Opening URL's in a dispvm no longer works

I have used Qubes for quite some time, and this is the first time this issue has happened. I don’t know what I did when it happened, but I’m pretty sure I wasn’t making any changes to the dispvm.

Since a few days, I have been unable to open a URL in a dispvm. That is to say that qvm-open-in-vm '$dispvm' http://some.url/ fails. What happens is that the dispvm starts, and immediately shuts down.

Manually opening Firefox in a dispvm works fine. And I’m also able to open other file types in a dispvm (such as PDF’s).

I’ve run out of ideas as to what to check, so I’m coming here in case someone has seen it before. Is there anyone that can provide advice?

What template is the dispVM based on, and what modifications have you made
to it?

In the disposableVM Template, I would check that you have lost the
connection between http://foo requests and Firefox, or any other browser
you have set as default.

qvm-open-in-vm has a special case for inputs *://* - it calls a qrexec
function that calls qubes.OpenURL on the target.
That file is found in /etc/qubes-rpc/ - you’ll see it calls
qubes-open, and that file is a wrapper to xdg-open

So, in brief, see what qubes-open and xdg-open
do in the disposableVM Template.

Thank you for the tips.

I’ve looked at the rpc definitions, and I note that qubes.OpenURL calls qubes-open in the DVM. I tried starting the DVM and run that commend manually, and it does open the URL properly.

I also tried switching to feodra-32-dvm, which I still have installed, and the problem remains there as well. So I don’t think the problem is related to the DVM itself.

I also tried running qvm-open-in-dvm from a VM with a Debian template, in case the problem is in my Fedora template, but the issue remains.

So I’ve tried changing templates for dispvm as well as the calling system, which suggests the problem must be in dom0. I have no idea where to look though.

Right - can you try crafting a command by hand:
/usr/lib/qubes/qrexec-client-vm <name> qubes.OpenURL /bin/echo ""

Then confirm that qvm-open-in-vm works.
Since the disposableVM opens it suggests that there’s nothing wrong at
the policy end, but in the way that parameters are being passed
through to the disposableVM.
qvm-open-in-dvm should have this line as call:
exec qvm-open-in-vm '$dispvm' "$@"
But since your problem crosses templates, it’s unlikely to be there.

What shell are you using in the caller and the disposableVM?

Thanks. I’ve done some more testing, and I followed the sequence of various shellscripts that eventually leads to Firefox being started. I noted that once it reached the point where it’s supposed to start, the VM immediately is killed.

I even modified /etc/qubes-rpc/qubes.OpenURL and directly called Direfox from there (i.e. immediately after reading the URL, I call firefox "$url". The VM immediately gets killed.

Then I tried to put the following in the beginning of the script:

( firefox "$arg" ) &

What happened was that xterm was started and the window displayed. I even had time to type some character before Firefox got to the point where the VM shut down.

If I remove the line which starts Firefox, then the xterm session runs until I close the window.

That’s as far as I’ve come in my investigation. This is really weird.

Can you:

  1. Open a disposableVM with a terminal.
    Open firefox from the terminal
  2. Open a disposableVM with a terminal.
    Open firefox in that disposableVM from dom0 - not loading a page, just
    opening the browser.

Point 1, open a dispvm terminal and launch firefox from there:

This woks fine. The Firewfox session is started and everything works correctly.

Point 2, open Firefox via dom0

I ran the following from dom0: qvm-run disp2470 firefox. This worked fine.

qvm-open on an already opened dispvm

I opened a new dispvm terminal and from a different VM ran the following:

qvm-open-in-vm disp1353

I had to pick the dispvm name in the dialog box that popped up again, but that’s expected. This actually works. Firefox gets started on the vm correctly.

Trying to use qvm-open on a regular VM

In this test, I ran the exact same command as I did above, but using a regular VM start was not started. This worked fine, the VM started and Firefox is shown.

Trying to start firefox manually from qubes.OpenURL

For this test, I edited the script /etc/qubes-rpc/qubes.OpenURL in the template and put a call to xterm just after the read -r url. Removing some log messages, this is what it looks like:

read -r url
    sleep 10
    firefox "$url"
) &

I then shut down my template and ran qvm-open-in-dvm from a different VM.

The following happened:

  1. The xterm window appeared
  2. In the xterm, I type: firefox
  3. Firefox opens and displays google
  4. I close the firefox window
  5. I exit the session in xterm
  6. Another xterm immediately pops up
  7. I work in the new xterm session for 10 seconds
  8. After the 10 seconds have passed, the script tries to start Firefox and the VM exits

I finally figured out what triggers it. The problem is the the dispvm gets terminated as soon as any output is written to stdout.

I can immediately cause the dispvm to exist if I add a simple echo some text message in the qubes.OpenURL script. This means that I can work around the problem by starting Firefox using firefox "$args" >/dev/null.

I note that Firefox is now printing the following to stdout when starting:

[GFX1-]: No GPUs detected via PCI

I guess is a newly added message, but it still doesn’t explain why output to stdout terminates the dispvm.

This is very odd, and it seems to only happen when dispvm’s are started.