Qrexec policy daemon #6
Conversation
marmarta
force-pushed
the
qrexec-policy-daemon
branch
12 times, most recently
from
31de73d to
d88a0da
Compare
Codecov Report
@@ Coverage Diff @@
## master #6 +/- ##
==========================================
+ Coverage 87.98% 88.01% +0.02%
==========================================
Files 15 19 +4
Lines 2506 2771 +265
==========================================
+ Hits 2205 2439 +234
- Misses 301 332 +31
Continue to review full report at Codecov.
|
marmarta
force-pushed
the
qrexec-policy-daemon
branch
3 times, most recently
from
4586fc6 to
12f048f
Compare
|
I've done some tests. Start situation: qrexec call into dom0 (
The second point should be hopefully solved by #3 (for latency critical services). |
|
Some issues detected during tests:
|
marmarta
force-pushed
the
qrexec-policy-daemon
branch
8 times, most recently
from
a2213ec to
19e79f7
Compare
marmarta
force-pushed
the
qrexec-policy-daemon
branch
3 times, most recently
from
5534e24 to
e35906a
Compare
| - assume_yes_for_ask=yes | ||
| - just_evaluate=yes | ||
|
|
||
| Newline-separated |
There was a problem hiding this comment.
Already mentioned at the beginning.
|
|
||
| newline + further | ||
|
|
||
| all not compliant responses are bad no good terrible |
qrexec/policy/utils.py
Outdated
| # | ||
| # The Qubes OS Project, http://www.qubes-os.org | ||
| # | ||
| # Copyright (C) 2017 Marta Marczykowska-Górecka |
qrexec/tests/qrexec_policy_daemon.py
Outdated
| functools.partial(qrexec_policy_daemon.handle_client_connection, | ||
| log, Mock()), | ||
| path=str(tmp_path / "socket.d")) | ||
| # because travis is stuck in python3.5, we can't use yield |
There was a problem hiding this comment.
In the meantime I've updated travis to python 3.7. If you want, you can change it now. But it can stay as is too.
qrexec/tests/qrexec_policy_daemon.py
Outdated
| @pytest.mark.asyncio | ||
| async def test_wrong_arg(self, mock_request, async_server, tmp_path): | ||
|
|
||
| data = b'domains_id=a\n' \ |
There was a problem hiding this comment.
Please add a comment pointing at this typo, or make the wrong arg more explicit.
qrexec/tools/qrexec_policy_daemon.py
Outdated
| # | ||
| # The Qubes OS Project, http://www.qubes-os.org | ||
| # | ||
| # Copyright (C) 2017 Marta Marczykowska-Górecka |
rpm_spec/qubes-qrexec-dom0.spec.in
Outdated
| # and then start it back | ||
| if systemctl is-enabled qubes-qrexec-policy-daemon.service >/dev/null 2>&1; then | ||
| systemctl start qubes-qrexec-policy-daemon.service | ||
| fi |
There was a problem hiding this comment.
Is this %posttrans section really necessary? It is in the -vm package, because qubes-qrexec-agent.service was present before in a different package (was moved from qubes-core-agent-linux to qubes-core-qrexec). But the policy daemon wasn't here before.
qrexec/policy/parser.py
Outdated
| @@ -1357,7 +1359,7 @@ class FilePolicy(AbstractFileSystemLoader, AbstractPolicy): | |||
| ... 'qrexec.Service', '+argument', 'source-name', 'target-name', | |||
| ... system_info=qrexec.utils.get_system_info()) | |||
| >>> resolution = policy.evaluate(request) | |||
| >>> resolution.execute('process-ident') | |||
| >>> resolution.execute('process-ident') # this method is asynchroneous | |||
There was a problem hiding this comment.
I'd add this for clarity:
| >>> resolution.execute('process-ident') # this method is asynchroneous | |
| >>> await resolution.execute('process-ident') # this method is asynchroneous |
qrexec/tools/qrexec_policy_daemon.py
Outdated
| OPTIONAL_REQUEST_ARGUMENTS | ||
|
|
||
|
|
||
| class DaemonResolution(AllowResolution): |
Also includes rudimentary protocol documentation. Contains only pure policy daemon that's not used by anything yet. references QubesOS/qubes-issues#5125
Rewritten qrexec-daemon to use policy daemon instead of running policy-exec separately for each call. If daemon fails, falls back to old solution. fixes QubesOS/qubes-issues#5125
Log message and daemon response now are sent before the call is fully executed. Fixed daemon socket permissions being wrong. No more duplicate logs. Calls are now handled asynchroneously.
Policy parser will now be cached and updated only when changes in policy directories occured.
marmarta
force-pushed
the
qrexec-policy-daemon
branch
from
46094a4 to
bf57fe5
Compare
|
|
||
| [Service] | ||
| Type=simple | ||
| ExecStart=/usr/bin/qrexec-policy-daemon |
There was a problem hiding this comment.
It would be nice if this used socket activation.
Yes, if policy daemon isn't running/can't start for any reason. Having some kind of fallback is especially useful with GUI VM (qrexec as the only interface to dom0). This is also why socket activation may not be the best idea - it would prevent such fallback from working. On the other hand, automatic restart on crash may be worth adding. |
|
I'll merge this PR only after #3, as conflict resolution will be much easier this way. |
Rewritten qrexec-daemon to use policy daemon instead of running
policy-exec separately for each call. If daemon fails, falls back
to old solution. Also contains some tests.
fixes QubesOS/qubes-issues#5125