On 7/8/19 2:15 PM, unman wrote: > On Mon, Jul 08, 2019 at 07:24:53PM +0000, Jon deps wrote: >> On 7/3/19 8:50 PM, 'awokd' via qubes-users wrote: >>> Jon deps: >>> >>>> https://www.qubes-os.org/doc/disposablevm-customization/#using-static-disposablevms-for-sys- >>>> >>>> >>>> >>>> I can't really understand what the differences would be?? with a static >>>> dispvm (based on a dispvm-template)???? vs?? just a regular?? sys-net >>>> >>>> if nothing is disposed (static) isn't it just the same >>>> >>> "Static" there refers to the name and VM configuration, not the >>> contents. You only have to set them up once, not every time. >>> >> >> >> so making a sys-net2 as a -C DispVM (with persistent PCI tag) based on a >> custom-dispvm-template has more disposable qualities than >> >> just an appvm based on say Deb-9 template ? >> >> >> and hence might be a security protocol to make and toss sys-net2 (dispvm) >> from time to time or >> >> is it very minor and not worth the effort? >> > > Do you use DisposableVMs instead of a standard appVM? > Why? > If you see an advantage there, then you should see advantage in using > them for sys-. > Since the effort is minimal I'd recommend. > re: https://www.qubes-os.org/doc/disposablevm-customization/#using-static-disposablevms-for-sys-
if one does all this to make a sys-net2 qvm-create -C DispVM -l red sys-net2 qvm-prefs sys-net2 virt_mode hvm qvm-service sys-net2 meminfo-writer off qvm-pci attach --persistent sys-net2 dom0:00_1a.0 qvm-prefs sys-net2 autostart true qvm-prefs sys-net2 netvm '' qvm-prefs sys-net2 provides_network true qvm-prefs sys-net autostart false qvm-prefs sys-firewall netvm sys-net2 qubes-prefs clockvm sys-net2 don't they also have to edit $ sudo nano /etc/qubes-rpc/policy/qubes.UpdatesProxy # Default rule for all TemplateVMs - direct the connection to sys-net $type:TemplateVM $default allow,target=sys-net and change it to sys-firewall or sys-net2 because I'm getting complaint that my pci device is already attached to sys-net2 when I attempt updates if so maybe the documentation needs another line to indicate ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/09d59428-1792-a0c2-3a84-5e6802b7f97f%40riseup.net.
