From 9de6171a433dc3e4855971d69562c8750c393622 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 5 May 2014 05:27:08 +0200
Subject: [PATCH] qubes-rpc: log (local) service output to syslog, discard
 stderr from VMs (#842)

Basically - store the logs where the service is running.
---
 qrexec/qrexec-policy         | 3 +++
 qrexec/qubes-rpc-multiplexer | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/qrexec/qrexec-policy b/qrexec/qrexec-policy
index 2922f63..501d0f4 100755
--- a/qrexec/qrexec-policy
+++ b/qrexec/qrexec-policy
@@ -122,6 +122,9 @@ def do_execute(domain, target, user, exec_index, process_ident):
         spawn_target_if_necessary(target)
         cmd= QREXEC_CLIENT + " -d " + target + " '" + user
         cmd+=":QUBESRPC "+ exec_index + " " + domain + "'"
+    # stderr should be logged in source/target VM
+    null = open(os.devnull, 'w')
+    os.dup2(null.fileno(), 2)
     os.execl(QREXEC_CLIENT, "qrexec-client", "-d", domain, "-l", cmd, "-c", process_ident)
 
 def confirm_execution(domain, target, exec_index):
diff --git a/qrexec/qubes-rpc-multiplexer b/qrexec/qubes-rpc-multiplexer
index 2818de5..1315c0f 100755
--- a/qrexec/qubes-rpc-multiplexer
+++ b/qrexec/qubes-rpc-multiplexer
@@ -1,4 +1,10 @@
 #!/bin/sh
+
+mkfifo /tmp/qrexec-rpc-stderr.$$
+logger -t "$1-$2" -f /tmp/qrexec-rpc-stderr.$$ &
+exec 2>/tmp/qrexec-rpc-stderr.$$
+rm -f /tmp/qrexec-rpc-stderr.$$
+
 QUBES_RPC=/etc/qubes-rpc
 # XXX: Backward compatibility
 DEPRECATED_QUBES_RPC=/etc/qubes_rpc