almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

qubes: Do not close stderr
Some checks are pending
Build dev environments / Build dev-env (debian-bookworm) (push) Waiting to run
Details
Build dev environments / Build dev-env (debian-bullseye) (push) Waiting to run
Details
Build dev environments / Build dev-env (debian-trixie) (push) Waiting to run
Details
Build dev environments / Build dev-env (fedora-39) (push) Waiting to run
Details
Build dev environments / Build dev-env (fedora-40) (push) Waiting to run
Details
Build dev environments / Build dev-env (fedora-41) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-20.04) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-22.04) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-23.10) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-24.04) (push) Waiting to run
Details
Build dev environments / Build dev-env (ubuntu-24.10) (push) Waiting to run
Details
Build dev environments / build-container-image (push) Waiting to run
Details
Check branch conformity / prevent-fixup-commits (push) Waiting to run
Details
Tests / run-lint (push) Waiting to run
Details
Tests / build-container-image (push) Waiting to run
Details
Tests / Download and cache Tesseract data (push) Waiting to run
Details
Tests / windows (push) Blocked by required conditions
Details
Tests / macOS (arch64) (push) Blocked by required conditions
Details
Tests / macOS (x86_64) (push) Blocked by required conditions
Details
Tests / build-deb (debian bookworm) (push) Blocked by required conditions
Details
Tests / build-deb (debian bullseye) (push) Blocked by required conditions
Details
Tests / build-deb (debian trixie) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 20.04) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 22.04) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 23.10) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 24.04) (push) Blocked by required conditions
Details
Tests / build-deb (ubuntu 24.10) (push) Blocked by required conditions
Details
Tests / install-deb (debian bookworm) (push) Blocked by required conditions
Details
Tests / install-deb (debian bullseye) (push) Blocked by required conditions
Details
Tests / install-deb (debian trixie) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 20.04) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 22.04) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 23.10) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 24.04) (push) Blocked by required conditions
Details
Tests / install-deb (ubuntu 24.10) (push) Blocked by required conditions
Details
Tests / build-install-rpm (fedora 39) (push) Blocked by required conditions
Details
Tests / build-install-rpm (fedora 40) (push) Blocked by required conditions
Details
Tests / build-install-rpm (fedora 41) (push) Blocked by required conditions
Details
Tests / run tests (debian bookworm) (push) Blocked by required conditions
Details
Tests / run tests (debian bullseye) (push) Blocked by required conditions
Details
Tests / run tests (debian trixie) (push) Blocked by required conditions
Details
Tests / run tests (fedora 39) (push) Blocked by required conditions
Details
Tests / run tests (fedora 40) (push) Blocked by required conditions
Details
Tests / run tests (fedora 41) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 20.04) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 22.04) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 23.10) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 24.04) (push) Blocked by required conditions
Details
Tests / run tests (ubuntu 24.10) (push) Blocked by required conditions
Details
Scan latest app and container / security-scan-container (push) Waiting to run
Details
Scan latest app and container / security-scan-app (push) Waiting to run
Details

Browse source 
Do not close stderr as part of the Qubes termination logic, since we
need to read the debug logs. This shouldn't affect typical termination
scenarios, since we expect our disposable qube to be either busy reading
from stdin, or writing to stdout. If this is not the case, then
forcefully killing the `qrexec-client-vm` process should unblock the
qube.
This commit is contained in:
Alex Pyrgiotis 2024-10-22 20:30:55 +03:00
parent 50627d375c
commit 5ed4a048a0
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
dangerzone/isolation_provider/qubes.py
View file

@ -70,14 +70,18 @@ class Qubes(IsolationProvider):
standard streams explicitly, so that we can afterwards use `Popen.wait()` to standard streams explicitly, so that we can afterwards use `Popen.wait()` to
learn if the qube terminated. learn if the qube terminated.
Note that we don't close the stderr stream because we want to read debug logs
from it. In the rare case where a qube cannot terminate because it's stuck
writing at stderr (this is not the expected behavior), we expect that the
process will still be forcefully killed after the soft termination timeout
expires.
[1]: https://github.com/freedomofpress/dangerzone/issues/563#issuecomment-2034803232 [1]: https://github.com/freedomofpress/dangerzone/issues/563#issuecomment-2034803232
""" """
if p.stdin: if p.stdin:
p.stdin.close() p.stdin.close()
if p.stdout: if p.stdout:
p.stdout.close() p.stdout.close()
if p.stderr:
p.stderr.close()
def teleport_dz_module(self, wpipe: IO[bytes]) -> None: def teleport_dz_module(self, wpipe: IO[bytes]) -> None:
"""Send the dangerzone module to another qube, as a zipfile.""" """Send the dangerzone module to another qube, as a zipfile."""