Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop using qubes-rpc-multiplexer #9062

Open
DemiMarie opened this issue Mar 27, 2024 · 0 comments · May be fixed by QubesOS/qubes-core-qrexec#141
Open

Stop using qubes-rpc-multiplexer #9062

DemiMarie opened this issue Mar 27, 2024 · 0 comments · May be fixed by QubesOS/qubes-core-qrexec#141
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@DemiMarie
Copy link

How to file a helpful issue

The problem you're addressing (if any)

Executable RPC calls are made via a shell script, qubes-rpc-multiplexer. This slows things down for no real benefit.

The solution you'd like

Have the C code invoke the executable directly.

The value to a user, and who that user might be

Users will benefit from faster qrexec calls.

Completion criteria checklist

(This section is for developer use only. Please do not modify it.)

@DemiMarie DemiMarie added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Mar 27, 2024
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 10, 2024
Instead, directly execute the command from C.

Marked as draft for five reasons:

1. MSG_JUST_EXEC is now unable to invoke services.  This means that
   wait=False qrexec calls from the Admin API made in dom0 do not work.

2. There is no logging of the service's stderr anymore.

3. libqrexec-utils has an ABI break, meaning that a new library cannot
   work with old programs and visa versa.

4. This PR is based on another PR (QubesOS#139), not main.

5. All variables with names beginning with QREXEC_ are stripped from the
   environment.  This is a change in behavior compared to the current
   code.

1, 2, 3, and 4 must be fixed before this can be merged.  5 is a design
decision that could go either way.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 10, 2024
Instead, directly execute the command from C.

Marked as draft for five reasons:

1. MSG_JUST_EXEC is now unable to invoke services.  This means that
   wait=False qrexec calls from the Admin API made in dom0 do not work.

2. There is no logging of the service's stderr anymore.

3. libqrexec-utils has an ABI break, meaning that a new library cannot
   work with old programs and visa versa.

4. This PR is based on another PR (QubesOS#139), not main.

5. All variables with names beginning with QREXEC_ are stripped from the
   environment.  This is a change in behavior compared to the current
   code.

1, 2, 3, and 4 must be fixed before this can be merged.  5 is a design
decision that could go either way.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 11, 2024
Instead, directly execute the command from C.

Marked as draft for four reasons:

1. There is no logging of the service's stderr anymore.

2. libqrexec-utils has an ABI break, meaning that a new library cannot
   work with old programs and visa versa.

3. This PR is based on another PR (QubesOS#139), not main.

4. All variables with names beginning with QREXEC_ are stripped from the
   environment.  This is a change in behavior compared to the current
   code.

1, 2, and 3 must be fixed before this can be merged.  4 is a design
decision that could go either way.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 11, 2024
Instead, directly execute the command from C.

Marked as draft for four reasons:

1. There is no logging of the service's stderr anymore.

2. This PR is based on another PR (QubesOS#139), not main.

3. All variables with names beginning with QREXEC_ are stripped from the
   environment.  This is a change in behavior compared to the current
   code.

1 and 2 must be fixed before this can be merged.  3 is a design decision
that could go either way.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 11, 2024
Instead, directly execute the command from C.

Marked as draft for two reasons:

1. This PR is based on another PR (QubesOS#139), not main.

2. All variables with names beginning with QREXEC_ are stripped from the
   environment, except for QREXEC_SERVICE_PATH.  This is a change in
   behavior compared to the current code.

1 must be fixed before this can be merged.  3 is a design decision that
could go either way.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 16, 2024
Instead, directly execute the command from C.

Marked as draft for two reasons:

1. This PR is based on another PR (QubesOS#139), not main.

2. All variables with names beginning with QREXEC_ are stripped from the
   environment, except for QREXEC_SERVICE_PATH.  This is a change in
   behavior compared to the current code.

1 must be fixed before this can be merged.  2 is a design decision that
could go either way.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 16, 2024
Instead, directly execute the command from C.

Marked as draft for two reasons:

1. This PR is based on another PR (QubesOS#139), not main.

2. All variables with names beginning with QREXEC_ are stripped from the
   environment, except for QREXEC_SERVICE_PATH.  This is a change in
   behavior compared to the current code.

1 must be fixed before this can be merged.  2 is a design decision that
could go either way.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Apr 17, 2024
Instead, directly execute the command from C.

Marked as draft for two reasons:

1. This PR is based on another PR (QubesOS#139), not main.

2. All variables with names beginning with QREXEC_ are stripped from the
   environment, except for QREXEC_SERVICE_PATH.  This is a change in
   behavior compared to the current code.

1 must be fixed before this can be merged.  2 is a design decision that
could go either way.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue May 3, 2024
Instead, directly execute the command from C.

All variables with names beginning with QREXEC_ are stripped from the
environment, except for QREXEC_SERVICE_PATH.  This is a change in
behavior compared to the current code.

This is a backwards-incompatible change to
exec_qubes_rpc_if_requested(), which now takes an extra argument.
Therefore, it cannot be backported to R4.2.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue May 9, 2024
Instead, directly execute the command from C.

All variables with names beginning with QREXEC_ are stripped from the
environment, except for QREXEC_SERVICE_PATH.  This is a change in
behavior compared to the current code.

This is a backwards-incompatible change to
exec_qubes_rpc_if_requested(), which now takes an extra argument.
Therefore, it cannot be backported to R4.2.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Jun 27, 2024
Instead, directly execute the command from C.

All variables with names beginning with QREXEC_ are stripped from the
environment, except for QREXEC_SERVICE_PATH.  This is a change in
behavior compared to the current code.

This is a backwards-incompatible change to
exec_qubes_rpc_if_requested(), which now takes an extra argument.
Therefore, it cannot be backported to R4.2.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Sep 26, 2024
Instead, directly execute the command from C.

All variables with names beginning with QREXEC_ are stripped from the
environment, except for QREXEC_SERVICE_PATH.  This is a change in
behavior compared to the current code.

This is a backwards-incompatible change to
exec_qubes_rpc_if_requested(), which now takes an extra argument.
Therefore, it cannot be backported to R4.2.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Jan 4, 2025
Instead, directly execute the command from C.

All variables with names beginning with QREXEC_ are stripped from the
environment, except for QREXEC_SERVICE_PATH.  This is a change in
behavior compared to the current code.

This is a backwards-incompatible change to
exec_qubes_rpc_if_requested(), which now takes an extra argument.
Therefore, it cannot be backported to R4.2.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Jan 4, 2025
Instead, directly execute the command from C.

All variables with names beginning with QREXEC_ are stripped from the
environment, except for QREXEC_SERVICE_PATH.  This is a change in
behavior compared to the current code.

This is a backwards-incompatible change to
exec_qubes_rpc_if_requested(), which now takes an extra argument.
Therefore, it cannot be backported to R4.2.

Fixes: QubesOS/qubes-issues#9062
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Jan 5, 2025
Instead, directly execute the command from C.

All variables with names beginning with QREXEC are stripped from the
environment, except for QREXEC_SERVICE_PATH.  This is a change in
behavior compared to the current code.

This is a backwards-incompatible change to
exec_qubes_rpc_if_requested(), which now takes an extra argument.
Therefore, it cannot be backported to R4.2.  It also requires changing
the SELinux policy so that the labels on /etc/qubes-rpc/ and
/usr/local/etc/qubes-rpc/ (and their contents) are correct.

Fixes: QubesOS/qubes-issues#9062
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant