On Thu, September 6, 2018 8:19 pm, John S.Recdep wrote: > On 09/06/2018 02:45 AM, 'awokd' via qubes-users wrote: > >> On Wed, September 5, 2018 12:21 am, John S.Recdep wrote: >> >>> Hello, >>> >>> >>> >>> while upgrading to sys-whonix-14 many weeks ago, I was fighting to >>> maintain my Fedora and Debian Template to keep using sys-net not >>> sys-whonix-14 >>> >>> and sys-whonix-gw and -ws to use sys-whonix-14 , which are otherwise >>> working fine and I hesitate to mess with >>> /etc/qubes-rpc/policy/qubes.UpdatesProxy >>> >>> >>> >>> >>> However, once in a while I am concerned that sys-whonix-14 is >>> starting when I am NOT updating anything eg in dom0 today : >>> >>> qvm-run -a fooappVM fooapplication (for a fooappVM that wasn't >>> open) and sys-whonix-14 was shutdown >>> >>> for some reason it started up >> >> This could happen if fooappVM's netvm is set to sys-whonix-14. >> >> >>> my /etc/qubes-rpc/policy/qubes.UpdatesProxy ; looks like this : >> >>> $type:TemplateVM $default allow,target=sys-whonix-14 >>> >> >> This line, since it is first, means all templates will be updated >> through sys-whonix-14. Maybe when you started fooapplication, Qubes >> checked the related template for any updates? >> >> > > Thanks for your reply, well I've checked only anon-whonix dispVM3400 and > whonix-ws-dvm-14 are using sys-whonix-14
OK. > I'm pretty sure fedora-28 and Debian-9 are updating over sys-net They're not. :) > $qubes-prefs > updatevm - sys-net > > is the dom0 says This only describes how dom0 will update. > 3)hmm, oh so, dom0 when it starts checks templates for any new versions > say of firefox, and that requires the template to start and use the > designated netvm even if the templates are set to "none" ..... > .........maybe this only applies if the application is started from dom0 > via qvm-run with its associated appvm also closed guess I needed to > further test it .... Close- when dom0 checks for template updates it needs to start the VM specified for template updates, which in your case is sys-whonix-14. > 4) if you are using sys-net for Deb/Fedora updates and sys-whonix-14 > for -gw -ws update could you please post your /qubes.UpdatesProxy for > me I'm not, but to do so you would change the FIRST occurrence to read "$type:TemplateVM $default allow,target=sys-net". The existing "$tag:whonix-updatevm $default allow,target=sys-whonix-14" line means your whonix related templates will continue to be updated through sys-whonix-14. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9365bc10f9f6693a8940ecd50479e0ea.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
