Stop using qubes-rpc-multiplexer
#9062
Labels
C: core
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
pr submitted
A pull request has been submitted for this issue.
Comments
DemiMarie
added
T: enhancement
C: core
P: default
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 10, 2024
Instead, directly execute the command from C. Marked as draft for five reasons: 1. MSG_JUST_EXEC is now unable to invoke services. This means that wait=False qrexec calls from the Admin API made in dom0 do not work. 2. There is no logging of the service's stderr anymore. 3. libqrexec-utils has an ABI break, meaning that a new library cannot work with old programs and visa versa. 4. This PR is based on another PR (QubesOS#139), not main. 5. All variables with names beginning with QREXEC_ are stripped from the environment. This is a change in behavior compared to the current code. 1, 2, 3, and 4 must be fixed before this can be merged. 5 is a design decision that could go either way. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 10, 2024
Instead, directly execute the command from C. Marked as draft for five reasons: 1. MSG_JUST_EXEC is now unable to invoke services. This means that wait=False qrexec calls from the Admin API made in dom0 do not work. 2. There is no logging of the service's stderr anymore. 3. libqrexec-utils has an ABI break, meaning that a new library cannot work with old programs and visa versa. 4. This PR is based on another PR (QubesOS#139), not main. 5. All variables with names beginning with QREXEC_ are stripped from the environment. This is a change in behavior compared to the current code. 1, 2, 3, and 4 must be fixed before this can be merged. 5 is a design decision that could go either way. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 11, 2024
Instead, directly execute the command from C. Marked as draft for four reasons: 1. There is no logging of the service's stderr anymore. 2. libqrexec-utils has an ABI break, meaning that a new library cannot work with old programs and visa versa. 3. This PR is based on another PR (QubesOS#139), not main. 4. All variables with names beginning with QREXEC_ are stripped from the environment. This is a change in behavior compared to the current code. 1, 2, and 3 must be fixed before this can be merged. 4 is a design decision that could go either way. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 11, 2024
Instead, directly execute the command from C. Marked as draft for four reasons: 1. There is no logging of the service's stderr anymore. 2. This PR is based on another PR (QubesOS#139), not main. 3. All variables with names beginning with QREXEC_ are stripped from the environment. This is a change in behavior compared to the current code. 1 and 2 must be fixed before this can be merged. 3 is a design decision that could go either way. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 11, 2024
Instead, directly execute the command from C. Marked as draft for two reasons: 1. This PR is based on another PR (QubesOS#139), not main. 2. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. 1 must be fixed before this can be merged. 3 is a design decision that could go either way. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 16, 2024
Instead, directly execute the command from C. Marked as draft for two reasons: 1. This PR is based on another PR (QubesOS#139), not main. 2. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. 1 must be fixed before this can be merged. 2 is a design decision that could go either way. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 16, 2024
Instead, directly execute the command from C. Marked as draft for two reasons: 1. This PR is based on another PR (QubesOS#139), not main. 2. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. 1 must be fixed before this can be merged. 2 is a design decision that could go either way. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Apr 17, 2024
Instead, directly execute the command from C. Marked as draft for two reasons: 1. This PR is based on another PR (QubesOS#139), not main. 2. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. 1 must be fixed before this can be merged. 2 is a design decision that could go either way. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
May 3, 2024
Instead, directly execute the command from C. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
May 9, 2024
Instead, directly execute the command from C. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jun 27, 2024
Instead, directly execute the command from C. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Sep 26, 2024
Instead, directly execute the command from C. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 4, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 4, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC_ are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 5, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 9, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 17, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 18, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 18, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 20, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 22, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 24, 2025
Instead, directly execute the command from C. All variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH. This is a change in behavior compared to the current code. This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 29, 2025
Instead, directly execute the command from C. Environment variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH and QREXEC_AGENT_PID. This stripping happens before qrexec-specific environment variables are set, so the following variables are still set as before: - QREXEC_SERVICE_FULL_NAME - QREXEC_REMOTE_DOMAIN - QREXEC_SERVICE_ARGUMENT - QREXEC_REQUESTED_TARGET_TYPE - QREXEC_REQUESTED_TARGET (dom0 only) - QREXEC_REQUESTED_TARGET_KEYWORD (dom0 only) This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 29, 2025
Instead, directly execute the command from C. Environment variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH and QREXEC_AGENT_PID. This stripping happens before qrexec-specific environment variables are set, so the following variables are still set as before: - QREXEC_SERVICE_FULL_NAME - QREXEC_REMOTE_DOMAIN - QREXEC_SERVICE_ARGUMENT - QREXEC_REQUESTED_TARGET_TYPE - QREXEC_REQUESTED_TARGET (dom0 only) - QREXEC_REQUESTED_TARGET_KEYWORD (dom0 only) This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jan 31, 2025
Instead, directly execute the command from C. Environment variables with names beginning with QREXEC are stripped from the environment, except for QREXEC_SERVICE_PATH and QREXEC_AGENT_PID. This stripping happens before qrexec-specific environment variables are set, so the following variables are still set as before: - QREXEC_SERVICE_FULL_NAME - QREXEC_REMOTE_DOMAIN - QREXEC_SERVICE_ARGUMENT - QREXEC_REQUESTED_TARGET_TYPE - QREXEC_REQUESTED_TARGET (dom0 only) - QREXEC_REQUESTED_TARGET_KEYWORD (dom0 only) This is a backwards-incompatible change to exec_qubes_rpc_if_requested(), which now takes an extra argument. Therefore, it cannot be backported to R4.2. It also requires changing the SELinux policy so that the labels on /etc/qubes-rpc/ and /usr/local/etc/qubes-rpc/ (and their contents) are correct. qubes-rpc-multiplexer is still present because it has legacy uses in Python code and for compatibility. Fixes: QubesOS/qubes-issues#9062
andrewdavidwong
added
the
pr submitted
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to file a helpful issue
The problem you're addressing (if any)
Executable RPC calls are made via a shell script,
qubes-rpc-multiplexer. This slows things down for no real benefit.The solution you'd like
Have the C code invoke the executable directly.
The value to a user, and who that user might be
Users will benefit from faster qrexec calls.
Completion criteria checklist
(This section is for developer use only. Please do not modify it.)
The text was updated successfully, but these errors were encountered: