Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make it possible to restart qrexec-agent #1148

Closed
marmarek opened this issue Aug 25, 2015 · 0 comments · Fixed by QubesOS/qubes-core-qrexec#4
Closed

Make it possible to restart qrexec-agent #1148

marmarek opened this issue Aug 25, 2015 · 0 comments · Fixed by QubesOS/qubes-core-qrexec#4
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. release notes This issue should be mentioned in the release notes.
Milestone
Release 4.1

Comments

@marmarek
Copy link
Member

This would be useful at least for upgrades, which tend to breaks when old qrexec-agent is running.
Problems with that:

  1. Currently you can't restart qrexec agent, because it will not be able connect to dom0 again, without restarting qrexec daemon there too. This is probably easy to solve.
  2. Even if you can restart it, it needs to happen before that hanging qrexec call. IIUC in default debian scripts, this would happen after all the custom preinst (where the qrexec call is placed)
  3. Restarting only qrexec agent wont be enough because this particular problem happens in qrexec-fork-server, which is part of the user session. So it wont be affected by qrexec-agent restart. And of course you can't restart the whole user session in the middle of upgrade...
    3a. Actually above isn't a big problem, because you can simply kill qrexec-fork-server. This process is used to start new applications inside user session (so they are proper children of session leader, as apparently required by logind and PolicyKit). But if you kill that process, qrexec-agent will use a fallback of starting new session ("su - -c ...") for each call. This should be more than enough for service calls, just may have some problems with GUI applications, but we don't need them in this particular case.
  4. And finally, restarting qrexec-agent will of course will break all the running connections. If you're running upgrade through qrexec (for example using some script - from which this thread has started), the upgrade will be interrupted.

The last one (4) is true only on R2, on R3.0 qrexec was redesigned to
hold running connections in separate processes.
@marmarek marmarek added this to the Release 3.2 milestone Sep 1, 2015
@adrelanos adrelanos mentioned this issue Sep 3, 2015
Merged
@bnvk bnvk mentioned this issue Nov 23, 2015
Closed
@marmarek marmarek modified the milestones: Release 3.2, Release 4.0 Aug 5, 2016
@marmarek marmarek mentioned this issue Apr 8, 2019
Closed
6 tasks
marmarek added a commit to marmarek/qubes-core-qrexec that referenced this issue Apr 13, 2019
@marmarek
dom0: when qrexec-agent disconnects, try to reconnect
38a0aca 
Do not exit when qrexec-agent disconnects, instead try to reconnect.
This allows to restart qrexec-agent inside a VM (almost) without bad
consequences.
Since established qrexec connections are handled in separate processes,
those are not interrupted by such restart. But qrexec-agent loose
track of them. This means two things:
 - ports used by such connections are never released (qrexec-daemon
   intentionally keep them marked as busy)
 - if anone waits for qrexec connection end notification, it will
   receive it prematurely - on qrexec-agent restart; this may cause DispVM
   to be prematurely killed

Fixes QubesOS/qubes-issues#1148
@marmarek marmarek mentioned this issue Apr 13, 2019
Merged
@qubesos-bot qubesos-bot mentioned this issue Jun 8, 2019
Closed
@andrewdavidwong andrewdavidwong added the P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. label Jun 8, 2019
@marmarek marmarek mentioned this issue Aug 26, 2019
Closed
marmarek added a commit to marmarek/qubes-core-qrexec that referenced this issue Jan 8, 2021
@marmarek
agent: do not interrupt established connections on restart
41e36f7 
Restart only the main process, do not kill children (responsible for
passing data for established connections). This fixes installing updates
(when qrexec is updated too) using Salt or other qrexec service.

QubesOS/qubes-issues#1148
@marmarek marmarek mentioned this issue Jan 8, 2021
Merged
@marmarek marmarek added the release notes This issue should be mentioned in the release notes. label Jan 8, 2021
@qubesos-bot qubesos-bot mentioned this issue Jan 10, 2021
Closed
@elric-wamugu elric-wamugu mentioned this issue Jan 24, 2021
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. release notes This issue should be mentioned in the release notes.
Projects
None yet
Milestone
Release 4.1
Development

Successfully merging a pull request may close this issue.

dom0: when qrexec-agent disconnects, try to reconnect marmarek/qubes-core-qrexec
2 participants
@marmarek @andrewdavidwong