/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Persistent qrexec policy daemon #3868

Closed
DemiMarie opened this Issue Apr 29, 2018 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
3 participants
@DemiMarie @marmarek @andrewdavidwong
@DemiMarie

DemiMarie commented Apr 29, 2018

Qubes OS version:

R4.0

Affected component(s):

qubes-core-admin

Steps to reproduce the behavior:

  1. Run qvm-ls
  2. Note the time it takes

Expected behavior:

qvm-ls is fast

Actual behavior:

qvm-ls is slow

General notes:

The problem seems to be that every qrexec call starts a new Python process. I propose that this be replaced by a persistent daemon. The daemon will listen on a Unix domain socket and maintain an in-memory cache of all qrexec policy files. inotify will be used to notify the daemon when these change. Additionally, whenever the machine is awake, the daemon will reload its configuration every minute or so, to ensure that it stays up-to-date.

Related issues:
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Apr 29, 2018

Member

Do you mean qvm-ls in dom0 or in some VM (with appropriate permissons for qrexec calls)? In case of dom0, it already use local socket and qrexec policy is not involved at all. But in case of VM, your diagnosis is correct.

Generally:

  • the idea you propose is good (with slightly different details about updating the info), this is what we plan to implement when time allows
  • this is a duplicate of #3293 (comment), lets move the discussion there
Member

marmarek commented Apr 29, 2018

Do you mean qvm-ls in dom0 or in some VM (with appropriate permissons for qrexec calls)? In case of dom0, it already use local socket and qrexec policy is not involved at all. But in case of VM, your diagnosis is correct.

Generally:

  • the idea you propose is good (with slightly different details about updating the info), this is what we plan to implement when time allows
  • this is a duplicate of #3293 (comment), lets move the discussion there

@marmarek marmarek closed this Apr 29, 2018

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Apr 30, 2018

Member

Duplicate of #3293
Member

andrewdavidwong commented Apr 30, 2018

Duplicate of #3293

@andrewdavidwong andrewdavidwong marked this as a duplicate of #3293 Apr 30, 2018

@andrewdavidwong andrewdavidwong added the duplicate label Apr 30, 2018

@DemiMarie

This comment has been minimized.

Show comment
Hide comment
@DemiMarie

DemiMarie Apr 30, 2018

DemiMarie commented Apr 30, 2018

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Apr 30, 2018

Member

Ok, but in case of dom0, qrexec policy is not involved at all.
Member

marmarek commented Apr 30, 2018

Ok, but in case of dom0, qrexec policy is not involved at all.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment