vm man page 
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
ff26dcf

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

@marmarek
qrexec: exit with code 126 when service request was refused 
Exit code 1 is very common in all kind of programs, including qrexec
services, so it is hard to distinguish remote failure from service call
refusal. Use something from top of the range here (but not 127, as it is
commonly used to report "Command not found")

QubesOS/qubes-issues#2861
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
d2aa216

@marmarek marmarek closed this in QubesOS/qubes-core-agent-linux@ea0cd0f Jun 21, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jun 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.2-1+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Jun 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.2-1+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-jessie-cur-test label Jun 24, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jun 24, 2017

Closed

core-agent-linux v4.0.2 (r4.0) #86

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jun 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.2-1+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Jun 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.2-1+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-stretch-cur-test label Jun 24, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jun 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.2-1.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

qubesos-bot commented Jun 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.2-1.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-fc24-cur-test label Jun 24, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jun 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.2-1.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

qubesos-bot commented Jun 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.2-1.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-fc25-cur-test label Jun 24, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 4, 2017

Closed

core-admin v4.0.1 (r4.0) #100

marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Sep 24, 2017

@marmarek
Add qrexec-client-vm man page 
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861

(cherry picked from commit ff26dcf)
Man page stripped from Qubes 4.0 features.
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
60fc91a

marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Sep 24, 2017

@marmarek
qrexec: exit with code 126 when service request was refused 
Exit code 1 is very common in all kind of programs, including qrexec
services, so it is hard to distinguish remote failure from service call
refusal. Use something from top of the range here (but not 127, as it is
commonly used to report "Command not found")

QubesOS/qubes-issues#2861

(cherry picked from commit d2aa216)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
ef80574

marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Sep 24, 2017

@marmarek
qrexec: fix reporting exit code in qrexec-client-vm 
1. If local process is started, report its exit code, instaed of remote
one. To get remote exit code, simply start qrexec-client-vm without
third argument (and connect its stdin/stdout with the other process some
other way).

2. Report process terminated by signal.
Don't pretend that process terminated by signal finished successfuly.
Copy shell behaviour of reporting it as 128+signum.

3. Do not wait() for any child process, just the one we expect. In case
of qrexec-client-vm the child process is started differently and
wait()ing on it inside main loop would break its exit code reporting.

Fixes QubesOS/qubes-issues#2861

(cherry picked from commit ea0cd0f)
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
7592e91
@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.19-1+deb8u1 has been pushed to the r3.2 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Sep 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.19-1+deb8u1 has been pushed to the r3.2 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added the r3.2-jessie-cur-test label Sep 24, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Sep 24, 2017

Closed

core-agent-linux v3.2.19 (r3.2) #223

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.19-1+deb9u1 has been pushed to the r3.2 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Sep 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.19-1+deb9u1 has been pushed to the r3.2 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added the r3.2-stretch-cur-test label Sep 24, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc23 has been pushed to the r3.2 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

qubesos-bot commented Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc23 has been pushed to the r3.2 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r3.2-fc23-cur-test label Sep 24, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc24 has been pushed to the r3.2 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

qubesos-bot commented Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc24 has been pushed to the r3.2 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r3.2-fc24-cur-test label Sep 24, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc25 has been pushed to the r3.2 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

qubesos-bot commented Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc25 has been pushed to the r3.2 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r3.2-fc25-cur-test label Sep 24, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc23 has been pushed to the r3.2 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

qubesos-bot commented Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc23 has been pushed to the r3.2 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@qubesos-bot qubesos-bot removed the r3.2-fc23-cur-test label Oct 17, 2017

@qubesos-bot qubesos-bot added the r3.2-fc23-stable label Oct 17, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc24 has been pushed to the r3.2 stable repository for the Fedora fc24 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

qubesos-bot commented Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc24 has been pushed to the r3.2 stable repository for the Fedora fc24 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@qubesos-bot qubesos-bot added r3.2-fc24-stable and removed r3.2-fc24-cur-test labels Oct 17, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc25 has been pushed to the r3.2 stable repository for the Fedora fc25 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

qubesos-bot commented Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc25 has been pushed to the r3.2 stable repository for the Fedora fc25 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@qubesos-bot qubesos-bot added r3.2-fc25-stable and removed r3.2-fc25-cur-test labels Oct 17, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.20-1+deb8u1 has been pushed to the r3.2 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Oct 17, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.20-1+deb8u1 has been pushed to the r3.2 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added r3.2-jessie-stable and removed r3.2-jessie-cur-test labels Oct 17, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.20-1+deb9u1 has been pushed to the r3.2 stable repository for the Debian stretch template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot commented Oct 17, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.20-1+deb9u1 has been pushed to the r3.2 stable repository for the Debian stretch template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot added r3.2-stretch-stable and removed r3.2-stretch-cur-test labels Oct 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment