Help with qvm-run

[Manuel Amador (Rudd-O)]

What source code files should I start looking into, to add support for qvm-run (qrexec) to accept stdin and pipe it into the remote stdin process?

At the moment, it does not seem to support me running stuff like chef or salt-ssh over the pipes it sets up for the purpose of running commands over the "wire" between VMs. Stuff like "qvm-run VMa cat < /etc/fstab" run from VMb does not seem to cat anything from VMa.

Yes, I tried qubes-users, they had no answer to my question, so I'm diving into the source code.

Thanks in advance.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

[Marek Marczykowski-Górecki]

On 13.02.2014 07:11, Manuel Amador (Rudd-O) wrote:
> What source code files should I start looking into, to add support for qvm-run (qrexec) to accept stdin and pipe it into the remote stdin process?
>
> At the moment, it does not seem to support me running stuff like chef or salt-ssh over the pipes it sets up for the purpose of running commands over the "wire" between VMs. Stuff like "qvm-run VMa cat < /etc/fstab" run from VMb does not seem to cat anything from VMa.

Indeed qvm-run in VM work only in one direction, like:
qvm-run VMa cat /etc/fstab

Once again take a look here: http://wiki.qubes-os.org/trac/wiki/Qrexec

Using qvm-run as an example.
/usr/bin/qvm-run:
(...)
exec /usr/lib/qubes/qrexec-client-vm $VMNAME qubes.VMShell
"/usr/lib/qubes/qrun-in-vm" "$@"

This triggers qubes.VMShell in $VMNAME. Whatever this service is doing, its
stdin/stdout will be connected to /usr/lib/qubes/qrun-in-vm (with arguments)
in local VM. So qrun-in-vm stdin/out is connected to remote end. What about
local stdin/stdout? There are available at different FD:
$SAVED_FD_0
$SAVED_FD_1
(and $SAVED_FD_2 if requested)
So if qrun-in-vm want to send something to remote end, it outputs it to normal
stdout. If want output to local user terminal, prints it to $SAVED_FD_1:
echo something >&$SAVED_FD_1

Take a look at remote VM for a moment: qubes.VMShell is defined in
/etc/qubes-rpc/qubes.VMShell. This file contains command started when service
is called. Its stdin/out is connected to remote end (and no local stdin/out in
this case, because command isn't called from terminal on this connection side).
The qubes.VMShell contains single line:
/bin/bash

So whatever is written to it, will be executed as shell command. And further
input will be passed to that command (until it terminates).

So going back to local VM take a look at qrun-in-vm:
#!/bin/sh
# pass aguments to the remote stdin, shovel back the remote output
echo "$@"
exec /bin/cat >&$SAVED_FD_1

So first it prints its arguments (so qvm-run arguments) to remote end, which
will be passed to bash stdin and executed. Then cat is used to pipe stdin (so
data from remote end) to $SAVED_FD_1 (so local, qvm-run, stdout).
If you want bi-directional connection here, you need to replace above cat with
something, which will pass the data in both directions:
STDIN(0) -> LOCAL STDOUT ($SAVED_FD_1)
LOCAL STDIN ($SAVED_FD_0) -> STDOUT (1)

Perhaps socat(1) will do. Or two cat calls (running simultaneously, one in
background).

If you need to do something totally different using Qubes RPC, just write own
service.

I don't know how to explain it better.

--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[Manuel Amador (Rudd-O)]

Thanks. This is very helpful.