[qubes-users] Memory balancing - security
Hi, What do you think about using memory balancing between several VMs. Is it security risk? If someone exploited two VM (for example with tor and without), he can fill all accessible memory on one VM and release them and then other suspected vm can reserve all memory and look for a pattern. The malicious program without access to other VM can also reserve memory from time to time and looking for sensitive data from other VM. Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e3404544-2a9f-4ec6-a989-1f9c6c091fc4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Screen corruption on nvidia
This problem persists in 3.2rc2. JJ >>> However, under Qubes, I experience random screen corruption. >>> >>> See: https://i.imgur.com/ovEFgYO.png > >> Looks like it could be this issue: >> >> https://github.com/QubesOS/qubes-issues/issues/1028 >> >> As you can see from the qubes-builder-github comments, some patches for this >> are already in the testing repos. You may want to give those a try. > > Awesome! Will give that a shot. Thanks for the reply! :) > > -- > You received this message because you are subscribed to the Google Groups "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/2380dfd0340bdf4025341dff82056852.webmail%40localhost. For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dba3a9f5755b9793d82e810521492df3.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unable to Remove Template / Preun: Domain not found
On Thursday, August 18, 2016 at 5:41:58 AM UTC, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-17 12:17, entr0py wrote: > > New Qubes 3.1 installation with Advanced (No Configuration) > > option. > > > > After restoring dom0 + serviceVMs + serviceTemplates, tried to > > `sudo yum remove qubes-template-fedora-23` > > > > Received: Error in PREUN scriptlet in rpm package... > > libvirt.libvirtError: Domain not found [from libvirt.py line 4066 > > lookupByName] > > > > `sudo yum list qubes-template-fedora-23` shows template installed > > from @anaconda/R3.1 repo. > > > > `sudo qubes-dom0-update qubes-template-fedora-23` returns "No Match > > for argument qubes-template-fedora-23" > > > > Thanks for help. > > > > Just a quick check: If you do "qvm-prefs -l fedora-23" (in dom0), is > the value for installed_by_rpm "True"? > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJXtUqHAAoJENtN07w5UDAwelUQALeJbgBQc/IHuqOldGA4P3kS > Cq8fsWe9pqQiTWDWUP2HMPEcONXkxEHbq3PdZofYkiyBkDlBLu58F1a7cTFgGpfU > ToS+DK2od1Cax9rKKLnUef2LYE5BpMGsNn7QEdOt6xZPCeluRlANIm4kMDWkLTFP > xzgWpjZ1SwhQF1ahv6vMGq0V+NjMujP8ecvR85P5JVTABvEQSnhhasu5qB/qUl7e > PtRuR3KncS2dURBxLEiUew+I+nWkW65lARX5X/OB2lYu2TeOT9CWSkjzfllacTtH > KVDJE9nL3TnKpYt0h2e2qrka5XjeGkzi1K1cxcBXZqWkz5gd397W0Xcz5fBn3Vgl > aYs53VnvM5aAZemqa5+vYEATCRHB1ourRSddWYTIDKEI2gtfEu0j4eDwG8ZTL8gR > CdTxzEGHrZLEoxNdata8L/p4FiCgW8YHFOQg1n5H6n6PTQwYr3jJty1nYMfvXWr0 > +Tbv5uQTPFa22oiOVEHJQ3yrHjeSv85KPf/8S25WhffPMImn0oMMOUUDcioG28c5 > jw9037MWER0c5fsjrBOewvlUnyldXILhPa+3ZQvWJvTKtFpsUoucM7skDej8Ugn3 > TLoShOqcpsq8UQiOTB5NtkhwTbfnBwWVHsSpGaiMzC9zZclCGv2p8w2J6rvjJVlh > 5HNY970p/HtWs1JTNpOa > =CQ+x > -END PGP SIGNATURE- Yes, `installed_by_rpm : True` Does this have to do with the fact that the template was installed by the installer without any pre-configuration? Is the preun script necessary? Can't find the thread where Marek suggested --no-script... Or maybe some way to reset rpm? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4472a3cf-4a4c-4456-972b-be2ed01871d6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] OwnCloud-Client - wrong credentials
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 18.08.2016 19:00, angelo "angico" costa wrote: > Hi, all! > > - Qubes-os 3.1 - debian 8 based vm - owncloud-client 1.77 > > I can quickly and easily login to my OwnCloud account using a webbrowser, > whatever password I set on it, but I just can't connect using > owncloud-client 1.77 -- it refuses the connection yelling "Error: Wrong > credentials". > > Does anybody have any hint? > > TIA, > > Angico. > Hi Have you tried 2.1.1 from Backports yet? https://packages.debian.org/jessie-backports/owncloud-client - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXtgTTAAoJEIb9mAu/GkD4mfEQAKb+vChGL7sDZlS2RR8fRQaU 1O0FMrKgzoG5JI7LpyZ/AHPihqqdAF9sbt/JXw6/toLAsEneHQq1HnwABXdQa5OR Ajnc9sV6lNTqUXuks054hUwH8H3pm8kquaEYvS/xbHd0D6+qg2QWBRqnGcqSwNCu B7HE5PDrxqTDGGv5brJ3ZpbZ6Odtv96qUmCJidhUg8z/O21+Wtvoz4yOpymEzWCd lPqIhQPNYRcwUhpJoWnyW2yxGj5qqUO6QLkP9y8OckvCDsFJQKCxAUFupw/UsEQs Z4CtKDfbqHXw2fuNPYb6mNpzcJtMEDBV7anRokeuyKb467UO+MEchqjIvkfOC9+i l35B2+g1R1WuT3AVzn3cr/7Lb9/h8zoZptJiDiTcGO9Fkuqi7M7omeSk48YmTEaF EQXTVSATpyabzmUAwddiDSdDwrMCTB867bQRrFwCe9GjNjHYeD6NnNMTSUpM03pg 2O376mpzmDfySjVYLlXioC3VCE0TSkjgHpugUppIcHsAJ2GXTUalc/f7mN4IyCGv a1PmPpyj9TawcrXdJfxkfetVxSXfnVNoeFV4R4Nsn9wWbrIGYPKMKvxiV72vBoqs LakJTUuGkLsVsUKxz+K/XI3n/SWkmbVqa492qMjqmppPHOTwnuGxHLfiZ8gXKgfq tiThehHb0CWUfnWIKDpK =9YIT -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7390a7d1-c93f-5ed6-c7a0-8bd717bb3fdb%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Routing network traffic in sys-usb using multiple devices
El jueves, 18 de agosto de 2016, 10:50:14 (UTC-6), Marek Marczykowski-Górecki escribió: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Thu, Aug 18, 2016 at 09:12:35AM -0700, Adrian Rocha wrote: > > El jueves, 18 de agosto de 2016, 9:45:44 (UTC-6), Marek > > Marczykowski-Górecki escribió: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote: > > > > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek > > > > Marczykowski-Górecki escribió: > > > > > -BEGIN PGP SIGNED MESSAGE- > > > > > Hash: SHA256 > > > > > > > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > > > > > Hi, > > > > > > > > > > > > I have two network devices and one only USB controller, so both > > > > > > devices are in the same VM (sys-usb). I want to route some app-VMs > > > > > > by one network and the rest by the other network, for that I have > > > > > > created two firewall VMs but both are connected to the same network > > > > > > VMs because, as I commented, I can not divide the network devices > > > > > > in different VMs. > > > > > > By default all the traffic is going by only one network device. > > > > > > This is the configuration in my sys-usb: > > > > > > > > > > > > [user@sys-usb ~]$ ip route list > > > > > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > > > > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > > > > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > > > > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > > > > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src > > > > > > 172.20.2.255 metric 100 > > > > > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src > > > > > > 192.168.8.100 metric 100 > > > > > > > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > > > > > > > > > I know how to route a traffic to an specific IP using "ip route > > > > > > add" to a determined device network, but How can I route the > > > > > > complete traffic from one firewall VM by one device network and the > > > > > > traffic from other firewall VM by the other device network? > > > > > > > > > > Source based-routing is tricky in Linux in general. You can search for > > > > > some guides on the internet. > > > > > > > > > > But alternatively, on Qubes R3.2, you can assign one of those USB > > > > > devices to different VM - some separate netvm, or even one of those > > > > > firewallvms directly (and do not attach this firewallvm to any netvm). > > > > > It may work slightly slower, but should be much easier. > > > > > > > > Thanks for your tip Marek, but I am having an error with the USB assign: > > > > > > > > The ethernet adapter in the sys-usb VM: > > > > [user@sys-usb ~]$ lsusb > > > > ... > > > > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit > > > > Ethernet > > > > ... > > > > > > > > And when I try to assing them to the sys-net VM in dom0: > > > > [user@dom0 ~]$ qvm-usb > > > > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen > > > > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_:9 > > > > sys-usb:4-9 8087:07dc 8087_07dc > > > > sys-usb:4-110bda:573c > > > > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 > > > > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 > > > > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: > > > > printf: write error: Invalid argument > > > > > > > > Any idea or a detailed reference about this functionality? > > > > > > Check kernel messages in sys-net. It looks like kernel driver rejects > > > this device for some reason. > > > > > > > This is the message in sys-net: > > [ 3116.501714] vhci_hcd: Failed attach request for unsupported USB speed: > > super-speed > > > > And I see this in sys-usb: > > [ 3095.918081] usbip-host 5-2: stub up > > [ 3095.920893] usbip-host 5-2: recv a header, 0 > > [ 3096.023678] usbip-host 5-2: reset SuperSpeed USB device number 2 using > > xhci_hcd > > [ 3096.038562] usbip-host 5-2: device reset > > Ok, so the reason is the device being USB3.0, which isn't supported by > the driver, unfortunately. Try plugging it into USB2.0 port. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXtec+AAoJENuP0xzK19csRRQH/3RZvDbnNoPIDu27fOQz4Ef3 > acENkrr6Or7Pw09eRLitxG+RfrNsAAVsCs0ohpm7qrlXYZW0F0D3xFsHwAeDEs94 > QzAqdMjUfQorDJRqriPQwoGiBENKbp0pyDPGh8i25j4GdJV86A/2in+3dgCkeLT9 > MX++fId0aQKVfu+4NTsF9dbizNWF3y12kpjCEyam12exT9n+4Zj1+Uc2XBfAW2B6 > OAlzYfnOslaTKk+dn/gsDJlsBfrkUh+3z1FQodFOOf41HfCsN7rYuoJF5KUcA3vM > WFCfXBKa0pEpnXPwJkdGnvf3Yk9rb03oB84cvRjuQfGmAI9+USro9hpjxjMrdI8= > =Gqjj > -END PGP SIGNATURE- Ahh ok, I tried in the
[qubes-users] Qubes 3.2RC2, AMD / IOMMU weirdness
(XEN) PCI add device :00:09.0 (XEN) PCI add device :00:10.0 (XEN) PCI add device :00:10.1 (XEN) SR-IOV device :00:11.0 has its virtual functions already enabled (01ab) (XEN) PCI add device :00:11.0 (XEN) PCI add device :00:12.0 (XEN) PCI add device :00:12.2 (XEN) PCI add device :00:13.0 (XEN) PCI add device :00:13.2 (XEN) PCI add device :00:14.0 (XEN) PCI add device :00:14.1 (XEN) PCI add device :00:14.2 (XEN) PCI add device :00:14.3 (XEN) PCI add device :00:14.4 (XEN) PCI add device :00:14.5 (XEN) PCI add device :00:18.0 (XEN) PCI add device :00:18.1 (XEN) PCI add device :00:18.2 (XEN) PCI add device :00:18.3 (XEN) PCI add device :00:18.4 (XEN) PCI add device :00:18.5 (XEN) PCI add device :01:00.0 (XEN) PCI add device :02:00.0 (XEN) PCI add device :03:00.0 (XEN) PCI add device :03:00.1 (XEN) PCI add device :04:06.0 Architecture: x86_64 CPU op-mode(s):32-bit, 64-bit Byte Order:Little Endian CPU(s):4 On-line CPU(s) list: 0-3 Thread(s) per core:1 Core(s) per socket:4 Socket(s): 1 NUMA node(s): 1 Vendor ID: AuthenticAMD CPU family:21 Model: 96 Model name:AMD Athlon(tm) X4 845 Quad Core Processor Stepping: 1 CPU MHz: 3493.540 BogoMIPS: 6987.08 Hypervisor vendor: Xen Virtualization type: none L1d cache: 32K L1i cache: 64K L2 cache: 1024K NUMA node0 CPU(s): 0-3 Flags: fpu de tsc msr pae mce cx8 apic mca cmov pat clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt lm constant_tsc rep_good nopl nonstop_tsc extd_apicid eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch xop fma4 tce tbm perfctr_core perfctr_nb bpext arat cpb hw_pstate vmmcall fsgsbase bmi1 avx2 bmi2 xsaveopt 00:00.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1576 00:00.2 IOMMU: Advanced Micro Devices, Inc. [AMD] Device 1577 00:02.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 157b 00:02.4 PCI bridge: Advanced Micro Devices, Inc. [AMD] Device 157c 00:02.5 PCI bridge: Advanced Micro Devices, Inc. [AMD] Device 157c 00:03.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 157b 00:03.1 PCI bridge: Advanced Micro Devices, Inc. [AMD] Device 157c 00:08.0 Encryption controller: Advanced Micro Devices, Inc. [AMD] Device 1578 00:09.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 157d 00:10.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB XHCI Controller (rev 03) 00:10.1 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB XHCI Controller (rev 03) 00:11.0 SATA controller: Advanced Micro Devices, Inc. [AMD] FCH SATA Controller [AHCI mode] (rev 40) 00:12.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI Controller (rev 11) 00:12.2 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB EHCI Controller (rev 11) 00:13.0 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI Controller (rev 11) 00:13.2 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB EHCI Controller (rev 11) 00:14.0 SMBus: Advanced Micro Devices, Inc. [AMD] FCH SMBus Controller (rev 13) 00:14.1 IDE interface: Advanced Micro Devices, Inc. [AMD] FCH IDE Controller 00:14.2 Audio device: Advanced Micro Devices, Inc. [AMD] FCH Azalia Controller (rev 01) 00:14.3 ISA bridge: Advanced Micro Devices, Inc. [AMD] FCH LPC Bridge (rev 11) 00:14.4 PCI bridge: Advanced Micro Devices, Inc. [AMD] FCH PCI Bridge (rev 40) 00:14.5 USB controller: Advanced Micro Devices, Inc. [AMD] FCH USB OHCI Controller (rev 11) 00:18.0 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1570 00:18.1 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1571 00:18.2 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1572 00:18.3 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1573 00:18.4 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1574 00:18.5 Host bridge: Advanced Micro Devices, Inc. [AMD] Device 1575 01:00.0 Network controller: Qualcomm Atheros AR93xx Wireless Network Adapter (rev 01) 02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c) 03:00.0 VGA compatible controller: NVIDIA Corporation GM206 [GeForce GTX 950] (rev a1) 03:00.1 Audio device: NVIDIA Corporation Device 0fba (rev a1) 04:06.0 Mass storage controller: Promise Technology, Inc. PDC20268 [Ultra100 TX2] (rev 02) Qubes-HCL-BIOSTAR_Group-TA70U3_LSP-20160818-130127.yml Description: Binary data host : dom0 release: 4.4.14-11.pvops.qubes.x86_64 version: #1 SMP Tue Jul 19 01:14:58 UTC 2016 machine: x86_64 nr_cpus: 4 max_cpu_id
[qubes-users] OwnCloud-Client - wrong credentials
Hi, all! - Qubes-os 3.1 - debian 8 based vm - owncloud-client 1.77 I can quickly and easily login to my OwnCloud account using a webbrowser, whatever password I set on it, but I just can't connect using owncloud-client 1.77 -- it refuses the connection yelling "Error: Wrong credentials". Does anybody have any hint? TIA, Angico. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c28591b-e0d7-45ee-94bb-44f8fb66bc8b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Building Archlinux Template Error
Hi, I'm really learning all of this template building stuff right now but I've stumbled upon an error in the Archlinux qubes template building process I can't find a solution for. Here is the segment of the error in my terminal output: -> Building vmm-xen (archlinux) for archlinux vm (logfile: build-logs/vmm-xen-vm-archlinux.log) --> build failed! gcc -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .subdirs-install.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .subdir-install-libxl.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .libxl_create.o.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Werror -Wno-format-zero-length -Wmissing-declarations -Wno-declaration-after-statement -Wformat-nonliteral -I. -fPIC -pthread -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/libxc/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/libxc/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/xenstore/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include -Wshadow -include /home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/config.h -c -o libxl_create.o libxl_create.c gcc -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .subdirs-install.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .subdir-install-libxl.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .libxl_dm.o.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Werror -Wno-format-zero-length -Wmissing-declarations -Wno-declaration-after-statement -Wformat-nonliteral -I. -fPIC -pthread -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/libxc/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/libxc/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/xenstore/include -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include -Wshadow -include /home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/config.h -c -o libxl_dm.o libxl_dm.c gcc -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .subdirs-install.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .subdir-install-libxl.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -O2 -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes -Wdeclaration-after-statement -Wno-unused-but-set-variable -Wno-unused-local-typedefs
Re: [qubes-users] Routing network traffic in sys-usb using multiple devices
El jueves, 18 de agosto de 2016, 9:45:44 (UTC-6), Marek Marczykowski-Górecki escribió: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote: > > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek > > Marczykowski-Górecki escribió: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > > > Hi, > > > > > > > > I have two network devices and one only USB controller, so both devices > > > > are in the same VM (sys-usb). I want to route some app-VMs by one > > > > network and the rest by the other network, for that I have created two > > > > firewall VMs but both are connected to the same network VMs because, as > > > > I commented, I can not divide the network devices in different VMs. > > > > By default all the traffic is going by only one network device. This is > > > > the configuration in my sys-usb: > > > > > > > > [user@sys-usb ~]$ ip route list > > > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src 172.20.2.255 > > > > metric 100 > > > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src > > > > 192.168.8.100 metric 100 > > > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > > > > > I know how to route a traffic to an specific IP using "ip route add" to > > > > a determined device network, but How can I route the complete traffic > > > > from one firewall VM by one device network and the traffic from other > > > > firewall VM by the other device network? > > > > > > Source based-routing is tricky in Linux in general. You can search for > > > some guides on the internet. > > > > > > But alternatively, on Qubes R3.2, you can assign one of those USB > > > devices to different VM - some separate netvm, or even one of those > > > firewallvms directly (and do not attach this firewallvm to any netvm). > > > It may work slightly slower, but should be much easier. > > > > Thanks for your tip Marek, but I am having an error with the USB assign: > > > > The ethernet adapter in the sys-usb VM: > > [user@sys-usb ~]$ lsusb > > ... > > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit > > Ethernet > > ... > > > > And when I try to assing them to the sys-net VM in dom0: > > [user@dom0 ~]$ qvm-usb > > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen > > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_:9 > > sys-usb:4-9 8087:07dc 8087_07dc > > sys-usb:4-110bda:573c > > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 > > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 > > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: printf: > > write error: Invalid argument > > > > Any idea or a detailed reference about this functionality? > > Check kernel messages in sys-net. It looks like kernel driver rejects > this device for some reason. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXtdghAAoJENuP0xzK19csjmEH/RKN1Wo8EsllAJ0jUfHcp4AP > GtjhLUYdU+zM2b+h37CLqGCLJ98Eeh4J/CMTH4B7MD6Y5TbCsJNfSxlLYfduPC4Y > zQa/MCDQ09Rof/iipT6SSXX/vRG+NyO+ssMWZM2URjGO0/IXyf0+RM7BI8syPq/L > FoNXyJU36F8BNAcihQZIJ1pDwj1gfEz8JJUEhX1rQgSvjUm7mmdpV2DCF1fYZ/OS > LsIBGrz+Ugja7dcYhwcxz1VkpXwPvExI/JceiLvlNxILwRaBtaBPMbX23CmknvB8 > T31N1IgJSxUQDgcPEhgu8MpHFyHmR5XhCQZmAJ+eMimhDdv4faLTCr2NKvXCSlg= > =/uUW > -END PGP SIGNATURE- This is the message in sys-net: [ 3116.501714] vhci_hcd: Failed attach request for unsupported USB speed: super-speed And I see this in sys-usb: [ 3095.918081] usbip-host 5-2: stub up [ 3095.920893] usbip-host 5-2: recv a header, 0 [ 3096.023678] usbip-host 5-2: reset SuperSpeed USB device number 2 using xhci_hcd [ 3096.038562] usbip-host 5-2: device reset -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77b825ce-54ed-4b2e-bf47-734c6b58cacc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Routing network traffic in sys-usb using multiple devices
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote: > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek Marczykowski-Górecki > escribió: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > > Hi, > > > > > > I have two network devices and one only USB controller, so both devices > > > are in the same VM (sys-usb). I want to route some app-VMs by one network > > > and the rest by the other network, for that I have created two firewall > > > VMs but both are connected to the same network VMs because, as I > > > commented, I can not divide the network devices in different VMs. > > > By default all the traffic is going by only one network device. This is > > > the configuration in my sys-usb: > > > > > > [user@sys-usb ~]$ ip route list > > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src 172.20.2.255 > > > metric 100 > > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src 192.168.8.100 > > > metric 100 > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > > > I know how to route a traffic to an specific IP using "ip route add" to a > > > determined device network, but How can I route the complete traffic from > > > one firewall VM by one device network and the traffic from other firewall > > > VM by the other device network? > > > > Source based-routing is tricky in Linux in general. You can search for > > some guides on the internet. > > > > But alternatively, on Qubes R3.2, you can assign one of those USB > > devices to different VM - some separate netvm, or even one of those > > firewallvms directly (and do not attach this firewallvm to any netvm). > > It may work slightly slower, but should be much easier. > > Thanks for your tip Marek, but I am having an error with the USB assign: > > The ethernet adapter in the sys-usb VM: > [user@sys-usb ~]$ lsusb > ... > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit > Ethernet > ... > > And when I try to assing them to the sys-net VM in dom0: > [user@dom0 ~]$ qvm-usb > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_:9 > sys-usb:4-9 8087:07dc 8087_07dc > sys-usb:4-110bda:573c > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: printf: > write error: Invalid argument > > Any idea or a detailed reference about this functionality? Check kernel messages in sys-net. It looks like kernel driver rejects this device for some reason. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXtdghAAoJENuP0xzK19csjmEH/RKN1Wo8EsllAJ0jUfHcp4AP GtjhLUYdU+zM2b+h37CLqGCLJ98Eeh4J/CMTH4B7MD6Y5TbCsJNfSxlLYfduPC4Y zQa/MCDQ09Rof/iipT6SSXX/vRG+NyO+ssMWZM2URjGO0/IXyf0+RM7BI8syPq/L FoNXyJU36F8BNAcihQZIJ1pDwj1gfEz8JJUEhX1rQgSvjUm7mmdpV2DCF1fYZ/OS LsIBGrz+Ugja7dcYhwcxz1VkpXwPvExI/JceiLvlNxILwRaBtaBPMbX23CmknvB8 T31N1IgJSxUQDgcPEhgu8MpHFyHmR5XhCQZmAJ+eMimhDdv4faLTCr2NKvXCSlg= =/uUW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160818154536.GJ9166%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Routing network traffic in sys-usb using multiple devices
El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek Marczykowski-Górecki escribió: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > Hi, > > > > I have two network devices and one only USB controller, so both devices are > > in the same VM (sys-usb). I want to route some app-VMs by one network and > > the rest by the other network, for that I have created two firewall VMs but > > both are connected to the same network VMs because, as I commented, I can > > not divide the network devices in different VMs. > > By default all the traffic is going by only one network device. This is the > > configuration in my sys-usb: > > > > [user@sys-usb ~]$ ip route list > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src 172.20.2.255 > > metric 100 > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src 192.168.8.100 > > metric 100 > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > I know how to route a traffic to an specific IP using "ip route add" to a > > determined device network, but How can I route the complete traffic from > > one firewall VM by one device network and the traffic from other firewall > > VM by the other device network? > > Source based-routing is tricky in Linux in general. You can search for > some guides on the internet. > > But alternatively, on Qubes R3.2, you can assign one of those USB > devices to different VM - some separate netvm, or even one of those > firewallvms directly (and do not attach this firewallvm to any netvm). > It may work slightly slower, but should be much easier. Thanks for your tip Marek, but I am having an error with the USB assign: The ethernet adapter in the sys-usb VM: [user@sys-usb ~]$ lsusb ... Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 Gigabit Ethernet ... And when I try to assing them to the sys-net VM in dom0: [user@dom0 ~]$ qvm-usb sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_:9 sys-usb:4-9 8087:07dc 8087_07dc sys-usb:4-110bda:573c CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: printf: write error: Invalid argument Any idea or a detailed reference about this functionality? > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXrYojAAoJENuP0xzK19csd1AH/0xLELbOxgJSEbwImKU7OrYM > JVLl1hqGNx1iAy/6BGiV3IK0/CawomzVtoUcLli20WxTSjMqrrkoet5bRxWmZdYb > LWg2eHAjbFSL4hi20Rg6VPeYcFSy3BQH42YpfQnU2xlPjSXCCAJHfIbRsQpNJ8i3 > HPXcHfr3Gb1LqljgHjW/wrHzqc7T4uu4wGu28bPwow1EcSuVX8Ag7NZBeeqC1eDa > TjUOcmRXuY6BB7ofp2qzJQQBPHSMHdGM7G7QEEdxx1xy9E3knfs2i1HWKf2haR2s > uVfrCqsSjaTaoHFD3QSNk7gM6M6J1Eku9LUA4xosbbvN+H++O1jPfzXw98eXbxE= > =nMKF > -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9a28a599-886f-473a-8f3e-62e9dee836e4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 4.0 Hardware Requirements
The Qubes security team has written:
> Consequently, we have decided to move to hardware memory
> virtualization for the upcoming Qubes 4.0 release [4].
And Joanna has written:
> For Qubes 4 we want to move away from using PV as the default
> method of virtualization in favor of using hw-aided (i.e.
> SLAT-enforced) virtualization, which currently Xen offers as PVH.
I'm currently on an AMD Athlon system. Does this mean that in order to
use Qubes 4.0, I will have to upgrade my hardware? ('Cause that would
suck. :) )
Thanks.
JJ
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/94abcb654fb090a8e6471bc88ef47f53.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] USB Root Drive Corruption
This problem persists in 3.2rc2. (And I get 0 errors on the same USB drive under Tails. When I can find the SATA power connector around here somewhere, I'll try moving the drive direct onto the SATA bus.) > Thanks for the feedback. The fact USB is a bad idea all around for > security (and potentially stability), and the fact I was getting minor > corruption, should have been a warning to me to move the drive right onto > the SATA bus, rather than risking worse corruption. I guess I only have > myself to blame. > > I guess I'll "get back on the horse," lol, with the 3.2 release candidate, > and an internal drive. Qubes offers enough to keep on tryin'. > > Thankfully I run things in a relatively "amnesiac" fashion to start with, > so any useful or valuable data was on a separate, internal, encrypted hard > drive, and unharmed. > > Thanks. > >> johnyju...@sigaint.org: >>> Well, my wild enthusiasm with Qubes has turned into complete >>> frustration >>> and exasperation this morning. >>> >>> The "mild" corruption I was seeing on boot (running Qubes from a USB >>> 2.5" >>> HD) wasn't quite so mild the last time I booted. >>> >>> This time, rather than "recovering journal... done," the fsck spewed >>> more >>> than I've ever seen an fsck spew, and the filesystem was trashed. /var >>> ended up as a symlink to liblber-2.4.so.2.10.2. I found /var/lib/qubes >>> in >>> lost+found (along with 350 other directories). Argh! >>> >>> I'd highly recommend that nobody run Qubes 3.1 from an external USB >>> drive. >>> >>> I'm going back to another OS as my daily system. >>> >>> I'll probably give Qubes 3.2rc a try on an internal hard drive, as a >>> secondary OS, to see if that solves my HD and video corruption issues. >>> If >>> not, I'll probably wait for Qubes to mature a bit more before using it >>> in >>> any serious manner. >> >> I've run Qubes 3.0rc1 and Qubes 3.2rc1 from an external USD hard drive >> (for about a month each). 3.0rc1 encountered kernel panics about once >> per day (which wasn't the case when run from an internal drive) and >> booted much slower than from an internal drive, but I didn't notice any >> obvious drive corruption from it. 3.2rc1 had no issues whatsoever and >> wasn't much slower than internal. I haven't tried any release of 3.1. >> >> So, my guess is that the issue you're encountering either was fixed >> between 3.1 and 3.2rc1 (and didn't seem to exist in 3.0rc1), or is in >> some way unique to your setup. Maybe a hardware issue? >> >> Cheers, >> -Jeremy Rand >> >> -- >> You received this message because you are subscribed to the Google >> Groups >> "qubes-users" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an >> email to qubes-users+unsubscr...@googlegroups.com. >> To post to this group, send email to qubes-users@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/qubes-users/df5ff24c-c6ce-8dda-dfac-5f07bea4f9c0%40airmail.cc. >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/242ab62b9fdfba9c77ebf9748842b412.webmail%40localhost. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4a81af3ff3636f8193043810d9c82678.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] networking issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 17, 2016 at 02:35:20PM -0700, randallrba...@gmail.com wrote: > i have a bcm 4360 wireless card on my motherboard and I cant seam to get the > drivers installed. I was told to install this to net vm [CODE]wget > http://git.io/vuLC7 -v -O fedora23_broadcom_wl_install.sh && sh > ./fedora23_broadcom_wl_install.sh;[/CODE] but I ended up getting this mess > > [CODE][user@sys-net ~]$ wget http://git.io/vuLC7 -v -O > fedora23_broadcom_wl_install.sh && sh ./fedora23_broadcom_wl_install.sh; (...) > Package gcc-5.3.1-6.fc23.x86_64 is already installed, skipping. > Package kernel-devel-1000:4.1.24-10.pvops.qubes.x86_64 is already installed, > skipping. Here you have kernel-devel for 4.1.24, but ... (...) > KBUILD_NOPEDANTIC=1 make -C /lib/modules/`uname -r`/build M=`pwd` clean > make[1]: *** /lib/modules/4.1.13-9.pvops.qubes.x86_64/build: No such file or > directory. Stop. > Makefile:165: recipe for target 'clean' failed > make: *** [clean] Error 2 ... you're running 4.1.13-9. You can change kernel version for this VM in VM settings. Or you can simply update kernel-devel package. But that's not all: > install -D -m 755 wl.ko /lib/modules/`uname -r`/kernel/drivers/net/wireless > install: cannot create regular file > ‘/lib/modules/4.1.13-9.pvops.qubes.x86_64/kernel/drivers/net/wireless/wl.ko’: > Read-only file system /lib/modules/(kernel version) is mounted read-only, so you can't modify it. You can either switch to in-VM kernel[1], or keep that module (`wl.ko`) in some other directory and load it using `insmod /path/to/wl.ko`. The former method will require somehow more work, but will be easier to maintain later. [1] https://www.qubes-os.org/doc/managing-vm-kernel/#tocAnchor-1-1-3 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXtXpfAAoJENuP0xzK19csTxYH/3WqnU86tz8zN2XxTWpE9G2+ Ig3ENybBgocEr4CoWxuL2CG0uDVsLDaqsAf/R7YWGJ1SHtFCrBtAVh0RWcQqcuAG PmnwO5BqcbXJCxyyNZQqzh6c6rWAxd1Hfhs/eTO1l28iAe4UQFTMG3At20kGigVY A2EYudYPtc54/ByaEYQ9upqmyN9kLmXS+Kuo9mKRn2+A+BvJmzXeJ7iAkeyCtP7N hJnbvwX0I7rVC1CMPm6yfHp1716klQcI1i1//FmxAEd/kcSXBoMRxjvD6LpIwsF/ sqI16ppiUPc+RHQBp2oO/hhgc2jb8x7L6iKFoeVJFlKJcjx5zaNGdrqWFA4MYm4= =Dm91 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160818090535.GE9166%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problems with GUI Agent on Windows (was: Lenovo Thinkpad P50 Qubes)
On Friday, July 1, 2016 at 7:27:50 PM UTC+2, Peter M wrote: > On Sunday, June 19, 2016 at 5:08:09 PM UTC-6, derfa...@gmail.com wrote:hi > fellow p50ers, > > > > On Monday, May 16, 2016 at 2:25:07 PM UTC+2, Achim Patzner wrote: > > > > Am 16.05.2016 um 12:57 schrieb derfa...@gmail.com: > > > > > > > > on another note, i finally ended up deleting my usbvm. it would only come > > > up every third or fourth reboot, and if it didn't, i was not able to > > > start it up manually. > > > > > > The P70 has the same problem after updating the firmware to version 2.00; > > there seems to be some race condition affecting bus initialization and > > management engine/firmware. Waiting with entering the disk passphrase > > helps, turning the machine off before booting helps, too. Not auto-starting > > it doesn’t change anything so I’d expect it to be a Xen problem. > > > > i can happily confirm that this usb-vm issue seems to be resolved in qubes > R3.2-rc1. also, i updated the BIOS to 1.26 and, after reading in the lenovo > forums, updated the thunderbolt firmware to the latest version, which fixed > the HDMI output issue for me. > > > > Qubes R3.2 will fully support the Lenovo P50 out of the box! :D > > > > best, > > > > fake > > > > > > > Did you install it in EFI mode or without? Did you do clean install or > upgrade? > Tried doing clean install of 3.2 RC1 and it installs fine but when I select > Qubes on boot list it comes straight back. > > Any ideas? I sloved this issue after a HDD change. The original disk broke so i swapped it for a Skylake compatible NVMe M.2 SSD. Turns out, the BIOS will treat this drive slightly differently and there for qubes will as well. Either it's because the UUID keeps changing each boot and Qubes old core won't deal with this at all, or it's because it's simply the driver that's so "new" Fedora doesn't support it. Either way, this gave me the looping boot option menu when booting. --- Here's also the BIOS settings I've changed since factory defaults: Config -> Display: Total Graphics Memory = 512Mb Graphics Device = Discrete Security -> Virtualization: Virt. Tech. = Enabled VT-d = Enabled Security -> Secure Boot : Secure Boot = Disabled Startup -> UEFI/Legacy Boot: Mode = Both UEFI/Leg. Prio = Legacy First CSM Support = Yes -- Additional note regarding **hybrid vs discrete** graphics. You can without any "problems" use dedicated discrete graphics, what you might need to do is to build qubes on your own and edit ./qubes-builder/qubes-src/installer-qubes-os/livecd-creator-qubes and on the "kernel = " line, at the end add "nomodeset" and you should be fine. Again, this won't give you the nvidia driver per default from what understand but the graphics will be slightly sharper and snappier. It will also drain your battery quicker but hey, quick graphics and no lag is kinda awesome. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/133a1644-ba49-4249-ad41-5ed7fd2fb4bb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Altering the backup engine.
On Thursday, 18 August 2016 16:03:26 UTC+10, Alex wrote: > It looks like the Qubes Manager has an internal app for backup in > /usr/lib64/python2.7/site-packages/qubesmanager/backup.py, that manager > the window-based wizard, and uses the generic backup tool in > /usr/lib64/python2.7/site-packages/qubes/backup.py to get the job done. > > At the beginning of the latter I can see some definitions like > "DEFAULT_COMPRESSION_FILTER = 'gzip'", I think you may want to check > there. The compression filter defined there is passed to the command > line of various tar executions with --use-compress-program=%s. > > I don't think it is intented to be actually changed by users via the > GUI, but the fact that it has been moved to a definition at the > beginning of the file and that it is named "DEFAULT" may indicate that > is is intended to be customizable in a possible future extension. > > -- > Alex I just didn't understand how it went about it, it actually calls the qvm-backup from there. so it's already set up, but I don't think the program will use what I want because the tool I use is working differently for the passing of data to be compressed. But now I know how it does it, I will just build a unit for that to work for the one I use as well, not just the default. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13de45d2-e4dd-4567-8802-352f2d19247e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Altering the backup engine.
On 08/18/2016 07:52 AM, Drew White wrote: > Hi folks, > > Any davs here able to tell me how to set Qubes Manager default to use > a different archiving method other than gzip ? > > gzip is the default, but I don't know how or where to change it in > the manager code, I've tried to find the command it uses, but I'm > unable to find the command anywhere. Either I'm not looking in the > right place, or the command isn't what I believe it is. > > Please help? > > Sincerely Drew. It looks like the Qubes Manager has an internal app for backup in /usr/lib64/python2.7/site-packages/qubesmanager/backup.py, that manager the window-based wizard, and uses the generic backup tool in /usr/lib64/python2.7/site-packages/qubes/backup.py to get the job done. At the beginning of the latter I can see some definitions like "DEFAULT_COMPRESSION_FILTER = 'gzip'", I think you may want to check there. The compression filter defined there is passed to the command line of various tar executions with --use-compress-program=%s. I don't think it is intented to be actually changed by users via the GUI, but the fact that it has been moved to a definition at the beginning of the file and that it is named "DEFAULT" may indicate that is is intended to be customizable in a possible future extension. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7619c646-0f65-ff58-4bee-d12759b8ab3e%40gmx.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
