@marmarek:
When Whonix Workstation (for example anon-whonix) is properly shutdown, it executes whonix.NewStatus+anon-whonix_shutdown call to unregister itself from sdwdate in Whonix Gateway. But when anon-whonix is killed or crashed, that unregister call isn't made, and sdwdate still periodically calls whonix.SdwdateStatus, which causes anon-whonix started again. -> @Patrick said: This part would fixed by Qubes #7169 / PR 13.
Ideas how to solve this:
- make one call whonix.NewStatus that a) registers new domain, b) waits for EOF from the other end (cat >/dev/null or such) c) unregisters domain. This way, when the other end is terminated, the EOF will still be delivered, as the connection will be terminated.
- Use just one call ws->gw to receive status updates, to avoid whonix.SdwdateStatus calls at all. If data flow would be tricky to do this natively, whonix.NewStatus (or renamed if appropriate) could listen on on a unix socket (with a VM name in path) with socat, and whatver would call whonix.SdwdateStatus, could connect to that socket instead.
- Modify qrexec policy syntax to allow autostart=no or similar in the policy. This way, whonix.SdwdateStatus could be configured to not start the domain. (I think I want this feature anyway, but not sure if this is really the best fit to fix this issue). -> EDIT by Patrick: Created Qubes #7168 for it.
Slightly offtopic:
- what whonix.SdwdateStatus calls are for? sdwdate-gui runs and show status in sys-whonix, so why is anon-whonix making the calls?
Edit by Patrick:
- /usr/lib/python3/dist-packages/sdwdate_gui/sdwdate_watcher.py in anon-whonix notifies sys-whonix by running /usr/bin/qrexec-client-vm sys-whonix whonix.NewStatus+status.
- /usr/libexec/sdwdate-gui/notify-shutdown in anon-whonix notifies sys-whonix by running /usr/bin/qrexec-client-vm sys-whonix whonix.NewStatus+shutdown.
- In sys-whonix sdwdate-gui-qubes polls the status from VMs using for example:
qrexec-client-vm anon-whonix whonix.SdwdateStatus
{"icon": "busy", "message": "Initial time fetching in progress..."}
whonix.NewStatus seems to get remote VM name from an argument; this could be spoofed by the source VM; reliable way to get remote domain name in qrexec service is QREXEC_REMOTE_DOMAIN env variable.(Fixed.)- BTW for some reason this disappeared from qrexec3 documentation, it's only mentioned in qrexec2...