date:20170520

On 05/20/2017 11:51 PM, David Seaward wrote:
> Hi,
>
> Is it possible to change the desktop shell for dom0, for example from
> XFCE to GNOME?
>
> Additionally, I'm used to getting some degree of application/shell
> integration: notifications, tray icons, widgets (e.g. a controller for
> the music app). Do VM apps integrate with the dom0 shell?
>
> Regards,
> David
>

If you mean the terminal program, you could probably just install it:

sudo qubes-dom0-update gnome-terminal


As for AppVM notifications, if you're asking if tray icons appear in the
notification bar or if app pop up messages appear, they usually do work.
I don't know about desktop widgets, though; I'm thinking no.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofraa1%24puh%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Desktop shell choices & integration on dom0

2017-05-20 Thread David Seaward

Hi,

Is it possible to change the desktop shell for dom0, for example from
XFCE to GNOME?

Additionally, I'm used to getting some degree of application/shell
integration: notifications, tray icons, widgets (e.g. a controller for
the music app). Do VM apps integrate with the dom0 shell?

Regards,
David

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1495345894.25719.2.camel%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] is vpn made manually, not supposed to restart after suspend?

2017-05-20 Thread fooyreb

Helo,  So, I've setup a proxyVM for the VPN, via the "CLI version"
https://www.qubes-os.org/doc/vpn/

However, when I suspend Qubes, and wakeup Qubes, the networking is lost,
I then have to shut down or alter the network choice for 2-3 AppVMs that
use it and restart the ProxyVM, I'd rather not do this.

Is there some argument or tweak to change this type behaviour, or is
this by design, that this happens?   for my "security"  :)

I'd include the log, if I knew where to find the right one .

sorry if this isn't too qube-y of a question, maybe it is 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3a0dfe3-1ea4-ec23-7e8b-275d967428bd%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Why should I clone a template?

2017-05-20 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-05-20 21:59, Todd Lasman wrote:
> 
> On 05/20/2017 06:12 PM, Andrew David Wong wrote:
>> On 2017-05-20 19:43, Todd Lasman wrote:
>>> The dogma, as I understand it, is that it's safer to clone a 
>>> template, make changes to the clone, then base your AppVM's
>>> off of that cloned template.
> 
>>> - From the Qubes website: "It is highly recommended to clone 
>>> the original template, and make any changes in the clone 
>>> instead of the original template. The following command clones 
>>> the template. Replace your-new-clone with your desired 
>>> name..."
> 
>>> My question is, why? It seems to me that if you ever needed
>>> the original template back, you could just download it again
>>> from the repository. Am I missing something?
> 
>>> Todd
> 
> 
>> The main reasons are that user customizations are not guaranteed 
>> to be preserved in RPM-managed templates, and they're harder to 
>> back up and restore.
> 
> 
> 
> Hmm. Not sure I understand that logic. The cloned templates still 
> need to be managed and backed up, so where's the advantage?
> 

Being RPM-managed is different from being "managed" in a general
sense. Cloned templates need to be managed in a general sense, but
they do not need to be (and are not) RPM-managed. This is an advantage
if they're extensively customized by the user, since any changes
pushed to RPM-managed templates won't break the user customizations.

Cloned templates are easier to back up and restore than RPM-managed
templates. Trying to restore an RPM-managed on a Qubes machine with an
existing RPM-managed template of the same kind can be very difficult.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJZIQtuAAoJENtN07w5UDAwAfoQAL2legUgVIjasmV9hGr4ZTL9
NLfd7Za5soKa1lPmnpvTaaOvesKwbTWl8J++zQ0tH9gpn4oeDQnzWmcNvOLaY7Ow
x+k1shEC9VSBhY54CRRVlzKcL61Bfge0tqDqiWAoWknee7YYc81AyZlFeuJHVmO5
SBwFAUOENaHQZqbIAWNQnO1T/p3DKaTSldt4NHz1xl9ekLtFGQgGArg94PpRaNOX
Gq6M/Mn1eOgVkACDUQgP98EuSAqVH3PWdOjVOs/gCKN9eqNmh+V2wcZoCp0mueQo
+yiaz0kdNEIJtBSBVHfWN1271QSub0RSxDWU0A8fptfMASFkZWex7C1jxbTnXhWA
6+ZNG/UB7+JoEexMrapt0vycMGn7Cb97wCWDLeszPz0vitPAU9ei8x8nAFANzRQX
+gYHxTYGZMthTZ/S6vr9Z+a116i3/ay1kOYOsf5CJLqO5M1Mwt8S2cab0a5HJDSD
JfryBnu5HR2mQoej4IqYpMKhI9qqSonyrKOHSRyq+3dAjZxgZMZWzKaZXF7B+UuL
goFzPTVUDv3QSRnPi00ZS2eIOt4vnRqr/eiDmSaZ4HoNnxn9lyLWIfdxpzm9O6Fp
M7k1JXTJWNJZJU9Zmqypj2LFixZ77b4iCkbnkdHlA7vVdrpmclawT08MRTsjjY0i
toEv/3e1Ezy5HzgViq+I
=THST
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d3630f2-b4b5-e558-6e12-62c77d8d92e3%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Unable to install R3.1 / media check failure

2017-05-20 Thread wilberth . lemaitre

Hi,
I had the same issue with Rufus, then I used Etcher and it did work perfectly.
Check: https://etcher.io/
Hope it works for all!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46f03ad4-ed69-4dcc-9153-27b2650dd1fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Unable to install R3.1 / media check failure

2017-05-20 Thread wilberth . lemaitre

On Thursday, 21 April 2016 19:45:28 UTC-6, Cory Nelson  wrote:
> Hello,
> 
> 
> I'm attempting to install Qubes 3.1 but am having an issue during the media 
> check. It fails at 4.8% every time on two different laptops (Lenovo E540 and 
> Dell Inspiron 7548) and two different flash drives, so I figure I must be 
> doing something wrong. Install, as expected, also fails.
> 
> 
> I've built the flash drives using Rufus in DD mode as described on the Qubes 
> install guide, and have verified the checksum of the ISO. Beyond that, I'm 
> not sure the best way to diagnose the issue, I have unfortunately not 
> developed for Linux for several years and most of my in-depth knowledge has 
> faded. But, I am able to follow instructions.
> 
> 
> Thanks in advance for any help.

Hi,
I had the same issue with Rufus, then I used Etcher and it did work perfectly.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98eb3d95-69b2-46d9-8c8c-ed2188a2fcf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Why should I clone a template?

2017-05-20 Thread Todd Lasman


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 05/20/2017 06:12 PM, Andrew David Wong wrote:
> On 2017-05-20 19:43, Todd Lasman wrote:
> > The dogma, as I understand it, is that it's safer to clone a template,
> > make changes to the clone, then base your AppVM's off of that cloned
> > template.
>
> > - From the Qubes website:
> > "It is highly recommended to clone the original template, and make any
> > changes in the clone instead of the original template. The following
> > command clones the template. Replace your-new-clone with your desired
> > name..."
>
> > My question is, why? It seems to me that if you ever needed the original
> > template back, you could just download it again from the repository. Am
> > I missing something?
>
> > Todd
>
>
> The main reasons are that user customizations are not guaranteed to be
> preserved in RPM-managed templates, and they're harder to back up and
> restore.
>
>

Hmm. Not sure I understand that logic. The cloned templates still need
to be managed and backed up, so where's the advantage?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZIQKOAAoJEOaMWwQFV9eFyLkP/R3z2y1BcWTz0JqRywG2Bpss
blNct9980O5I2uMuRAn7wOplL06fIbOEtvarqbqby8WwvUVi4775/V7AF/zCCQ21
v9PIWJ1uqhhBoeO3aVVFk77CmMxS2M01rZShCjIjUCpsT/MiNCkJQNzDOdFYRJYQ
iEJRXrA+qSJrfwPucQaeBjaXErQfuLASbCs+3l/EMtSrYerof4vD9vMjgbR4P4cm
avJj9dpXmbiGWOtwz+Va9MGrvpNP4cYRoDbzDUSAWu4VceTQPHuloWq3xg9H94HF
stzwYdRxonwj1sVgtsVkdoI/ljdoaDL+h0vr4HUZKnsdM2+nfJk+VQWsoiKUwR1B
4xWr0zSKlCWLFLSCqRMw4ZTTx0WIqrWNmMPmcQaezMOdl7jJaG7mt9KyOkx6Nut2
HuaReIeUbifP2o2X7Sz/52n3zp8+jmEJW2n/vdoa1R9OCjDxT/4c1rxd8mjU/IRs
zZ9FcGgw4pQ8fqQGjY4ZAnLDlUmAvjuxq7qPMSrAmvpE7ho5wMyK/o9lP7S+C3Ny
bGWdDqNPPU0VMGzGQlfBytjZdVzvn8QlZTLdvuPLQHUPpOaVKf3+TEV69KquJFcO
4BZEHh11onr8SC64D/xWMonmXbtPuYpYKkh6zG+6gAzxo5JenLWUHkHiiKFtqRVg
wg/5IuEilrU/gIwpJuNU
=ExCY
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/43dcf593-04c8-d211-8c52-5e821ee23f7c%40nowlas.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VM kernel does not exist: /var/lib/qubes/vm-kernels/4.4.38-11/vmlinuz

2017-05-20 Thread Franz

On Sat, May 20, 2017 at 7:49 PM, Unman  wrote:

> On Sat, May 20, 2017 at 07:34:28PM -0300, Franz wrote:
> > On Sat, May 20, 2017 at 7:20 PM, Unman 
> wrote:
> >
> > > On Sat, May 20, 2017 at 04:27:24PM -0300, Franz wrote:
> > > > Hello,
> > > >
> > > > the usual trick of selecting other kernel in Qubes manager does not
> work
> > > > running
> > > > qvm-prefs -s kernel default
> > > > gives
> > > > A VM with the name 'kernel" does not exist in tne system
> > > >
> > > > ls /var/lib/qubes/vm-kernels/
> > > > gives
> > > > 4.4.55-11 4.4.62-12 4.4.67-12
> > > >
> > > > However one of the VMs does correctly starts. this one shows it is
> using
> > > > 4.4.55-11
> > > >
> > > > Best
> > > > Fran
> > >
> > > You are supposed to include the name of the qube you want to work on
> > > when using qvm-prefs.
> > > If you want to run against a number of qubes just script it with a bash
> > > script iterating over the names.
> > >
> > > unman
> > >
> >
> > Many thanks Unman, following your suggestion  I do not get errors with
> the
> > qvm-prefs command, but the same trying to start the VMs I get the same
> > error that makes the heading of this thread.
> >
>
> The recent update provided a new kernel - Qubes only maintains 3
> recent kernels, so one has been deleted. That's why you get this error.
> (A number of people have reported this.)
> You should be able to set the default kernel as you have tried - if this
> doesn't work for you just set one of the kernels that you DO have
> explicitly.
>
> unman
>


this is the first thing that I tried using Qubes manager. It worked in the
past when after an update the same thing happened, But it is not working
anymore now as I reported in the first post. None of the available kernels
work.

I even tried to create a standalone as a workaround, but it gives the same
error.

best
Fran

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAO2%3DOtddXBbHSfDA9-rG8_sOMC%2BZ_Qa9XAD_nX4nGKLA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Why should I clone a template?

2017-05-20 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-05-20 19:43, Todd Lasman wrote:
> The dogma, as I understand it, is that it's safer to clone a template,
> make changes to the clone, then base your AppVM's off of that cloned
> template.
> 
> - From the Qubes website:
> "It is highly recommended to clone the original template, and make any
> changes in the clone instead of the original template. The following
> command clones the template. Replace your-new-clone with your desired
> name..."
> 
> My question is, why? It seems to me that if you ever needed the original
> template back, you could just download it again from the repository. Am
> I missing something?
> 
> Todd
> 

The main reasons are that user customizations are not guaranteed to be
preserved in RPM-managed templates, and they're harder to back up and
restore.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJZIOlyAAoJENtN07w5UDAwXk0QAKK0qa179ZbyfW8iIqVvsnGS
UIVOYfQdg6PEMRUbncCXzDf83AP3u3E2DLN3tqCWtrwj5vKHDxQUx8EKziN+FIDL
Zu7EQ6txl5ruZYPo8RS4Q0C75QQFaImisgG1S1QN+B43eifjFzPIBfCkHNhsQELe
t9DUjWee/rOMZOvcPuAvj+VfOIokXsiyz7X+KL9DDXCbHRr6iFDAPYPRhkp8+0SK
N7nM3e0Rhd+ILJS5mYVrFjqd7VnjahQRDqIDbHjRPl8/mF+ZyqmCa/Ua69T0JDzE
j7oHVHTovWX5ApVmlsLCFEp7yc/6pnzob/1YqHMwR8NB+VN5h1Sf1C6oyGoooOg2
foL7kwtOJaQhzal9kh1M6Sq/xP6Vxw36oHR8U4dgZTpPABVzDNxJPVZLnkRkOJuc
yB88CgZKmD6H55gLYIepvXbQ9jBVooCIU81En3uhkEj9HTd+gTJVHa0akUtE4Oh3
aSe71lP6FdCkcmj/GK4DdkBw1DnVXgeBO/dFeyAp+zTdxI0wOYqVzdiwrOLpMX+a
mF3SaLkPznThJj+26pUdpAY8gag/5lBct2xvVgYelOkre+NCWAkBjE2/Pzt+8u3c
vEsbbXFJbohIc0Y1kBBSHuTkr8EzXTaBWXcOqYV8IAnR+/MxMiGI65VkKT73k9+n
4WHblzb7/V1T3Dx3TG/b
=ddOu
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3923cad9-50c4-1de0-458e-98aea6e44008%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] internet connection not working

2017-05-20 Thread aforete

My internet connection is not working, except in whonix. This seems
similar to the issue referenced in the faq:
https://www.qubes-os.org/doc/user-faq/#my-qubes-lost-internet-access-after-a-templatevm-update-what-should-i-do
But the proposed fix does not work.
I reinstalled qubes, but I still can't open any websites (and the answer
in the faq doesn't work after reinstallation).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/95eaee43-e930-6dfa-c7f1-b22bc8554d55%40cock.li.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] which things are, and which things are not encrypted on the disk.

2017-05-20 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-05-18 02:55, Zrubi wrote:
> On 05/18/2017 09:48 AM, pandakaas...@gmail.com wrote:
>> I recently came across this PDF file stating that dom0 and the
>> hypervisor (Xen) are stored unencrypted on the disk, because the
>> disk wouldnt be able to boot(According to the PDF). but as far as I
>> know, only /boot and GRUB are stored unencrypted.  so is this PDF
>> file wrong, or was I wrong (or both?).
> 
>> Here you have a link to the file, you can find it on page 7: 
>> http://www.cs.uu.nl/docs/vakken/b3sec/Proj15/QubesOS.pdf
> 
> 
> The Xen itself and the dom0 kernel (located in /boot) are both
> unencrypted.
> 
> This can be the reason using TPM and AEM:
> https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html
> https://www.qubes-os.org/doc/anti-evil-maid/
> 

And everything except /boot is encrypted with LUKS by default.
In particular, the contents of dom0 are also encrypted. See:

https://www.qubes-os.org/doc/custom-install/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJZIOdoAAoJENtN07w5UDAwoZ8QAJijXJxCcIM2Ze/yTtxMUef/
h3ROYup2mjHCscn2SOTRqmUj4Aa/aIByILaj1OAOEWzsRDb5Y/r6Vizjakg0dibK
HOfmIkTFFmbkeA8kHd2w5z7OrBiQCUcDt1rCz11CDgA1YWmLD/4sWigU2OK9J68h
9mj5mvwMbv7w4XE+O11LZww9SICBfV5y1akC3AdOS4Qasb7ujdx15X/rOlHEdcIQ
iZUVO9NmpFpQ/DWCzW/6BY1b+2rRV2HEd9KwRgRTexQ3AEfo+RY7i74PWbpHRtnS
FVREing5ogQe2R4F/9d1gYepHPw4YAThc0h8ZPjeHC4K67SxdcIHOL3ISbuxtSPL
c4pPHGvg8+lXzZ9JX1nYie5qvD8rK4dC+G78wWgba77fuCwTkjtGJR2ZUT5LaA3U
bnAAwSRO3IcJnd3ZK//uXqlJKyvxk/mNzT7AlG53FbZ92zghcBRc8wI0bS6tY76A
uCFN8P8qi9VuszQoJhxsTxe99yXz97M9VvoLY0CQC8I5HJFJEv73RTHFlchQZG8+
U8X/rq+y02RoRHLCwl3KEc8aYOZCMt9EC4p5VGeljlClo5mBSArujDkGEYTPJfk5
GV5vy2wU3m8s8CBC3J9wx/8c0gBufqXplfjrR3JwyoaEY2a6gFKpEF2U3KwmaLlW
Negatcg+YVAMvXotcROJ
=8WSK
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c1c1daa-8090-102d-60ae-b79d136c716a%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Why should I clone a template?

2017-05-20 Thread Todd Lasman


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 05/20/2017 05:51 PM, Reg Tiangha wrote:
> On 05/20/2017 06:43 PM, Todd Lasman wrote:
>> The dogma, as I understand it, is that it's safer to clone a template,
>> make changes to the clone, then base your AppVM's off of that cloned
>> template.
>>
>> - From the Qubes website:
>> "It is highly recommended to clone the original template, and make any
>> changes in the clone instead of the original template. The following
>> command clones the template. Replace your-new-clone with your desired
>> name..."
>>
>> My question is, why? It seems to me that if you ever needed the
>> original template back, you could just download it again from the
>> repository. Am I missing something?
>>
>> Todd
>
>
> Not really. It's more of a convenience thing and/or advice for those who
> have limited bandwidth or data caps on their internet connection. If you
> don't mind re-downloading the original template (which might be 1GB+)
> plus maybe hundreds of MBs worth of updates afterwards, then it's up to
> you. Otherwise, it's more bandwidth efficient to keep the stock
> templates up-to-date and clone them if you need to make more specialized
> templates later on.
>
>
Ok. That makes sense to me. Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e76538d-10e6-7c48-50ee-a7983eb296c5%40nowlas.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why should I clone a template?

On 05/20/2017 06:43 PM, Todd Lasman wrote:
> The dogma, as I understand it, is that it's safer to clone a template,
> make changes to the clone, then base your AppVM's off of that cloned
> template.
>
> - From the Qubes website:
> "It is highly recommended to clone the original template, and make any
> changes in the clone instead of the original template. The following
> command clones the template. Replace your-new-clone with your desired
> name..."
>
> My question is, why? It seems to me that if you ever needed the
> original template back, you could just download it again from the
> repository. Am I missing something?
>
> Todd


Not really. It's more of a convenience thing and/or advice for those who
have limited bandwidth or data caps on their internet connection. If you
don't mind re-downloading the original template (which might be 1GB+)
plus maybe hundreds of MBs worth of updates afterwards, then it's up to
you. Otherwise, it's more bandwidth efficient to keep the stock
templates up-to-date and clone them if you need to make more specialized
templates later on.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofqo9i%249m2%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Why should I clone a template?

2017-05-20 Thread Todd Lasman


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The dogma, as I understand it, is that it's safer to clone a template,
make changes to the clone, then base your AppVM's off of that cloned
template.

- From the Qubes website:
"It is highly recommended to clone the original template, and make any
changes in the clone instead of the original template. The following
command clones the template. Replace your-new-clone with your desired
name..."

My question is, why? It seems to me that if you ever needed the original
template back, you could just download it again from the repository. Am
I missing something?

Todd

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/712220ed-ca56-509a-ffe2-b5c47bdb14f3%40nowlas.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Wifi not reconnecting after sleep

On 05/20/2017 04:53 PM, Reg Tiangha wrote:
> On 05/20/2017 08:23 AM, Dominique St-Pierre Boucher wrote:
>> Hello Qubes users
>>
>> Everything was working fine until updates were installed a couples of week 
>> back. I was unable to get wifi access back after a sleep. My sys-net vm use 
>> a minimal debian stretch template and I never had a sleep issue before.
>>
>> I have included part of the syslog after the sleep. I you need more info, I 
>> still have the full syslog.
>>
>> Anyone have seen this before?
> What version of the kernel are you running?
>
> To find out, open up a terminal in dom0 and type in
>
> uname -r
>
>
And do it in sys-net as well, in case you're running different kernels
between the two for whatever reason.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofqhhl%241es%242%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Wifi not reconnecting after sleep

On 05/20/2017 08:23 AM, Dominique St-Pierre Boucher wrote:
> Hello Qubes users
>
> Everything was working fine until updates were installed a couples of week 
> back. I was unable to get wifi access back after a sleep. My sys-net vm use a 
> minimal debian stretch template and I never had a sleep issue before.
>
> I have included part of the syslog after the sleep. I you need more info, I 
> still have the full syslog.
>
> Anyone have seen this before?

What version of the kernel are you running?

To find out, open up a terminal in dom0 and type in

uname -r


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofqhce%241es%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VM kernel does not exist: /var/lib/qubes/vm-kernels/4.4.38-11/vmlinuz

On Sat, May 20, 2017 at 07:34:28PM -0300, Franz wrote:
> On Sat, May 20, 2017 at 7:20 PM, Unman  wrote:
> 
> > On Sat, May 20, 2017 at 04:27:24PM -0300, Franz wrote:
> > > Hello,
> > >
> > > the usual trick of selecting other kernel in Qubes manager does not work
> > > running
> > > qvm-prefs -s kernel default
> > > gives
> > > A VM with the name 'kernel" does not exist in tne system
> > >
> > > ls /var/lib/qubes/vm-kernels/
> > > gives
> > > 4.4.55-11 4.4.62-12 4.4.67-12
> > >
> > > However one of the VMs does correctly starts. this one shows it is using
> > > 4.4.55-11
> > >
> > > Best
> > > Fran
> >
> > You are supposed to include the name of the qube you want to work on
> > when using qvm-prefs.
> > If you want to run against a number of qubes just script it with a bash
> > script iterating over the names.
> >
> > unman
> >
> 
> Many thanks Unman, following your suggestion  I do not get errors with the
> qvm-prefs command, but the same trying to start the VMs I get the same
> error that makes the heading of this thread.
> 

The recent update provided a new kernel - Qubes only maintains 3
recent kernels, so one has been deleted. That's why you get this error.
(A number of people have reported this.)
You should be able to set the default kernel as you have tried - if this
doesn't work for you just set one of the kernels that you DO have
explicitly.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170520224910.GA1268%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VM kernel does not exist: /var/lib/qubes/vm-kernels/4.4.38-11/vmlinuz

2017-05-20 Thread Franz

On Sat, May 20, 2017 at 7:20 PM, Unman  wrote:

> On Sat, May 20, 2017 at 04:27:24PM -0300, Franz wrote:
> > Hello,
> >
> > the usual trick of selecting other kernel in Qubes manager does not work
> > running
> > qvm-prefs -s kernel default
> > gives
> > A VM with the name 'kernel" does not exist in tne system
> >
> > ls /var/lib/qubes/vm-kernels/
> > gives
> > 4.4.55-11 4.4.62-12 4.4.67-12
> >
> > However one of the VMs does correctly starts. this one shows it is using
> > 4.4.55-11
> >
> > Best
> > Fran
>
> You are supposed to include the name of the qube you want to work on
> when using qvm-prefs.
> If you want to run against a number of qubes just script it with a bash
> script iterating over the names.
>
> unman
>

Many thanks Unman, following your suggestion  I do not get errors with the
qvm-prefs command, but the same trying to start the VMs I get the same
error that makes the heading of this thread.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAvWnRdPYhF9%2Bxdz88SjMi7Kxqm5OdcF%2BxUPEQ66RyNnQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VM kernel does not exist: /var/lib/qubes/vm-kernels/4.4.38-11/vmlinuz

On Sat, May 20, 2017 at 04:27:24PM -0300, Franz wrote:
> Hello,
> 
> the usual trick of selecting other kernel in Qubes manager does not work
> running
> qvm-prefs -s kernel default
> gives
> A VM with the name 'kernel" does not exist in tne system
> 
> ls /var/lib/qubes/vm-kernels/
> gives
> 4.4.55-11 4.4.62-12 4.4.67-12
> 
> However one of the VMs does correctly starts. this one shows it is using
> 4.4.55-11
> 
> Best
> Fran

You are supposed to include the name of the qube you want to work on
when using qvm-prefs.
If you want to run against a number of qubes just script it with a bash
script iterating over the names.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170520222008.GB891%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] start application on startup

On Thu, May 18, 2017 at 01:24:28AM +, aforete wrote:
> Hello, I was wondering if there is a way of starting an application
> automatically on starting a vm in qubes. Say I want to start thunderbird
> once the 'work' vm starts up. I usually do this using a cronjob so I type
> crontab -e
> in a terminal in 'work' and add the line:
> @reboot /usr/bin/thunderbird
> I save and exit. I read the following page
> https://www.qubes-os.org/doc/dom0-tools/qvm-service/
> So I typed
> qvm-service -e work crond
> But either restarting the vm in 'Qubes vm manager' or stopping and
> starting, or rebooting the laptop doesn't make thunderbird start when
> 'work' does.
> Am I doing something wrong here? is there any other way to start
> applications once a vm starts?

I've never understood using cron for this sort of thing. If you try a
simple logging script you will see that the cron job is being triggered
on reboot. I suspect that what's happening here is that the cronjob is
triggered before the gui is set up.

You have the usual start up alternatives - try adding the command in
.profile (although I think this will get called 3 times, which may or may
not affect the target application). Or .bash_profile.
If you are concerned about the multiple system calls just use a
calling script that checks to see if the application is running and only
starts it if it isn't running.

An alternative approach would be to call the application that you want
to start with 'qvm-run -a' - this will start the qube and launch the
application. This is, of course, how the menu items work.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170520221524.GA891%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] CLI: How to read out the currently set base image for disposable VMs?

On Sat, May 20, 2017 at 09:28:48PM +0200, Johannes Graumann wrote:
> See subject line ;)
> 
> Joh

ls -l /var/lib/qubes/dvmdata/*

This will show you which dvmTemplate is being used to generate the
disposableVMs

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170520201034.GA449%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

On 05/20/2017 01:51 PM, Vít Šesták wrote:
>> I am wondering if Haswell and newer is more tightly
>> bound to the Intel ME to the point where those machines actually need
>> the driver enabled to work correctly. I don't think that's the case, but
>> a sanity check would be useful.
> It it just about testing if everything works well, or should I try to look at 
> something specific?
>
> Regards,
> Vít Šesták 'v6ak'

Mostly right now, I'm concerned about regressions in hardware support;
the hardware I have access to test on is limited (Sandy Bridge,
Westmere, and a Core 2 Quad Q6600) so while things work fine for me
(I've actually moved on to 4.11 in dom0 now since the Hardened Kernel
Community Project is working hard to port grsecurity features to that
tree and have made patches available), I don't know if this kernel will
work fine for others as is.

In regards to the ME, in addition to Intel hardware support working
properly, I suppose I'm curious if the machine will run longer than 30
minutes without the ME driver (although maybe that's just a Windows
thing; I don't know).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofq6vm%24p9i%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

> There's a 4.9.28 kernel in dom0 current-testing now, perhaps that might
> give you better hardware support?

Ah, something new! Thanks for noting. I'll try it and let you know.

> If you can give me the output of sensors-detect and lspci in dom0

Well, here you are: 
https://gist.github.com/v6ak/7b26ea38f62adb7d644248bd93360bf7

If you want the output for 4.9 kernel, I have to reboot first.

> And I'd also be interested in general feedback for the 4.9 kernel

OK, but you'll probably have to wait a bit.

> latest machine I have access to is a Sandy Bridge machine

Sounds like my previous 5y old laptop. This one was BTW perfectly supported by 
Qubes (wrt. HW limitations, mostly missing VT-d), even without using a newer 
kernel.

> I am wondering if Haswell and newer is more tightly
> bound to the Intel ME to the point where those machines actually need
> the driver enabled to work correctly. I don't think that's the case, but
> a sanity check would be useful.

It it just about testing if everything works well, or should I try to look at 
something specific?

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1464b17c-4c75-4eea-b965-a9a2bd5479d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Request for feedback: 4.9 Kernel

People may not have noticed, but there is now a 4.9 kernel in
current-testing (4.9.28 to be specific).

If the release schedule holds, then that should be migrated to stable
soon, however, before that happens, some feedback on that kernel would
be useful before it gets pushed to the majority of users.

Specifically, it'd be nice to know if:

1) Hardware that used to work with 4.4 or 4.8 no longer works with 4.9.

2) Hardware that didn't work with 4.4 or 4.8 still doesn't work.

3) If newer Intel platforms (i.e. Haswell or newer) works with this
kernel (I took out the Intel ME driver and the newest machine I have
access to is a Sandy Bridge machine; I have no issues, but I wonder if
Haswell or newer is tied more strongly to the Intel ME such that it
actually needs that driver in order t work properly). If there are Intel
hardware issues with this kernel, then I'll re-enable the driver in my
next Pull Request.

4) General feedback on the 4.9 kernel.

4.9.29 was just released today, so before I send in a Pull Request, let
me know how 4.9.28 performs and if changes to the kernel config may need
to be made.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofq67a%24n56%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Swap space and reducing memory usage?

> Edit /etc/default/grub in dom0 

Note that /etc/default/grub applies on legacy boot only. If you have UEFI (like 
me), you have to edit /boot/efi/EFI/qubes/xen.cfg in a similar way. Unlike with 
grub, you just save the file and reboot, without any need of regenerating any 
file. When I update kernel, it copies parameters from the latest one.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c171a9e-afcb-47be-8c76-3a072f5dcfbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] CLI: How to read out the currently set base image for disposable VMs?

2017-05-20 Thread Johannes Graumann

See subject line ;)

Joh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1495308528.6576.0.camel%40graumannschaft.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] VM kernel does not exist: /var/lib/qubes/vm-kernels/4.4.38-11/vmlinuz

2017-05-20 Thread Franz

Hello,

the usual trick of selecting other kernel in Qubes manager does not work
running
qvm-prefs -s kernel default
gives
A VM with the name 'kernel" does not exist in tne system

ls /var/lib/qubes/vm-kernels/
gives
4.4.55-11 4.4.62-12 4.4.67-12

However one of the VMs does correctly starts. this one shows it is using
4.4.55-11

Best
Fran

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCYP%2BVUHXroUvri6ud2q6CEgEdC3QMXX%3DtDdMX%2BfA7cow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Swap space and reducing memory usage?

Hello,


> I have a 16gb mem system which can't be upgraded any further to my knwoledge. 

What is the reason? CPU limits? MoBo limits? Soldered RAM? If the reason is 
just MoBo limit, you can just try to ignore it? My old laptop was officially 
able to have at most 8GiB RAM because of MoBo limits. I was told to ignore it 
and try 16GiB, as the memory controller is in the CPU, which can handle such 
amount of the memory. And it works well.

Also, my current laptop supports reportedly at most 16GiB. It currently has one 
16GiB module plus one unused memory slot. I believe it will work fine with 
16GiB+16GiB, as the CPU supports it. AFAIR, even some forum thread indicates 
this for this or some similar model.

For Intel CPUs, the memory limit can be found at https://ark.intel.com/ .

>I do not remember setting up a swap space during setup but I think it was set 
>up automatically though in the dom0 system monitor plugin the swap space 
>monitor never seems to move (stays at zero).

Note that Qubes has a separate swap for each VM. You can see details using cat 
/proc/swaps, htop or gnome-system-monitor, whichever you prefer. But any of 
them will show you the swap status just for the one VM you run it in. Default 
swap setup:

* dom0 - not sure
* PV appVMs - 1 GiB swap (this limit used to be hardcoded, not sure about the 
current status). Theoretically, you can add an extra swap, but I don't think it 
makes much sense.
* HVMs - depends on the guest OS

Also note that swap does not work well with memory balancing, because Qubes 
counts used swap as used memory. As a result, even if the VM has swapped some 
memory, it does not offer it to other VMs. There was some discussion about it 
in the past.

As far as I know, the only workaround on this fact is reducing the upper memory 
limit or even disabling memory balancing for the VM.

> Are there any recommended ways for reducing memory usage?

Note that VMs with some PCI device (most notably sys-net and sys-usb on clean 
install) have memory balancing disabled. It might be worth trying to reduce its 
memory to as low as 200MiB.

> If swap is not being used how can I enable it?

It depends on for what VM you want swap. When adding a swap for dom0, you might 
want the swap to be encrypted, ideally with a random key.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08b552c0-57c8-42a5-be19-3fc427803ce2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

On 05/20/2017 12:48 PM, Vít Šesták wrote:
> Hello,
> I am sending the HCL report.
>
> I am not sure what model number to use, because the commonly used 15-5578 
> refers to various configuration. But when I use TN-5578-N2-711S, it seems to 
> refer to very specific piece of hardware (with different CPUs, HDDs/SSDs 
> etc.), the number may also include they key labels (Czech and Slovak in this 
> case), which is too specific for HCL. This one has 16GiB RAM, 512GiB SSD and 
> i7-7500U CPU.
>
> The hardware is quite a new for Qubes 3.2. For this reason, I had to use a 
> newer kernel. With the original one, I had issues with suspend (always froze) 
> and GPU support. With the new one (probably the same you can install from 
> unstable), it is much better. See 
> https://groups.google.com/forum/#!searchin/qubes-users/5578|sort:relevance/qubes-users/v6_B7FHnNUE/NR-yv6OHBQAJ
>  for more details. I hope this will require no tuning with Qubes 4.0.

There's a 4.9.28 kernel in dom0 current-testing now, perhaps that might
give you better hardware support?

https://ftp.qubes-os.org/repo/yum/r3.2/current-testing/dom0/fc23/rpm/kernel-4.9.28-16.pvops.qubes.x86_64.rpm

If you can give me the output of sensors-detect and lspci in dom0, I can
double check to see if there are drivers for that hardware in the 4.9
tree and then see if they're enabled in the 4.9 kernel .config. The 4.9
kernel config when it comes to hardware support is mostly just a
forward-ported 4.4 kernel config with a few additional tweaks for
security (mainly taken from the Kernel Self Protection Project's
recommended settings).

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project

And I'd also be interested in general feedback for the 4.9 kernel; one
of the changes I made was to remove the Intel ME driver from it. The
latest machine I have access to is a Sandy Bridge machine, and while I
have no issues, I am wondering if Haswell and newer is more tightly
bound to the Intel ME to the point where those machines actually need
the driver enabled to work correctly. I don't think that's the case, but
a sanity check would be useful.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofq3oh%24gro%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [3.2] HCL report for Inspiron 15-5578 (AKA 15z Touch)

Hello,
I am sending the HCL report.

I am not sure what model number to use, because the commonly used 15-5578
refers to various configuration. But when I use TN-5578-N2-711S, it seems to
refer to very specific piece of hardware (with different CPUs, HDDs/SSDs etc.),
the number may also include they key labels (Czech and Slovak in this case),
which is too specific for HCL. This one has 16GiB RAM, 512GiB SSD and i7-7500U
CPU.

The hardware is quite a new for Qubes 3.2. For this reason, I had to use a
newer kernel. With the original one, I had issues with suspend (always froze)
and GPU support. With the new one (probably the same you can install from
unstable), it is much better. See
https://groups.google.com/forum/#!searchin/qubes-users/5578|sort:relevance/qubes-users/v6_B7FHnNUE/NR-yv6OHBQAJ
for more details. I hope this will require no tuning with Qubes 4.0.

With the new kernel, it still sometimes hangs on restore, but not always.

Despite the laptop has both USB2 and USB3 ports, it contains just a single USB
controller that also handles touchscreen, bluetooth and camera.

A similar model (5578 but with rather lower configuration) has TPM in the spec,
[1] so this one might also have one. I believe I have seen some TPM-related
config in BIOS setup. But Qubes does not detect the TPM, not sure why.

Wi-Fi requires putting "iwlmvm iwlwifi" to /rw/config/suspend-module-blacklist.
Without this, you WiFi stops working after suspend/resume.

HDMI sound just does not work. I haven't elaborated on it (it is rather nice to
have for me), but it works with Fedora 25 out of box, so there is a hope it
will work well with Qubes 4.

Jack works with 4-pin headset with microphone. I am currently not sure if the
button(s) on the headset do work. Well, there is a slight noise that is
perceivable when there is no sound output.

Touchscreen does not work, but this is a general issue with Qubes. When
implemented to qubes-input-proxy, it should work well.

I am unsure if there are some sensors like accelerometer, ambient light sensor
etc. If thy are there, they don't work with Qubes out of box. This also means
that tent mode does not rotate the screen automatically. However, when I switch
it to tablet mode (i.e., rotate the screen by 360 degrees), it turns keyboard
and touchpad off automatically.

There are few features I haven't tested: Bluetooth, Camera, card reader.

Few Qubes-unrelated notes:

* It does not have numpad, even the Fn does not allow pressing numbers on
numpad. You have to rely on number row (or external keyboard).
* When running without X11, the PC speaker is very loud. The first time I
header it, I got frightened a bit.

My reasons for the model: Good specs (16GiB RAM, reasonably large SSD, good
CPU), good size (15"-17.3") and looks good for Qubes (no dedicated GPU, VT-d
support).

Regards,
Vít Šesták 'v6ak'

[1]
https://www.microsoft.com/en-us/store/d/Dell-Inspiron-15-5578-Signature-Edition-2-in-1-PC/93Q8Z5QB65FB

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c5a3b2c3-510b-42a6-95fd-997c2ebbbefa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Qubes-HCL-Dell_Inc_-Inspiron_15_5578-20170520-194407.yml
Description: Binary data

[qubes-users] Re: HCL - Asus Laptop F556UA-UH71 i7-7500U Intel HD 620

2017-05-20 Thread 'Mike Freemon' via qubes-users


On 04/29/2017 05:36 PM, 'Mike Freemon' via qubes-users wrote:

Hello,

I'm a big fan of Qubes.  Keep up the excellent work.

My initial contribution to the cause is this HCL.

Qubes is working great on the titular laptop, but there were some
challenges to overcome during installation.

1.  UEFI.  Installing from USB.  I found that I had to disable CSM and
select boot partition 1 to get the installation media to boot.

2.  Touchpad.  The touchpad was not working.  To install with a USB
mouse, I set qubes.InputMouse to pass mouse events to Dom0.  Of course,
the USB mouse only works when sys-usb is running.

3.  Wireless.  I had to get the wireless working by using nmcli commands
(e.g. nmcli device wifi connect ).  I should add that some of this
was when I was trying to install via text only, which requires a little
more background info:  My initial install attempts were from legacy
booting, which failed to launch the graphical interface.  I tried to
continue with the installation via the text interface, which I never did
get working.  That's when I went back to step 1 and got it working via
UEFI / partition 1 with CSM disabled.

4.  Display Resolution.  The display was only 800x600.

The short version:  The display issues were caused by using a kernel
that is "too old" (for this hardware).

This hardware requires kernel 4.8.12 (to be more precise, all I can say
at the moment is that the minimum kernel version for this hardware is >
4.4.55 and <= 4.8.12).

Kernel 4.8.12 is only available from the unstable repository, so I had
to get Qubes installed in a "degraded" way before I could issue the
magic command:


qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel kernel-qubes-vm



A quick follow up on this hardware.

I found that the wireless NIC failed to work after suspend/resume.

The hardware is: Qualcomm Atheros QCA9377 802.11ac Wireless Network 
Adapter (rev 31)


There are several reports  of this hardware having problems with 
suspend/resume.


https://bugs.archlinux.org/task/53389?project=5=

https://forums.kali.org/showthread.php?31444-No-wireless-connection-after-sleep-suspend

http://jfcarter.net/~jimc/hardware/acer-e5-573g/setup.shtml

On this last one, the following is mentioned:  "Update: S3 becomes 
reliable if you leave it asleep or awake for at least 5 mins between 
state transitions."  This is potentially interesting (as a diagnostic 
test, not as a solution).  I have not confirmed this myself.


As will come as no surprise to readers of this list, unloading/reloading 
the kernel module did work around the problem.  Described here:


https://www.qubes-os.org/doc/wireless-troubleshooting/

In my case, the drivers to include in suspend-module-blacklist are:

ath10k_pci
ath10k_core
ath

Note: I also tried disabling VT-d as a test, which did not change/fix 
anything in my case.




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofasbk%24vep%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] start application on startup

2017-05-20 Thread aforete

Hello, I was wondering if there is a way of starting an application
automatically on starting a vm in qubes. Say I want to start thunderbird
once the 'work' vm starts up. I usually do this using a cronjob so I type
crontab -e
in a terminal in 'work' and add the line:
@reboot /usr/bin/thunderbird
I save and exit. I read the following page
https://www.qubes-os.org/doc/dom0-tools/qvm-service/
So I typed
qvm-service -e work crond
But either restarting the vm in 'Qubes vm manager' or stopping and
starting, or rebooting the laptop doesn't make thunderbird start when
'work' does.
Am I doing something wrong here? is there any other way to start
applications once a vm starts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d79418a-0ad4-9501-38db-bc71415627f1%40cock.li.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] https://www.qubes-os.org/doc/vpn/

2017-05-20 Thread fooyreb

Helo,  So, I've setup a proxyVM for the VPN, via the "CLI version"
https://www.qubes-os.org/doc/vpn/

However, when I suspend Qubes, and wakeup Qubes, the networking is lost,
I then have to shut down or alter the network choice for 2-3 AppVMs that
use it and restart the ProxyVM, I'd rather not do this.

Is there some argument or tweak to change this type behaviour, or is
this by design, that this happens?   for my "security"  :)

I'd include the log, if I knew where to find the right one .

sorry if this isn't too qube-y of a question, maybe it is 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1408d22c-012e-9a35-117d-4d83c17a25bd%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Swap space and reducing memory usage?

On 05/20/2017 10:51 AM, Gaiko Kyofusho wrote:
> I have a 16gb mem system which can't be upgraded any further to my
> knwoledge. I had thought this would be enough but I am running into
> memory errors more often than I would like. I admittedly open maybe
> 7-12 appvms so the obvious answer to my prob might be open less appvms
> but for my workflow that would be inconvient. I do not remember
> setting up a swap space during setup but I think it was set up
> automatically though in the dom0 system monitor plugin the swap space
> monitor never seems to move (stays at zero). 
>
> My questions are two fold I guess:
>
>  1. Are there any recomended ways for reducing memory usage?
>  2. How can I tell if swap is being used?
>  3. If swap is not being used how can I enable it?
>
I only have 8 GB of RAM and it can handle about 7-12 VMs, depending on
what I'm doing. But I tweaked my VM memory settings; leaving it to the
defaults makes it hard to run more than 4-5 VMs at the same time since
new ones won't start up because of a lack of RAM.

The first thing you can do is reduce the max amount of memory the AppVMs
use. By default, they're set to use between 400-4000 MB of RAM, but if
you look at your actual VM RAM usage in a terminal window by using the
top or free commands, you may find that your actual usage is a lot less
and can reduce that upper limit to something like 2000 MB or less. That
includes your service VMs like your firewall; you can probably reduce
the upper limit on sys-firewall to 300-400 MB rather than the 4000 MB
it's set to by default.

Or if you don't go crazy with various iptables firewall rules, you can
run the qubes-mirage-firewall from here as a replacement to sys-firewall:

https://github.com/talex5/qubes-mirage-firewall

I have mine running with only 32MB of RAM and things work fine (there's
a hack you may need to do to get DispVMs to connect to the internet
properly though, but regular VMs work fine with it).

Next thing to look at is the RAM allocated to dom0. By default, the
upper limit is 4096 MB but I reduced mine to 2048 MB and haven't
encountered any noticeable issues. In order to change it though, you
have to edit your GRUB config files and then reboot.

Edit /etc/default/grub in dom0 and change the dom0_mem=min and
dom0_mem=max values to match your needs. I set mine to 1024 and 2048
respectively, but you might be able to go even lower (say 512 and 1536
or something like that). Then, you'd need to regenerate
/boot/grub2/grub.cfg to get it to work permanently. I don't remember the
command off the top of my head, but you alternatively, you can edit that
file directly making the changes to all references of dom0 max and min
memory like you did with the previous file, save it, and it'll still
work once you reboot.

If you make those changes, that should help. There's no magic bullet as
to what to set those max memory settings to since it really depends on
how you use your VMs, so you may have to do a bit of profiling first to
figure out what your optimal max RAM values are for each case.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ofpt90%24njc%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Swap space and reducing memory usage?

2017-05-20 Thread Gaiko Kyofusho

I have a 16gb mem system which can't be upgraded any further to my
knwoledge. I had thought this would be enough but I am running into memory
errors more often than I would like. I admittedly open maybe 7-12 appvms so
the obvious answer to my prob might be open less appvms but for my workflow
that would be inconvient. I do not remember setting up a swap space during
setup but I think it was set up automatically though in the dom0 system
monitor plugin the swap space monitor never seems to move (stays at zero).

My questions are two fold I guess:

   1. Are there any recomended ways for reducing memory usage?
   2. How can I tell if swap is being used?
   3. If swap is not being used how can I enable it?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGpWZxPAUfQcs5O1vEOkgfcZJJ4_mAF9ro56%3D-6S%3DVZgZ8Z-9Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Connecting to WiFi?

2017-05-20 Thread pchilstrm

Update:

I ran a an update on the Dom0, restarted Qubes, and now I have Network Manager 
available in the systray. 

Everything seems to be good now. Huge thanks to the Qubes developers.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/127a88f6-bb06-49aa-9491-0b01b91cf48e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Wifi not reconnecting after sleep

2017-05-20 Thread Dominique St-Pierre Boucher

Hello Qubes users

Everything was working fine until updates were installed a couples of week 
back. I was unable to get wifi access back after a sleep. My sys-net vm use a 
minimal debian stretch template and I never had a sleep issue before.

I have included part of the syslog after the sleep. I you need more info, I 
still have the full syslog.

Anyone have seen this before?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3618a66-cf47-4dc2-aaa1-581de88c35fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
May 19 20:37:35 localhost kernel: [  190.118366] IPv6: ADDRCONF(NETDEV_UP): 
wlan0: link is not ready
May 19 20:37:35 localhost kernel: [  190.120769] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:35 localhost kernel: [  190.121832] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:40 localhost kernel: [  195.551126] iwlwifi :00:01.0: Failed 
to load firmware chunk!
May 19 20:37:40 localhost kernel: [  195.551138] iwlwifi :00:01.0: Could 
not load the [0] uCode section
May 19 20:37:40 localhost kernel: [  195.551151] iwlwifi :00:01.0: Failed 
to start INIT ucode: -110
May 19 20:37:40 localhost kernel: [  195.551155] iwlwifi :00:01.0: Failed 
to run INIT ucode: -110
May 19 20:37:40 localhost NetworkManager[521]:  [1495240660.7219] 
platform-linux: do-change-link[3]: failure changing link: failure 110 
(Connection timed out)
May 19 20:37:40 localhost NetworkManager[521]:   [1495240660.7222] device 
(wlan0): set-hw-addr: set MAC address to B2:F3:BC:27:26:7B (scanning)
May 19 20:37:40 localhost NetworkManager[521]:   [1495240660.7238] 
manager: NetworkManager state is now DISCONNECTED
May 19 20:37:40 localhost NetworkManager[521]:   [1495240660.7239] audit: 
op="sleep-control" arg="off" pid=1290 uid=0 result="success"
May 19 20:37:40 localhost kernel: [  195.566763] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:40 localhost kernel: [  195.568226] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:45 localhost kernel: [  200.671177] iwlwifi :00:01.0: Failed 
to load firmware chunk!
May 19 20:37:45 localhost kernel: [  200.671220] iwlwifi :00:01.0: Could 
not load the [0] uCode section
May 19 20:37:45 localhost kernel: [  200.671266] iwlwifi :00:01.0: Failed 
to start INIT ucode: -110
May 19 20:37:45 localhost kernel: [  200.671290] iwlwifi :00:01.0: Failed 
to run INIT ucode: -110
May 19 20:37:45 localhost wpa_supplicant[482]: Could not set interface wlan0 
flags (UP): Connection timed out
May 19 20:37:45 localhost wpa_supplicant[482]: nl80211: Could not set interface 
'wlan0' UP
May 19 20:37:45 localhost wpa_supplicant[482]: nl80211: deinit ifname=wlan0 
disabled_11b_rates=0
May 19 20:37:45 localhost kernel: [  200.682871] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:45 localhost kernel: [  200.683990] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:50 localhost kernel: [  205.791500] iwlwifi :00:01.0: Failed 
to load firmware chunk!
May 19 20:37:50 localhost kernel: [  205.791557] iwlwifi :00:01.0: Could 
not load the [0] uCode section
May 19 20:37:50 localhost kernel: [  205.791614] iwlwifi :00:01.0: Failed 
to start INIT ucode: -110
May 19 20:37:50 localhost kernel: [  205.791647] iwlwifi :00:01.0: Failed 
to run INIT ucode: -110
May 19 20:37:50 localhost wpa_supplicant[482]: Could not set interface wlan0 
flags (UP): Connection timed out
May 19 20:37:50 localhost wpa_supplicant[482]: WEXT: Could not set interface 
'wlan0' UP
May 19 20:37:50 localhost NetworkManager[521]:  [1495240670.9673] 
sup-iface[0x7f88f40048d0,wlan0]: error adding interface: wpa_supplicant 
couldn't grab this interface.
May 19 20:37:50 localhost wpa_supplicant[482]: wlan0: Failed to initialize 
driver interface
May 19 20:37:50 localhost NetworkManager[521]:   [1495240670.9675] device 
(wlan0): supplicant interface state: starting -> down
May 19 20:38:01 localhost NetworkManager[521]:   [1495240681.1774] device 
(wlan0): re-acquiring supplicant interface (#1).
May 19 20:38:01 localhost kernel: [  216.019459] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:38:01 localhost kernel: [  216.020586] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:38:06 localhost kernel: [  221.151097] iwlwifi :00:01.0: Failed 
to load firmware chunk!
May 19 20:38:06 localhost kernel: [  221.15] iwlwifi :00:01.0: Could 
not load the [0] uCode section
May 19 20:38:06 localhost kernel: [  221.151126] iwlwifi :00:01.0: Failed 
to start INIT ucode: -110
May 19 20:38:06 localhost kernel: [  221.151132] iwlwifi

Re: [qubes-users] Not using firewall rules correctly?

2017-05-20 Thread Gaiko

On Tuesday, May 9, 2017 at 9:53:30 PM UTC-4, cooloutac wrote:
> On Monday, May 1, 2017 at 10:53:04 PM UTC-4, Gaiko wrote:
> > On Mon, May 1, 2017 at 10:47 PM, Gaiko Kyofusho  
> > wrote:
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > On Sat, Apr 29, 2017 at 6:45 PM, Unman wrote:
> > On Sat, Apr 29, 2017 at 06:13:46PM -0400, Gaiko Kyofusho wrote:
> > 
> > > Thanks, I looked up about host files, and found the
> > 
> > > github.com/StevenBlack/hosts file which is handy but what I am still a bit
> > 
> > > confused about is where to put it. The reason I assumed dom0 before was I
> > 
> > > thought anything put in /etc/ would be erased on reboot which seems to be
> > 
> > > happening, is there someway around this or perhaps I should be putting it
> > 
> > > in the template?
> > 
> > >
> > 
> > 
> > 
> > You can put the file in /rw/config, and then in /rw/config/rc.local
> > 
> > include:
> > 
> > cat /rw/config/hosts >> /etc/hosts
> > 
> > Or you can use bind-dirs to make /etc/hosts survive a reboot.
> > 
> > 
> > 
> > 
> > Thanks. I am not sure how to bind dirs but I understand putting the file in 
> > the config dir and cat'ing it into /etc/hosts... but since those are write 
> > protected dirs would the rc.local execute those commands as root (or su or 
> > sudo not sure about the terminology here)? I ask because when i try:
> > 
> > 
> > 
> > source rc.local 
> > 
> > 
> > it gives me permission denied errors, I tried adding "sudo" in front but 
> > that didn't seem to help?
> > 
> > 
> > 
> > oops, sent prematurly. When I try to restart the vm, then go into the 
> > terminal and:
> > less /etc/hosts
> > 
> > 
> > it still seems to be the origonal and not updated hosts?
> 
> to filter http is a pain.  I use lists from iblocklist.com in peerguardian on 
> debian vm.  so you can use mouse to temp allow stuff sometimes. it blocks 
> like between 2 and 3 mil ip addresses.  only ipv4 though and probalby some 
> overlap.  I disable ipv6 in grub.  but you have to not use the pc or have 
> crazy discipline.

So when you say in a debian vm, do you happen to mean as a debian vm via proxy? 
Like in the middle of your vm?

Slightly off topic but would sites "see" host files or peergaurdian (ie 
blocking but not at the browser level) as blocking? Some sites give you guff 
about blocking and there is also the privacy aspect of making ones self even 
more unique.

thx!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eeea1d26-e628-4f35-ba65-00d599a333b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Not using firewall rules correctly?

2017-05-20 Thread Gaiko

On Tuesday, May 2, 2017 at 1:03:18 AM UTC-4, Drew White wrote:
> On Tuesday, 2 May 2017 12:53:04 UTC+10, Gaiko  wrote:
> > On Mon, May 1, 2017 at 10:47 PM, Gaiko Kyofusho  
> > wrote:
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > On Sat, Apr 29, 2017 at 6:45 PM, Unman wrote:
> > On Sat, Apr 29, 2017 at 06:13:46PM -0400, Gaiko Kyofusho wrote:
> > 
> > > Thanks, I looked up about host files, and found the
> > 
> > > github.com/StevenBlack/hosts file which is handy but what I am still a bit
> > 
> > > confused about is where to put it. The reason I assumed dom0 before was I
> > 
> > > thought anything put in /etc/ would be erased on reboot which seems to be
> > 
> > > happening, is there someway around this or perhaps I should be putting it
> > 
> > > in the template?
> > 
> > >
> > 
> > 
> > 
> > You can put the file in /rw/config, and then in /rw/config/rc.local
> > 
> > include:
> > 
> > cat /rw/config/hosts >> /etc/hosts
> > 
> > Or you can use bind-dirs to make /etc/hosts survive a reboot.
> > 
> > 
> > 
> > 
> > Thanks. I am not sure how to bind dirs but I understand putting the file in 
> > the config dir and cat'ing it into /etc/hosts... but since those are write 
> > protected dirs would the rc.local execute those commands as root (or su or 
> > sudo not sure about the terminology here)? I ask because when i try:
> > 
> > 
> > 
> > source rc.local 
> > 
> > 
> > it gives me permission denied errors, I tried adding "sudo" in front but 
> > that didn't seem to help?
> > 
> > 
> > 
> > oops, sent prematurly. When I try to restart the vm, then go into the 
> > terminal and:
> > less /etc/hosts
> > 
> > 
> > it still seems to be the origonal and not updated hosts?
> 
> The hosts file is one of the files in the base, so it's always replaced.
> 
> I recommend creating a hosts file in the /rw directory, then in rc.local 
> deleting the hosts file and creating a link to the one in /rw
> 
> That's what I do, and it works like a charm.
> 
> Other than that, you can set up an internal DNS server that hangs off the 
> proxyVM to handle all DNS requests from all other guests that hang off that  
> ProxyVM.
> 
> It's just another simple solution.

Thanks, I will give that a try.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19512c53-eb11-42f2-8af1-7411516cc06f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4.0 system requirements