qubes-rpc: log (local) service output to syslog, discard stderr from VMs (#842)

Basically - store the logs where the service is running.

qrexec/qrexec-policy

@@ -122,6 +122,9 @@ def do_execute(domain, target, user, exec_index, process_ident):
         spawn_target_if_necessary(target)
         cmd= QREXEC_CLIENT + " -d " + target + " '" + user
         cmd+=":QUBESRPC "+ exec_index + " " + domain + "'"
+    # stderr should be logged in source/target VM
+    null = open(os.devnull, 'w')
+    os.dup2(null.fileno(), 2)
     os.execl(QREXEC_CLIENT, "qrexec-client", "-d", domain, "-l", cmd, "-c", process_ident)
 
 def confirm_execution(domain, target, exec_index):

qrexec/qubes-rpc-multiplexer

@@ -1,4 +1,10 @@
 #!/bin/sh
+
+mkfifo /tmp/qrexec-rpc-stderr.$$
+logger -t "$1-$2" -f /tmp/qrexec-rpc-stderr.$$ &
+exec 2>/tmp/qrexec-rpc-stderr.$$
+rm -f /tmp/qrexec-rpc-stderr.$$
+
 QUBES_RPC=/etc/qubes-rpc
 # XXX: Backward compatibility
 DEPRECATED_QUBES_RPC=/etc/qubes_rpc