From 5cb6f0fb0906ea187ff03c3b6f8269c361b98eef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Tue, 28 Sep 2021 23:31:19 +0200
Subject: [PATCH] Fix fallout from qvm-appmenus --force-root

qvm-appmenus now refuses to run as root by default, for a good reason.
Run it as a normal user whenever possible. Or, if just menu entries list
is to be set, do it directly by setting 'menu-items' feature.

QubesOS/qubes-issues#6888
---
 qubesadmin/app.py            | 22 +++++++++++++++++++++-
 qubesadmin/backup/restore.py | 12 +++++++-----
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/qubesadmin/app.py b/qubesadmin/app.py
index f3c2d0cf..d79e647d 100644
--- a/qubesadmin/app.py
+++ b/qubesadmin/app.py
@@ -462,7 +462,22 @@ def clone_vm(self, src_vm, new_name, new_cls=None, pool=None, pools=None,
                 appmenus_cmd = \
                     ['qvm-appmenus', '--init', '--update',
                      '--source', src_vm.name, dst_vm.name]
-                subprocess.check_output(appmenus_cmd, stderr=subprocess.STDOUT)
+                runas = []
+                if os.getuid() == 0:
+                    try:
+                        user = self.domains[self.local_name].default_user
+                    except (KeyError, qubesadmin.exc.QubesException):
+                        try:
+                            user = grp.getgrnam('qubes').gr_mem[0]
+                        except KeyError:
+                            user = None
+                    if not user:
+                        raise qubesadmin.exc.QubesException(
+                            'Failed to find local user account')
+                    runas = ['runuser', '-u', user, '--']
+
+                subprocess.check_output(runas + appmenus_cmd,
+                    stderr=subprocess.STDOUT)
             except OSError as e:
                 # this file needs to be python 2.7 compatible,
                 # so no FileNotFoundError
@@ -476,6 +491,11 @@ def clone_vm(self, src_vm, new_name, new_cls=None, pool=None, pools=None,
                 if not ignore_errors:
                     raise qubesadmin.exc.QubesException(
                         'Failed to clone appmenus') from e
+            except qubesadmin.exc.QubesException as e:
+                self.log.error('Failed to clone appmenus: %s', e)
+                if not ignore_errors:
+                    raise qubesadmin.exc.QubesException(
+                        'Failed to clone appmenus') from e
 
         except qubesadmin.exc.QubesException:
             if not ignore_errors:
diff --git a/qubesadmin/backup/restore.py b/qubesadmin/backup/restore.py
index 36b05592..2d89bd68 100644
--- a/qubesadmin/backup/restore.py
+++ b/qubesadmin/backup/restore.py
@@ -1859,11 +1859,13 @@ def _handle_dom0(self, stream):
     def _handle_appmenus_list(self, vm, stream):
         '''Handle whitelisted-appmenus.list file'''
         try:
-            subprocess.check_call(
-                ['qvm-appmenus', '--set-whitelist=-', vm.name],
-                stdin=stream)
-        except (subprocess.CalledProcessError, FileNotFoundError):
-            self.log.error('Failed to set application list for %s', vm.name)
+            appmenus_list = stream.read().decode('ascii').splitlines()
+            # remove empty lines
+            appmenus_list = [l for l in appmenus_list if l]
+            vm.features['menu-items'] = ' '.join(appmenus_list)
+        except QubesException as e:
+            self.log.error(
+                'Failed to set application list for %s: %s', vm.name, e)
 
     def _handle_volume_data(self, vm, volume, stream):
         '''Wrap volume data import with logging'''