Re: [qubes-users] Qubes OS Daemon Failed to Start After Reboot
Kevin C.: Greetings, This morning I attempted to create an Android VM with this guide I saw: https://groups.google.com/forum/#!msg/qubes-users/HGAT6DmuQkM/QAEnw46RDAAJ I created a VM named "iso" to store my built Android x86 iso, but somehow the Android VM could not boot using the iso in the "iso" VM (Android VM said no bootable device). So I removed the "iso" VM and Android VM and rebooted to try again. But after rebooting, all of my VMs refused to start. I checked the log (see attached pic) and it seems to have something to do with qubesd.service. Currently I can't find a way to fix it, so any help would be appreciated! Looks like it might not have completely removed that "iso" VM. Try to qvm-remove it again. Not sure if it will work, but you could also try to make a backup copy of and edit your /var/lib/qubes/qubes.xml file, find the "iso" domain (look for property name="name">iso), delete everything between and including the opening and closing domain tags and reboot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d6863de-10b4-a8b9-a513-81245a5983b3%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Issue with sys-firewall after install
newqubesu...@gmail.com: Here's the actual error message. [Dom0] Error ['/usr/bin/qvm-start', 'sys-firewall'] failed: stdout: "" stderr: "qrexec-daemon startup failed: Connection to the VM failed " OK So maybe the template was created and works, but it just didn't start for whatever reason? Usually sys-firewall failing to start is caused by sys-net not starting. So yes, if everything looks good now in Qube Manager or qvm-ls and your networking is working, I wouldn't worry about one startup error. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/40325607-a8e2-03ff-7ea0-a1e466704c09%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Debian minimal template
haaber wrote on Tue, 05 February 2019 01:10 > >>> > Remark: I did manage to run debian-minimal as sys-usb > that way (let me > mention that the required package qubes-proxy is not > mentioned in the > online DOC! this is the same for fedora-minimal and > debian-minimal ). > -- Just a quick note that I fell in the same hole: the package is qubes-usb-proxy and it is mentioned further down that page, just not where one would obviously cut the package names from. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/acd.5c58f6aa%40qubes-os.info. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Debian minimal template
thank you unman. I tried to use it as sys-net, but 1) network-manager did not start on boot 2) when starting it by hand, I got the impression that the network-manager data is stored elsewhere under debian than under fedora - to the effect that I lost all saved wireless connections! Is there an easy way to cure that? Bernhard Andrew has quite correclty pointed out the complete absence of any documentation on how to use the debian-9-minimal template. I'll try to remedy this soon. In the meantime you could follow the guidelines for using the fedora-minimal template. (Apologies if you've already done this.) Remark: I did manage to run debian-minimal as sys-usb that way (let me mention that the required package qubes-proxy is not mentioned in the online DOC! this is the same for fedora-minimal and debian-minimal ). That did not work exactly the same for sys-net, since NetworkManager-wifi will be called network-manager under debian I guess that is the one I need? Are there other packages to be added ?? dejavu-sans-fonts does not seem to exist under debian Is it really needed? Of course I added firmware for my wireless chipset. The wireless connection information is actually stored under /rw/config , so it wont be lost.(Check it's there) Yes, it is there, no worries. In Debian, Network manager information is held under /etc/NetworkManager, which is, I would have thought, the same as Fedora. maybe you're right and the problem is somewhere else. I re-bootet sys-net with debian-minimal, and here is what I see (no clue what it means, though). Any ideas? Bernhard root@sys-net:~# service network-manager status ● NetworkManager.service - Network Manager Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled) Drop-In: /lib/systemd/system/NetworkManager.service.d └─30_qubes.conf Active: failed (Result: exit-code) since Tue 2019-02-05 12:00:59 AEDT; 45s ago Docs: man:NetworkManager(8) Process: 568 ExecStartPre=/usr/lib/qubes/network-manager-prepare-conf-dir (code=exited, status=203/EXEC) Feb 05 12:00:58 sys-net systemd[1]: Failed to start Network Manager. Feb 05 12:00:58 sys-net systemd[1]: NetworkManager.service: Unit entered failed state. Feb 05 12:00:58 sys-net systemd[1]: NetworkManager.service: Failed with result 'exit-code'. Feb 05 12:00:59 sys-net systemd[1]: NetworkManager.service: Service hold-off time over, scheduling restart. Feb 05 12:00:59 sys-net systemd[1]: Stopped Network Manager. Feb 05 12:00:59 sys-net systemd[1]: NetworkManager.service: Start request repeated too quickly. Feb 05 12:00:59 sys-net systemd[1]: Failed to start Network Manager. Feb 05 12:00:59 sys-net systemd[1]: NetworkManager.service: Unit entered failed state. Feb 05 12:00:59 sys-net systemd[1]: NetworkManager.service: Failed with result 'exit-code'. root@sys-net:~# -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d1dd534-b97d-34cb-0339-c1001f9c1796%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Warning when following steps forSteps for Fedora 26 TemplateVM updates
I followed all the steps, I did the one for dom0 first successfully. I think. I didn't get any errors back, anyhow. Anyhow for the fedora one, I get this code. ** (gedit:813): WARNING **: 16:37:57.513: Set document metadata failed: Setting attribute metadata: :gedit-position not supported I get this 3 times. When I go back to look, it appears to have saved the changes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b933158e-b888-4780-8103-c0aebc6ad60f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB qube when installed on external SSD
On Mon, Feb 04, 2019 at 12:34:28AM -0800, newqubesu...@gmail.com wrote: > So, quick question that I can't find asked anywhere. I'm installing qubes. > Hopefully for the last time. I'm wondering if I can create the USB qube when > I'll be booting from an external SSD. I'm thinking no because it would > potentially cut itself off... If I'm right about this, is there another way > to securely use USBs? Or maybe make the qube, but omit the SSD? > The answer depends on how many USB controllers you have.(I'm assuming that your SSD is connected via USB, although you dont actually say this.) If you only have one controller, then you're right about cutting it off. If you have two you can allocate one to sys-usb, and connect other USB devices to it. Look at www.qubes-os.org/doc/usb and www.qubes-os.org/doc/assigning-devices/ for advice on identifying USB controllers. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190205004936.ajx67uithznjfrso%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Debian minimal template
On Tue, Feb 05, 2019 at 11:34:24AM +1100, haaber wrote: > > On Mon, Feb 04, 2019 at 04:47:44PM +1100, haaber wrote: > > > Hello, does someone know if the debian-9-minimal template is pre- or > > > post- APT-vulnerability? Is it being "maintained" as well as debian-9 > > > itself? Thank you, Bernhard > > > > > > > > > > The debian-9-minimal template in the templates-itl-testing repository > > (201901271906) is post-APT vuln. > > It is maintained in precisely the same way as debian-9 itself. > > > thank you unman. I tried to use it as sys-net, but > 1) network-manager did not start on boot > 2) when starting it by hand, I got the impression that the > network-manager data is stored elsewhere under debian than under fedora > - to the effect that I lost all saved wireless connections! > > Is there an easy way to cure that? Bernhard Andrew has quite correclty pointed out the complete absence of any documentation on how to use the debian-9-minimal template. I'll try to remedy this soon. In the meantime you could follow the guidelines for using the fedora-minimal template. (Apologies if you've already done this.) The wireless connection information is actually stored under /rw/config , so it wont be lost.(Check it's there) In Debian, Network manager information is held under /etc/NetworkManager, which is, I would have thought, the same as Fedora. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190205004243.u3cfklfh26colrrk%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to do the extra configuration needed on a new template
On Sun, Feb 03, 2019 at 10:16:55PM -0800, Sphere wrote: > So I got a new Fedora-29 template but the problem is that after assigning it > to sys-net/sys-firewall all it shows is something similar to what you when > you start a generic PC after BIOS POST. > > All that's in this link: > https://www.qubes-os.org/news/2019/01/07/fedora-29-template-available/ > > Is how to get the template but I don't think I found anywhere detailing what > to do afterwards. > I'm not clear what you mean by this: "what you when you start a generic PC after BIOS POST". Once you have installed the template (with dnf or qubes-dom0-update), then all you have to do is assign it to qubes as required. Those qubes will then start using the assigned template. You can confirm this by opening a terminal in sys-net and observing contents of /etc/fedora-release -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190205003525.oyr2mp4iduk4w4me%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Debian minimal template
On Mon, Feb 04, 2019 at 04:47:44PM +1100, haaber wrote: Hello, does someone know if the debian-9-minimal template is pre- or post- APT-vulnerability? Is it being "maintained" as well as debian-9 itself? Thank you, Bernhard The debian-9-minimal template in the templates-itl-testing repository (201901271906) is post-APT vuln. It is maintained in precisely the same way as debian-9 itself. thank you unman. I tried to use it as sys-net, but 1) network-manager did not start on boot 2) when starting it by hand, I got the impression that the network-manager data is stored elsewhere under debian than under fedora - to the effect that I lost all saved wireless connections! Is there an easy way to cure that? Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e860c549-c5cd-6eaf-827d-5cde2b00d4a9%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Debian minimal template
On Mon, Feb 04, 2019 at 04:47:44PM +1100, haaber wrote: > Hello, does someone know if the debian-9-minimal template is pre- or > post- APT-vulnerability? Is it being "maintained" as well as debian-9 > itself? Thank you, Bernhard > > The debian-9-minimal template in the templates-itl-testing repository (201901271906) is post-APT vuln. It is maintained in precisely the same way as debian-9 itself. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190205003051.qrtxfivfjbksy34f%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Some VMs on an external disk (unavailable at boot)
On 2/4/19 4:12 PM, Stuart Perkins wrote: On Mon, 4 Feb 2019 21:27:44 +0100 Stefan Schlott wrote: On 2/4/19 5:59 PM, Stuart Perkins wrote: I do not know the official stance or method, but I symbolically link from the standard appVM location to my other drive where I have the larger appVM's. Mine is always available so I don't know if Qubes would boot if it weren't, but it is a thought...obviously the drive would need to be available to start the appVM's located thereon. This is what I did on Qubes 3.2. On Qubes 4.0, I used the new thin pool provisioning, so the symlink trick doesn't work anymore... Stefan. Ah, but if the path must be "provisioned" in order to boot qubes itself, that sounds like a more difficult way to do it. The workaround would be to have either A) installed Qubes with a regular filesystem (without thin LVM) or B) setup a secondary but "always available" non-LVM pool on your internal drive. Then symlinks can be used. @Stefan: Would you post this as a feature-request issue? If not, I may do so because having Qubes support removable storage pools automatically could be valuable to a lot of people. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1e5b11c0-0971-fe0e-ad09-5e5564396762%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Some VMs on an external disk (unavailable at boot)
On Mon, 4 Feb 2019 21:27:44 +0100 Stefan Schlott wrote: >On 2/4/19 5:59 PM, Stuart Perkins wrote: > >> I do not know the official stance or method, but I symbolically link from >> the standard appVM location to my other drive where I have the larger >> appVM's. Mine is always available so I don't know if Qubes would boot if it >> weren't, but it is a thought...obviously the drive would need to be >> available to start the appVM's located thereon. > >This is what I did on Qubes 3.2. On Qubes 4.0, I used the new thin pool >provisioning, so the symlink trick doesn't work anymore... > >Stefan. > > Ah, but if the path must be "provisioned" in order to boot qubes itself, that sounds like a more difficult way to do it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190204151227.6154deb7%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Some VMs on an external disk (unavailable at boot)
On 2/4/19 5:59 PM, Stuart Perkins wrote: > I do not know the official stance or method, but I symbolically link from the > standard appVM location to my other drive where I have the larger appVM's. > Mine is always available so I don't know if Qubes would boot if it weren't, > but it is a thought...obviously the drive would need to be available to start > the appVM's located thereon. This is what I did on Qubes 3.2. On Qubes 4.0, I used the new thin pool provisioning, so the symlink trick doesn't work anymore... Stefan. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b38db73c-1ab3-25a5-042b-5f4b3441ee7f%40ploing.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Some VMs on an external disk (unavailable at boot)
On Mon, 4 Feb 2019 10:15:28 +0100 Stefan Schlott wrote: >Hi, > >I'd like to have some VMs on a secondary disk. I successfully followed >the guidelines from https://www.qubes-os.org/doc/secondary-storage/ > >Troubles arise when the disk is not available at boot time. I'm working >on some mount/unmount scripts which adds/removes the storage pools. But >it seems that this is not enough: Upon reboot (with the pool from the >secondary disk removed), the qubesd terminates with an exception, >causing the whole Qubes installation not to boot properly. > >First, I added some try-catch in qubes/app.py (line 905) so the qubesd >starts even if some VMs cause errors. Perhaps this would be a general >nice behaviour? > >After re-adding the pool, all VMs from the secondary disk pointed to the >primary pool. Manually editing the /var/lib/qubes/qubes.xml fixed the >issue, so I now have a working system again. > >My question: Is there a procedure to properly handle such a second disk >(unavailable at boot time)? > > >Stefan. > I do not know the official stance or method, but I symbolically link from the standard appVM location to my other drive where I have the larger appVM's. Mine is always available so I don't know if Qubes would boot if it weren't, but it is a thought...obviously the drive would need to be available to start the appVM's located thereon. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190204105928.033cf805%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Some VMs on an external disk (unavailable at boot)
Hi, I'd like to have some VMs on a secondary disk. I successfully followed the guidelines from https://www.qubes-os.org/doc/secondary-storage/ Troubles arise when the disk is not available at boot time. I'm working on some mount/unmount scripts which adds/removes the storage pools. But it seems that this is not enough: Upon reboot (with the pool from the secondary disk removed), the qubesd terminates with an exception, causing the whole Qubes installation not to boot properly. First, I added some try-catch in qubes/app.py (line 905) so the qubesd starts even if some VMs cause errors. Perhaps this would be a general nice behaviour? After re-adding the pool, all VMs from the secondary disk pointed to the primary pool. Manually editing the /var/lib/qubes/qubes.xml fixed the issue, so I now have a working system again. My question: Is there a procedure to properly handle such a second disk (unavailable at boot time)? Stefan. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54e37a4d-7a38-12f7-7333-83e24506a258%40ploing.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Issue with sys-firewall after install
On Saturday, February 2, 2019 at 4:08:37 PM UTC-8, awokd wrote: > newqubesu...@gmail.com wrote on 2/2/19 9:04 PM: > > When I do sudo journalctl in terminal, I get these errors. > > > > > > ACPI Error: Field [TBF3] at bit offset/length 188416/196608 exceeds size of > > target buffer (368640 bits) (20170728/dsopcode-235) line 784 > > > > ACPI Error: Method parse/execution failed \_SB.PCI0.PEG.VID.GETB, > > AE_AML_BUFFER_LIMIT (20170728/psparse-550) line 785 > > > > ACPI Error: Method parse/execution failed \_SB.PCI0.PEG.VID.GETB, > > AE_AML_BUFFER_LIMIT (20170728/psparse-550) line 786 > > > > TBD: tbd_open_ex: could not open file /var/lib/xenstored/tbd: No such file > > or directory line 1269 > > > > Checking store ... Line 1270 > > > > Checking store complete. Line 1276 > > > > Error loading modules: Error opening directory > > '/usr/lib64/udisks2/modules': No such file or directory line 1337 > > > > ['/usr/bin/qvm-start', 'sys-firewall'] failed: > > stdout: "" > > stderr: "Cannot connect to qrexec agent for 60 seconds, see > > /var/log/xen/console/guest-sys-net.log for details > > " lines 4829-4832 > > > > Can't find send mail at /usr/sbin/send mail, not mailing output line 5170 > > > > I don't know if any of them are issues, but the last one about the firewall > > I'm a little concerned about. > > > > I did post earlier, but it won't let me reply. Originally, the net wasn't > > working, but it started working on it's own after I rebooted to double > > check it. > > Do you see sys-firewall in Qubes Manager, and is it and sys-net started? > If so, then I wouldn't worry about it unless you continue to have > networking problems. Maybe the error is left over from the install. > > > > Also, on starting, I get a load kernels failure. It's seems common, but > > with no resolution. > > > Correct on both counts. Here's the actual error message. [Dom0] Error ['/usr/bin/qvm-start', 'sys-firewall'] failed: stdout: "" stderr: "qrexec-daemon startup failed: Connection to the VM failed " OK So maybe the template was created and works, but it just didn't start for whatever reason? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/318240c5-b6c5-47e5-bc96-c613cda642f4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] USB qube when installed on external SSD
So, quick question that I can't find asked anywhere. I'm installing qubes. Hopefully for the last time. I'm wondering if I can create the USB qube when I'll be booting from an external SSD. I'm thinking no because it would potentially cut itself off... If I'm right about this, is there another way to securely use USBs? Or maybe make the qube, but omit the SSD? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3fab807-f66c-4995-9d35-56caa8ec6e16%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.