date:20160605

Re: [qubes-users] No /dev/cdrom present?

2016-06-05 Thread gaikokujinkyofusho

On Sunday, June 5, 2016 at 6:55:35 PM UTC+11, gaikokuji...@gmail.com wrote:
> On Saturday, June 4, 2016 at 12:57:20 PM UTC+11, gaikokuji...@gmail.com wrote:
> > On Thursday, June 2, 2016 at 9:16:16 PM UTC+13, Gaiko wrote:
> > > On Thursday, June 2, 2016 at 8:38:12 PM UTC+6:30, Chris Laprise wrote:
> > > > On 06/02/2016 06:40 PM, gaikokujinkyofu...@gmail.com wrote:
> > > > > Hi I wanted to create a win7 HVM and was going to start off by making 
> > > > > an iso from the CD I have but then I tried the simple dd 
> > > > > if=/dev/cdrom of=~/win7_image.iso and I get an error:
> > > > > dd: failed to open '/dev/cdrom': No such file or directory
> > > > >
> > > > > I tried this from the term in the personal dom, but then opened up 
> > > > > the term from the various doms (including dom0) to see if maybe the 
> > > > > cdrom would show up then? (I am still wrapping my head around how 
> > > > > Qubes works in terms of isolation, like would it perhaps isolate 
> > > > > certain doms from seeing certain devices?)
> > > > >
> > > > > Thoughts?
> > > > 
> > > > Try /dev/sr0 instead (in dom0). You can also try assigning it to a vm 
> > > > with 'qvm-block -a -ro vmname dom0:sr0'
> > > > 
> > > > ...but you have to put the disc in first and it doesn't always work.
> > > > 
> > > > Chris
> > > 
> > > Hi, thanks for the reply. I looked for sr0 as well, it doesn't seem to be 
> > > there either. Below is a list of the devs I have in dom0
> > > 
> > > Thoughts? (thanks in advance!)
> > > 
> > > total 4
> > > drwxr-xr-x  22 root root3820 Jun  2 21:13 .
> > > dr-xr-xr-x. 18 root root4096 Jun  2 14:49 ..
> > > crw---   1 root root 10, 235 Jun  2 20:23 autofs
> > > drwxr-xr-x   2 root root 480 Jun  2 21:13 block
> > > drwxr-xr-x   2 root root  80 Jun  2 21:13 bsg
> > > crw---   1 root root 10, 234 Jun  2 20:23 btrfs-control
> > > drwxr-xr-x   3 root root  60 Jun  2 16:21 bus
> > > drwxr-xr-x   2 root root3940 Jun  2 21:13 char
> > > crw---   1 root root  5,   1 Jun  2 20:23 console
> > > lrwxrwxrwx   1 root root  11 Jun  2 16:21 core -> /proc/kcore
> > > drwxr-xr-x   6 root root 120 Jun  2 16:21 cpu
> > > crw---   1 root root 10,  57 Jun  2 20:23 cpu_dma_latency
> > > crw---   1 root root 10, 203 Jun  2 20:23 cuse
> > > drwxr-xr-x   6 root root 120 Jun  2 21:13 disk
> > > brw-rw   1 root disk253,   0 Jun  2 20:23 dm-0
> > > brw-rw   1 root disk253,   1 Jun  2 20:23 dm-1
> > > brw-rw   1 root disk253,   2 Jun  2 20:23 dm-2
> > > brw-rw   1 root disk253,   3 Jun  2 20:23 dm-3
> > > drwxr-xr-x   2 root root 100 Jun  2 16:21 dri
> > > crw-rw   1 root video29,   0 Jun  2 20:23 fb0
> > > lrwxrwxrwx   1 root root  13 Jun  2 16:21 fd -> /proc/self/fd
> > > crw---   1 root root 10,  51 Jun  2 20:23 freefall
> > > crw-rw-rw-   1 root root  1,   7 Jun  2 20:23 full
> > > crw-rw-rw-   1 root root 10, 229 Jun  2 20:23 fuse
> > > crw---   1 root root250,   0 Jun  2 20:23 hidraw0
> > > crw---   1 root root 10, 228 Jun  2 20:23 hpet
> > > drwxr-xr-x   2 root root   0 Jun  2 20:23 hugepages
> > > crw--w   1 root tty 229,   0 Jun  2 20:23 hvc0
> > > crw---   1 root root229,   1 Jun  2 20:23 hvc1
> > > crw---   1 root root229,   2 Jun  2 20:23 hvc2
> > > crw---   1 root root229,   3 Jun  2 20:23 hvc3
> > > crw---   1 root root229,   4 Jun  2 20:23 hvc4
> > > crw---   1 root root229,   5 Jun  2 20:23 hvc5
> > > crw---   1 root root229,   6 Jun  2 20:23 hvc6
> > > crw---   1 root root229,   7 Jun  2 20:23 hvc7
> > > crw---   1 root root 10, 183 Jun  2 20:23 hwrng
> > > prw---   1 root root   0 Jun  2 20:23 initctl
> > > drwxr-xr-x   4 root root 560 Jun  2 20:23 input
> > > crw-r--r--   1 root root  1,  11 Jun  2 20:23 kmsg
> > > srw-rw-rw-   1 root root   0 Jun  2 16:21 log
> > > brw-rw   1 root disk  7,   0 Jun  2 20:23 loop0
> > > brw-rw   1 root disk  7,   1 Jun  2 20:23 loop1
> > > brw-rw   1 root disk  7,  10 Jun  2 20:38 loop10
> > > brw-rw   1 root disk  7,  11 Jun  2 20:48 loop11
> > > brw-rw   1 root disk  7,  12 Jun  2 20:48 loop12
> > > brw-rw   1 root disk  7,   2 Jun  2 20:23 loop2
> > > brw-rw   1 root disk  7,   3 Jun  2 20:23 loop3
> > > brw-rw   1 root disk  7,   4 Jun  2 20:23 loop4
> > > brw-rw   1 root disk  7,   5 Jun  2 20:23 loop5
> > > brw-rw   1 root disk  7,   6 Jun  2 20:23 loop6
> > > brw-rw   1 root disk  7,   7 Jun  2 20:48 loop7
> > > brw-rw   1 root disk  7,   8 Jun  2 20:48 loop8
> > > brw-rw   1 root disk  7,   9 Jun  2 20:38 loop9
> > > crw-rw   1 root disk 10, 237 Jun  2 20:23 loop-control
> > > drwxr-xr-x   2 root root 140 Jun  2 20:38 mapper
> > > crw---   1 root root 10, 227

Re: [qubes-users] No /dev/cdrom present?

2016-06-05 Thread gaikokujinkyofusho

On Saturday, June 4, 2016 at 12:57:20 PM UTC+11, gaikokuji...@gmail.com wrote:
> On Thursday, June 2, 2016 at 9:16:16 PM UTC+13, Gaiko wrote:
> > On Thursday, June 2, 2016 at 8:38:12 PM UTC+6:30, Chris Laprise wrote:
> > > On 06/02/2016 06:40 PM, gaikokujinkyofu...@gmail.com wrote:
> > > > Hi I wanted to create a win7 HVM and was going to start off by making 
> > > > an iso from the CD I have but then I tried the simple dd if=/dev/cdrom 
> > > > of=~/win7_image.iso and I get an error:
> > > > dd: failed to open '/dev/cdrom': No such file or directory
> > > >
> > > > I tried this from the term in the personal dom, but then opened up the 
> > > > term from the various doms (including dom0) to see if maybe the cdrom 
> > > > would show up then? (I am still wrapping my head around how Qubes works 
> > > > in terms of isolation, like would it perhaps isolate certain doms from 
> > > > seeing certain devices?)
> > > >
> > > > Thoughts?
> > > 
> > > Try /dev/sr0 instead (in dom0). You can also try assigning it to a vm 
> > > with 'qvm-block -a -ro vmname dom0:sr0'
> > > 
> > > ...but you have to put the disc in first and it doesn't always work.
> > > 
> > > Chris
> > 
> > Hi, thanks for the reply. I looked for sr0 as well, it doesn't seem to be 
> > there either. Below is a list of the devs I have in dom0
> > 
> > Thoughts? (thanks in advance!)
> > 
> > total 4
> > drwxr-xr-x  22 root root3820 Jun  2 21:13 .
> > dr-xr-xr-x. 18 root root4096 Jun  2 14:49 ..
> > crw---   1 root root 10, 235 Jun  2 20:23 autofs
> > drwxr-xr-x   2 root root 480 Jun  2 21:13 block
> > drwxr-xr-x   2 root root  80 Jun  2 21:13 bsg
> > crw---   1 root root 10, 234 Jun  2 20:23 btrfs-control
> > drwxr-xr-x   3 root root  60 Jun  2 16:21 bus
> > drwxr-xr-x   2 root root3940 Jun  2 21:13 char
> > crw---   1 root root  5,   1 Jun  2 20:23 console
> > lrwxrwxrwx   1 root root  11 Jun  2 16:21 core -> /proc/kcore
> > drwxr-xr-x   6 root root 120 Jun  2 16:21 cpu
> > crw---   1 root root 10,  57 Jun  2 20:23 cpu_dma_latency
> > crw---   1 root root 10, 203 Jun  2 20:23 cuse
> > drwxr-xr-x   6 root root 120 Jun  2 21:13 disk
> > brw-rw   1 root disk253,   0 Jun  2 20:23 dm-0
> > brw-rw   1 root disk253,   1 Jun  2 20:23 dm-1
> > brw-rw   1 root disk253,   2 Jun  2 20:23 dm-2
> > brw-rw   1 root disk253,   3 Jun  2 20:23 dm-3
> > drwxr-xr-x   2 root root 100 Jun  2 16:21 dri
> > crw-rw   1 root video29,   0 Jun  2 20:23 fb0
> > lrwxrwxrwx   1 root root  13 Jun  2 16:21 fd -> /proc/self/fd
> > crw---   1 root root 10,  51 Jun  2 20:23 freefall
> > crw-rw-rw-   1 root root  1,   7 Jun  2 20:23 full
> > crw-rw-rw-   1 root root 10, 229 Jun  2 20:23 fuse
> > crw---   1 root root250,   0 Jun  2 20:23 hidraw0
> > crw---   1 root root 10, 228 Jun  2 20:23 hpet
> > drwxr-xr-x   2 root root   0 Jun  2 20:23 hugepages
> > crw--w   1 root tty 229,   0 Jun  2 20:23 hvc0
> > crw---   1 root root229,   1 Jun  2 20:23 hvc1
> > crw---   1 root root229,   2 Jun  2 20:23 hvc2
> > crw---   1 root root229,   3 Jun  2 20:23 hvc3
> > crw---   1 root root229,   4 Jun  2 20:23 hvc4
> > crw---   1 root root229,   5 Jun  2 20:23 hvc5
> > crw---   1 root root229,   6 Jun  2 20:23 hvc6
> > crw---   1 root root229,   7 Jun  2 20:23 hvc7
> > crw---   1 root root 10, 183 Jun  2 20:23 hwrng
> > prw---   1 root root   0 Jun  2 20:23 initctl
> > drwxr-xr-x   4 root root 560 Jun  2 20:23 input
> > crw-r--r--   1 root root  1,  11 Jun  2 20:23 kmsg
> > srw-rw-rw-   1 root root   0 Jun  2 16:21 log
> > brw-rw   1 root disk  7,   0 Jun  2 20:23 loop0
> > brw-rw   1 root disk  7,   1 Jun  2 20:23 loop1
> > brw-rw   1 root disk  7,  10 Jun  2 20:38 loop10
> > brw-rw   1 root disk  7,  11 Jun  2 20:48 loop11
> > brw-rw   1 root disk  7,  12 Jun  2 20:48 loop12
> > brw-rw   1 root disk  7,   2 Jun  2 20:23 loop2
> > brw-rw   1 root disk  7,   3 Jun  2 20:23 loop3
> > brw-rw   1 root disk  7,   4 Jun  2 20:23 loop4
> > brw-rw   1 root disk  7,   5 Jun  2 20:23 loop5
> > brw-rw   1 root disk  7,   6 Jun  2 20:23 loop6
> > brw-rw   1 root disk  7,   7 Jun  2 20:48 loop7
> > brw-rw   1 root disk  7,   8 Jun  2 20:48 loop8
> > brw-rw   1 root disk  7,   9 Jun  2 20:38 loop9
> > crw-rw   1 root disk 10, 237 Jun  2 20:23 loop-control
> > drwxr-xr-x   2 root root 140 Jun  2 20:38 mapper
> > crw---   1 root root 10, 227 Jun  2 20:23 mcelog
> > crw---   1 root root245,   0 Jun  2 20:23 media0
> > crw---   1 root root248,   0 Jun  2 20:23 mei0
> > crw-r-   1 root kmem  1,   1 Jun  2 20:23 mem
> > crw---   1 root root 10,  54 Jun  2

Re: [qubes-users] TheBrain installation - JRE Error?

2016-06-05 Thread Franz

On Sun, Jun 5, 2016 at 10:29 AM,
0981'029438'109438'0192438'0192438'019438'0943 
wrote:

> Hello,
>
> I like to install thebrain 7:
>
> http://www.thebrain.com/products/thebrain/download-old/
>
> JAVA is not a high security backbone, so in the future, I would like to
> install all JAVA Apps in a isolated HVM.
>
> But for now, I run into this error:
>
> [user@work brain]$ ./TheBrain_unix_7_0_4_5.sh
> No suitable Java Virtual Machine could be found on your system.
> Do you want to download a JRE? (y/n)
> y
> Downloading JRE with wget ...
> --2016-06-05 15:16:35--
> http://assets.thebrain.com/downloads/java/linux-x86-1.6.0_26.tar.gz
> Resolving assets.thebrain.com (assets.thebrain.com)... 54.192.46.40,
> 54.192.46.80, 54.192.46.250, ...
> Connecting to assets.thebrain.com (assets.thebrain.com)|54.192.46.40|:80...
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 21526683 (21M) [application/x-gzip]
> Saving to: ‘jre.tar.gz’
>
> jre.tar.gz  100%[===>]  20.53M  2.56MB/sin 8.1s
>
> 2016-06-05 15:16:43 (2.53 MB/s) - ‘jre.tar.gz’ saved [21526683/21526683]
>
> Unpacking JRE ...
> Preparing JRE ...
> ./TheBrain_unix_7_0_4_5.sh: bin/unpack200: /lib/ld-linux.so.2: bad ELF
> interpreter: No such file or directory
> Error unpacking jar files. The architecture or bitness (32/64)
> of the bundled JVM might not match your machine.
>
> What must I do that I can finalize the PB7 installation?
>
> Kind Regards
>
>
I used theBrain for some years in the past (PB5-6 perhaps), but then I gave
up because linux support was so poor. They claim to support linux, but they
really support only windows and there are lots of linux issues that remain
open for years with nobody looking at them. So had to give up loosing lots
of data stored there, because there was no way to export it.

Also they claimed that the payment of the first release  would provide
support for future developments, but then wanted money for each new release.

So, it looks nice but it is not worth the effort, even if my wife still
misses it. If possible, I would look for something else.
Best
Fran

> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/9e5a35a1-aea9-466f-beaf-f45b3b2212bb%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qD89uz-rBeDNfDcFJYawbAk69gh6Vu9G4PHq30TEaAg-g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] clarification on usb qubes

2016-06-05 Thread Ilpo Järvinen

On Sun, 5 Jun 2016, Marek Marczykowski-Górecki wrote:

> On Sat, Jun 04, 2016 at 06:13:45PM -0700, pixel fairy wrote:
> 
> > Is it possible to have multiple usb qubes, one 
> > for each controller?
> 
> Yes, if you have multiple USB controllers. Which is quite rare
> nowadays...

At least for recent desktop motherboards, that seems slightly incorrect 
statement according to my research. Few desktop PCH datasheets I've 
looked, indicate that there are two USB controllers (EHCI and XHCI), 
however, it seems that typically on a modern MB the ports are 
forwarded/routed by default so that they appear under a single controller 
due to ease of use reasons (also Linux device driver code forces 
forwarding all ports which allow forwarding). XHCI PCI config has XUSB2PR 
register that might allow disabling the forwarding for a selected set of 
registers.

I'm yet to test if the forwarding/routing works for real because I lack 
such a motherboard (I'll likely get one sooner than later though) but I 
see no particular reason why it wouldn't work as documented. Probably 
laptop PCH have similar arrangement and I might be able to test that one 
soon if I find enough time to play with the usbvm kernel. Another thing 
that needs testing, even if routing is configurable, is whether PCHs 
really support EHCI and XHCI in different VMs or if there's some
other limiting depency between them.

I've attached potentially working patch for Linux kernel. The mapping 
between PCI register ports might not be consistent though so that the
patch might not exactly do what intented as is (usb3/superspeed port 
might unintentionally be routed to EHCI, the docs are unclear on this 
point). However, if any USB port would successfully appear as EHCI one 
when using a kernel with that patch in usb vm, it is great success in 
itself on truly separating the ports.

At least X99/C612 and some recent Series X PCH datasheets listed the
required register (in case somebody is interested in testing this).

I suspect that for a secure implementation Xen would need to somehow 
arbitrate that PCI register as otherwise the xhci usb VM might be able
to steal the usb ports from the ehci VM. But this is already way beyond
my current level of understanding about Xen and PCI passthrough.

-- 
 i.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.10.1606052218040.12951%40melkinpaasi.cs.helsinki.fi.
For more options, visit https://groups.google.com/d/optout.
diff --git a/drivers/usb/host/pci-quirks.c b/drivers/usb/host/pci-quirks.c
index 26cb8c8..87fca0f 100644
--- a/drivers/usb/host/pci-quirks.c
+++ b/drivers/usb/host/pci-quirks.c
@@ -867,6 +867,7 @@ static int handshake(void __iomem *ptr, u32 mask, u32 done,
 void usb_enable_intel_xhci_ports(struct pci_dev *xhci_pdev)
 {
 	u32		ports_available;
+	u32		ports_usb3;
 	bool		ehci_found = false;
 	struct pci_dev	*companion = NULL;

@@ -920,6 +921,7 @@ void usb_enable_intel_xhci_ports(struct pci_dev *xhci_pdev)

 	pci_read_config_dword(xhci_pdev, USB_INTEL_USB3_PSSEN,
 			_available);
+	ports_usb3 = ports_available;
 	dev_dbg(_pdev->dev,
 		"USB 3.0 ports that are now enabled under xHCI: 0x%x\n",
 		ports_available);
@@ -931,6 +933,8 @@ void usb_enable_intel_xhci_ports(struct pci_dev *xhci_pdev)
 	pci_read_config_dword(xhci_pdev, USB_INTEL_USB2PRM,
 			_available);

+	/* Only switch ports that are truly SuperSpeed capable. */
+	ports_available &= ports_usb3;
 	dev_dbg(_pdev->dev, "Configurable USB 2.0 ports to hand over to xCHI: 0x%x\n",
 			ports_available);

Re: [qubes-users] Template VM Hierachy?

2016-06-05 Thread Robin Schneider

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 05.06.2016 18:26, 981'0932481'029438'0194328'0913284'0913284'09182'3 wrote:
> Hello,
> 
> Can I build a Template VM hierarchy?
> 
> i) If I install all apps in the same TVM, that it looks pretty the same
> mess like in a monolithic system ii) If I install any app in a new HVM,
> than I waste lots of space.
> 
> If I take the working hypothesis, that I can define more safe and mess safe
> apps, I could build N TVM's for different topics and additional some
> dependent Template Sub-VM's, which contains more risky apps.
> 
> E.g. TVM-Hierarchy for text processing
> 
> TVM1 contains only a secure and simple text editor TVM1-1 is based on TVM1
> and contains also a simple painting tool TVM1-1-1 is based on TVM1-1 and
> enables the more risky JAVA stack and OpenOffice
> 
> So only AppVM's based on TVM1-1-1 like
> 
> AVM1-1-1-1 AVM1-1-1-2 AVM1-1-1-3 AVM1-1-1-4... take the JAVA risk but you
> will save the space, because TVM1-1 don't get duplicated only to build up
> TVM1-1-1.
> 
> Even you can update the full T-Hierarchy in the best case with one click.
> 
> Will be this possible? And how can I reach it?
> 
> The benefit will be, that any app-code get stored and updated only once,
> but the risk can be limited (if a good app black- and white list exists).
> 
> Kind Regards
> 

I think this would be difficult to implement. One reason for this is that when
you update TVM1 for example, the filesystem of it diverges. You would have to
do something like a three-Way Merge as known from version control systems like
git. I am not aware how this could be done.

I think your best beat is to use a COW filesystem like btrfs. This was
discussed a few days ago on this list that you can use btrfs to reflink copy
VMs. The only limitation to your scenario would be that changes in TVM1 would
not get magically merged down the hierarchy.

- -- 
Live long and prosper
Robin `ypid` Schneider
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVFWhAAoJEIb9mAu/GkD4FkQP/AjH8golFQ3b5viaiWCsdeyQ
Q+e1CFwKtGZ2fDMUs7Kxo3gI1bwPGg88G0zwgl5TI+RsilcraNCeawKvGiC/JIeS
iHIMdCVKMF8JCx4ebMNaaWJUN7rOqwztsR46cf4/vmoEI1nB/NBz5NuRDeTL/9ss
HQKV8BBJppbQpmyE4OZe5ksWZbo2BO8f/+KI3JVX0qw6KgpEnkeY+V2JxW0izQUj
F2nViEj11U7EZZhkiOWA6sF3jntEavQrUD5k9l5y5z+qpFEGyoiECmQTRcAGYxIx
44WXPhD0to7PtI7ROxHEtL1eoz1aDwXVzUxGRDHDBBoDqwjt/5aI9PKpWn+fZ+Bq
K81VKCRff60xRr6yuaM4gsjY76VLKFN22RVAC1JVH6x4mxQ2bGXW3L6cHBhVtlwV
dZGN+EjMeWWpqYnSM8JIiLmDNM0JZcDQFOzoOEjZoI6n20x/uYlwVrdjeNHGetiO
ytPUJS1frJp2147mKz1SCIk169Rw9Aa1w6EK3OHDU6KvzVx05nZmjGs8BBnB3NQE
kUcYWCEvl/nDXExT5L4/8dkSiE3NJ2ENNaEhA8ZORyitzo4GqiDPM01FLssFgFzB
vkIkiBmDN+9dIzplHwLaYPIYIXyWFp16JT2g1pasmONJXo9FrxATgNzUnjsmfCap
muYORrnTiYMI2qbXDvkj
=VwNN
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/575455A1.3090501%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Template VM Hierachy?

2016-06-05 Thread Marek Marczykowski-Górecki

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Jun 05, 2016 at 09:26:14AM -0700, 
981'0932481'029438'0194328'0913284'0913284'09182'3 wrote:
> Hello,
> 
> Can I build a Template VM hierarchy?
> 
> i) If I install all apps in the same TVM, that it looks pretty the same mess 
> like in a monolithic system
> ii) If I install any app in a new HVM, than I waste lots of space.
> 
> If I take the working hypothesis, that I can define more safe and mess safe 
> apps, I could build N TVM's for different topics and additional some 
> dependent Template Sub-VM's, which contains more risky apps.
> 
> E.g. TVM-Hierarchy for text processing
> 
> TVM1 contains only a secure and simple text editor
> TVM1-1 is based on TVM1 and contains also a simple painting tool
> TVM1-1-1 is based on TVM1-1 and enables the more risky JAVA stack and 
> OpenOffice
> 
> So only AppVM's based on TVM1-1-1 like
> 
> AVM1-1-1-1
> AVM1-1-1-2
> AVM1-1-1-3
> AVM1-1-1-4... take the JAVA risk
> but you will save the space, because TVM1-1 don't get duplicated only to 
> build up TVM1-1-1.
> 
> Even you can update the full T-Hierarchy in the best case with one click.
> 
> Will be this possible?
> And how can I reach it?
> 
> The benefit will be, that any app-code get stored and updated only once, but 
> the risk can be limited (if a good app black- and white list exists). 

No, it isn't possible. Template VMs are done at block device level, not
filesystem level (to limit attack surface), so it isn't possible to
merge different levels.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXVFSsAAoJENuP0xzK19css0sH/0aRgjpLT7o8E5XXZZ984BnI
PTQ2iWtRErd3YhYxY8eq9tZKpT74t2YZp/HIZ8HMGnzUdgPmCUozvImGJUkcYEnl
z6LbVMtWfHh8Uk6iWdwPJgyE4qgWuHirfA0ZFNgKMSap8mUJbcmvW5xWO2KSVe5Y
ALKw/SlIdmbctmV66+Lx0LfEgTz5+Ug9HhOuSfcBqaNSyRWUepZn/VXoPWz/gI9W
0Y2nRTC24bgpv6LEEBTqgwPZDMszUEkfiq/l0n57eLPDwvcCHmqHUg2oD7ogjoEI
FWgfm0wj9UTBHGRovatwprTyLkP4+S2u1ZE2Kt0sSTBsv9i1ksDKworW3wT7oIY=
=smF3
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160605163451.GK1593%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] intall Kgpg under R31?

2016-06-05 Thread 18931'09348'0194328'0194328'0914328'0194328'098

Hello,

how I can install the Kgpg frontend-tool?

yum -y install gpa

for the dry run / installation in some VM, tells me I need root.

How I can install Kgpg in a AppVM/Template VM?

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ec17f4d-cb38-49dc-97e2-c07315e685de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] duplicity incremental backup to virtual block device

2016-06-05 Thread Marek Marczykowski-Górecki

On Sun, Jun 05, 2016 at 10:51:35AM +0200, Doesnt Work wrote:
> Thank you, will try it!
> Would it be possible to document this behavior? The documentation only
> mentions -a, as does the man page:
> https://www.qubes-os.org/doc/dom0-tools/qvm-block/

It is in qvm-block --help, but indeed man page is outdated...

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160605113451.GJ1593%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

[qubes-users] Firfox Hacks - Countermeasurements?

2016-06-05 Thread 13284709178340917832409178324091783409178432

Hello,

some information is showing that firefox is not always a safe place...

http://www.pcworld.com/article/3069663/security/mozilla-wants-us-to-disclose-to-it-first-any-vulnerability-found-in-tor-by-government-hackers.html

Will be some alternative around, hopefully a European browser, which can be 
used e.g. for a secure online-banking?

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2daa6a4-0a78-4a3d-a9a0-e60b9943ee2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Installer Randomness (Entropy) Question(able)

2016-06-05 Thread uncubed

>From where does the Qubes installer get its entropy to create the
long-term keymat for LUKS volumes? I assume standard Linux /dev/random is
running, starting with no cached entropy other than a hardcoded fair dice
roll and thus, no reliable randomness.

A more general question, which probably belongs in a FAQ for a
security-oriented OS, is how does the standard Qubes configuration secure
randomness and cache it across boots? (And is there a way to pick up
cached entropy when the dom0 kernel loads, before opening encrypted
volumes or starting userland? I know how to do this on other OS, but not
Linux under Xen in Qubes-specific configuration.)

I am personally of the unstudied opinion that 90% of successful
"cryptanalysis" is due to system compromise, 9% is due to bad randomness,
and 1% is exploiting actual weakness in ciphers. It is for this reason I
usually never let an OS installer create encrypted disks for me. The
Qubes VM isolation should help somewhat with the 90%; but what about the
9%?

"Uncubed"

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f7f14fe4b198346f85323f98ee2e319b.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] No /dev/cdrom present?

Re: [qubes-users] No /dev/cdrom present?

Re: [qubes-users] TheBrain installation - JRE Error?

Re: [qubes-users] clarification on usb qubes

Re: [qubes-users] Template VM Hierachy?

Re: [qubes-users] Template VM Hierachy?

[qubes-users] intall Kgpg under R31?

Re: [qubes-users] duplicity incremental backup to virtual block device

[qubes-users] Firfox Hacks - Countermeasurements?

[qubes-users] Installer Randomness (Entropy) Question(able)

10 matches

Site Navigation

Mail list logo

Footer information