New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qrexec-client-vm sometimes exit with code 255 (-1) #2861

Closed
marmarek opened this Issue Jun 20, 2017 · 14 comments

Comments

@marmarek
Member

marmarek commented Jun 20, 2017

Qubes OS version (e.g., R3.2): R3.2 (probably all R3.x)

Affected TemplateVMs (e.g., fedora-23, if applicable): all

When qrexec-client-vm is started with a local process (i.e. with third argument), it reports "-1" exit code when local process is terminated before the remote one.


Expected behavior:

Remote (or local) process exit status is reported.

Actual behavior:

Exit status is -1 (255).

Steps to reproduce the behavior:

  1. Create /etc/qubes-rpc/test.Abort in vm1:
sleep 1
  1. Create policy allowing call to test.Abort from vm2 to vm1.
  2. Call qrexec-client-vm vm1 test.Abort /bin/cat /dev/zero

Similar thing is tested by vm_qrexec_gui/TC_00_AppVM_*/test_055_qrexec_dom0_service_abort.

General notes:

It is not documented which exit code should be returned. In fact, its very inconsistently handled - depending on order of actions, arguments and some other factors.
Before fixing this issue, it should be defined (and documented!) which exit code should be returned.

IMO if local process is started, its exit code should be reported - the local process can then properly verify service response and report if requested action was properly handled. If in some case remote exit code is desired - qrexec-client-vm should be started without third argument.

@marmarek marmarek added this to the Release 3.2 updates milestone Jun 20, 2017

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jun 20, 2017

tests: fix checking exit code
Since run_for_stdio raise an exception for non-zero exit code, it isn't
ignored anymore. So, check if qrexec-client-vm return expected value,
instead of keep ignoring it.

QubesOS/qubes-issues#2861

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jun 21, 2017

tests: improve tests for qrexe exit code handling
Check if exit code retrieved from dom0 is really the one expected.

Fix typo in test_065_qrexec_exit_code_vm (testvm1/testvm2), adjust for
reporing remote exit code and remove expectedFailure.

QubesOS/qubes-issues#2861

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

Add qrexec-client-vm man page
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

qrexec: exit with code 126 when service request was refused
Exit code 1 is very common in all kind of programs, including qrexec
services, so it is hard to distinguish remote failure from service call
refusal. Use something from top of the range here (but not 127, as it is
commonly used to report "Command not found")

QubesOS/qubes-issues#2861

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

qrexec: fix reporting exit code in qrexec-client-vm
1. If local process is started, report its exit code, instaed of remote
one. To get remote exit code, simply start qrexec-client-vm without
third argument (and connect its stdin/stdout with the other process some
other way).

2. Report process terminated by signal.
Don't pretend that process terminated by signal finished successfuly.
Copy shell behaviour of reporting it as 128+signum.

3. Do not wait() for any child process, just the one we expect. In case
of qrexec-client-vm the child process is started differently and
wait()ing on it inside main loop would break its exit code reporting.

Fixes QubesOS/qubes-issues#2861

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

Add qrexec-client-vm man page
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue Jun 21, 2017

qrexec: exit with code 126 when service request was refused
Exit code 1 is very common in all kind of programs, including qrexec
services, so it is hard to distinguish remote failure from service call
refusal. Use something from top of the range here (but not 127, as it is
commonly used to report "Command not found")

QubesOS/qubes-issues#2861
@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jun 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.2-1+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

Automated announcement from builder-github

The package qubes-core-agent_4.0.2-1+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jun 24, 2017

Closed

core-agent-linux v4.0.2 (r4.0) #86

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jun 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_4.0.2-1+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

Automated announcement from builder-github

The package qubes-core-agent_4.0.2-1+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jun 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.2-1.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.2-1.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jun 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.2-1.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-4.0.2-1.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 4, 2017

Closed

core-admin v4.0.1 (r4.0) #100

marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Sep 24, 2017

Add qrexec-client-vm man page
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861

(cherry picked from commit ff26dcf)
Man page stripped from Qubes 4.0 features.

marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Sep 24, 2017

qrexec: exit with code 126 when service request was refused
Exit code 1 is very common in all kind of programs, including qrexec
services, so it is hard to distinguish remote failure from service call
refusal. Use something from top of the range here (but not 127, as it is
commonly used to report "Command not found")

QubesOS/qubes-issues#2861

(cherry picked from commit d2aa216)

marmarek added a commit to marmarek/qubes-core-agent-linux that referenced this issue Sep 24, 2017

qrexec: fix reporting exit code in qrexec-client-vm
1. If local process is started, report its exit code, instaed of remote
one. To get remote exit code, simply start qrexec-client-vm without
third argument (and connect its stdin/stdout with the other process some
other way).

2. Report process terminated by signal.
Don't pretend that process terminated by signal finished successfuly.
Copy shell behaviour of reporting it as 128+signum.

3. Do not wait() for any child process, just the one we expect. In case
of qrexec-client-vm the child process is started differently and
wait()ing on it inside main loop would break its exit code reporting.

Fixes QubesOS/qubes-issues#2861

(cherry picked from commit ea0cd0f)
@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.19-1+deb8u1 has been pushed to the r3.2 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

Automated announcement from builder-github

The package qubes-core-agent_3.2.19-1+deb8u1 has been pushed to the r3.2 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Sep 24, 2017

Closed

core-agent-linux v3.2.19 (r3.2) #223

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.19-1+deb9u1 has been pushed to the r3.2 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

Automated announcement from builder-github

The package qubes-core-agent_3.2.19-1+deb9u1 has been pushed to the r3.2 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc23 has been pushed to the r3.2 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc23 has been pushed to the r3.2 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc24 has been pushed to the r3.2 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc24 has been pushed to the r3.2 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Sep 24, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc25 has been pushed to the r3.2 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.19-1.fc25 has been pushed to the r3.2 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.2-current-testing

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc23 has been pushed to the r3.2 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc23 has been pushed to the r3.2 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc24 has been pushed to the r3.2 stable repository for the Fedora fc24 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc24 has been pushed to the r3.2 stable repository for the Fedora fc24 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc25 has been pushed to the r3.2 stable repository for the Fedora fc25 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

Automated announcement from builder-github

The package python2-dnf-plugins-qubes-hooks-3.2.20-1.fc25 has been pushed to the r3.2 stable repository for the Fedora fc25 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.20-1+deb8u1 has been pushed to the r3.2 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

Automated announcement from builder-github

The package qubes-core-agent_3.2.20-1+deb8u1 has been pushed to the r3.2 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 17, 2017

Automated announcement from builder-github

The package qubes-core-agent_3.2.20-1+deb9u1 has been pushed to the r3.2 stable repository for the Debian stretch template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

Automated announcement from builder-github

The package qubes-core-agent_3.2.20-1+deb9u1 has been pushed to the r3.2 stable repository for the Debian stretch template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment