From 5ed4a048a08516a12c6e7c28baaa4f46e65cd286 Mon Sep 17 00:00:00 2001 From: Alex Pyrgiotis Date: Tue, 22 Oct 2024 20:30:55 +0300 Subject: [PATCH] qubes: Do not close stderr Do not close stderr as part of the Qubes termination logic, since we need to read the debug logs. This shouldn't affect typical termination scenarios, since we expect our disposable qube to be either busy reading from stdin, or writing to stdout. If this is not the case, then forcefully killing the `qrexec-client-vm` process should unblock the qube. --- dangerzone/isolation_provider/qubes.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dangerzone/isolation_provider/qubes.py b/dangerzone/isolation_provider/qubes.py index dd1f181..61a7c8d 100644 --- a/dangerzone/isolation_provider/qubes.py +++ b/dangerzone/isolation_provider/qubes.py @@ -70,14 +70,18 @@ class Qubes(IsolationProvider): standard streams explicitly, so that we can afterwards use `Popen.wait()` to learn if the qube terminated. + Note that we don't close the stderr stream because we want to read debug logs + from it. In the rare case where a qube cannot terminate because it's stuck + writing at stderr (this is not the expected behavior), we expect that the + process will still be forcefully killed after the soft termination timeout + expires. + [1]: https://github.com/freedomofpress/dangerzone/issues/563#issuecomment-2034803232 """ if p.stdin: p.stdin.close() if p.stdout: p.stdout.close() - if p.stderr: - p.stderr.close() def teleport_dz_module(self, wpipe: IO[bytes]) -> None: """Send the dangerzone module to another qube, as a zipfile."""