[qubes-users] Re: install Qubes 3.2 Stucked at "Starting Switch Root..."
On Thursday, June 8, 2017 at 8:13:32 AM UTC+2, Paulo Marques wrote: > Hi Foppe, > > "You'll have to install it to a disk and dual-boot to it to get it to work" > According to Qubes Team that isn't a very good solution for security reasons > because the other system can be "taken" and your all qubes installation is at > risk, wright? > > Anyway, I've insttaled Fedora 23 and it seems to be running alright... Strictly, yes, but so long as your Qubes installation is encrypted, the risk isn't that big -- only if someone who can hack your hardware while you're in windows, can they then check out what you're doing while in Qubes. I don't have a dual-boot menu, though, I just tell the bios from which disk to boot. Anyway, until a live-USB comes out, that's the only way to test out Qubes. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d32b42f0-c92d-4d14-a575-52236fe580ba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: install Qubes 3.2 Stucked at "Starting Switch Root..."
Hi Foppe, "You'll have to install it to a disk and dual-boot to it to get it to work" According to Qubes Team that isn't a very good solution for security reasons because the other system can be "taken" and your all qubes installation is at risk, wright? Anyway, I've insttaled Fedora 23 and it seems to be running alright... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de257bc9-8543-4ce8-a330-8951bda75943%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: The more cores the merrier?
On Thursday, June 8, 2017 at 6:48:57 AM UTC+2, mojosam wrote: > I'm thinking about replacing one of my computers. I don't know if that will > be my Qubes machine or one of the others. I talked to the owner of the local > mom & pop computer shop. I said that I was considering getting an AMD > processor, because they have a lot of cores. He said that most applications > don't take advantage of more than four cores. I said that I want to run a > lot of VMs. He said even there it didn't matter much. > > I'm guessing that he might be thinking of type 2 hypervisors, which are > basically just another application running on Windows. I had assumed that a > type 1 hypervisor such as Xen with Qubes would be different. > > Does anybody know if that is true? If I buy a computer with 8 cores and set > up a VM to use 2 virtual CPUs, does Qubes assign 2 cores to it? > > If I have 3 VMs, each crunching intense numbers, does Qubes give them two > cores each? (That leaves the other 2 cores for running the OS.) > > Or is this naive, because CPUs and OSes are complex things and don't work > that simplistically? > > Or to simplify, assuming that an Intel CPU with 4 cores is roughly equivalent > to an AMD CPU with 8 cores, would Qubes with a lot of open & busy VMs run a > lot faster on the AMD machine? The number of cores allocated in Qubes is the maximum that single VM will use, if it has less to do, it'll just use fewer; so it's perfectly fine to allocate cores to more than one VM. I have a Ryzen 1600, with 4 threads assigned to most VMs, 8 to some, and 10 to my dev VM for compilation. Works fine that way. But if you intend to constantly run 3 concurrent CPU intensive tasks/VMs, it may make sense to assign them slightly more conservatively. Leaving aside overclocking, in terms of total compute performance the 1600x (6c/12t) is the equal of the i7-7700k (4c/8t, higher IPC + clock speed) -> http://techreport.com/review/31979/amd-ryzen-5-cpus-reviewed-part-two/3 the 1500x (4c/8t) is superior to the i5-7500 (4c/4t), and the 1600 far superior to the i5-7600k (4c/4t) (https://www.youtube.com/watch?v=MgHnLu6k0D4 ). And due to the availability of the extra cores & threads, everything runs a lot smoother. But yeah, it'll definitely also be faster at the same price point. Only issues atm are iommu support (which is there, but unpolished and still being worked on -- related to grouping/isolation), and doesn't fully work in Qubes 3.2), plus some other usual teething issues associated with the launch of a new platform (support for high speed memory, for instance). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbde67d1-3088-4136-a5db-12ce9a5e2bba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: install Qubes 3.2 Stucked at "Starting Switch Root..."
On Thursday, June 8, 2017 at 3:38:01 AM UTC+2, Paulo Marques wrote: > HI Foppe, > > Nothig more exept: > > "Error messages beneath the > efi: EFI_MEMMAP is not enabled. > esrt: ESRT header is not in the memory map. > are: > dracud-pre-trigger[402]: cat: /tmp/dd_disk: No such file or directory. > dracut-initqueue[511]: mount: /dev/sdb is write protected while booting the > installation device. " > > I've try also to follow this instructions (see links below) > > https://www.qubes-os.org/doc/uefi-troubleshooting/ > > https://www.reddit.com/r/Qubes/comments/6f2kuu/tutorial_for_those_having_installationboot/ > > > In the last link I was "new 48" (it didn't let me put my name on the > post/thread. > > Besides that I've tryied to install again either the 3.2 or the 3.1 version > (I thought it could be the download and so I download again and also the 3.1 > version) and it stuked again on the same place, if I change the boot to > legacy, it goes to a blue screen with intall/test and install/troublshoot > option and when I choose the last it goes to a text menu with 7 options to > fulfill but coudn't pass it either as it asks for a lurks password ??? > > I thought I could see if the images are good in a VM so I installed both > Virtualbox and VMware Workstation 12, I could install and run Qubes 3.1 from > the last (VMware) and Qubes 3.2 from the first(Virtualbox), but unfortunately > the late (3.2) couldn't have the sis-net active and so I couldn't run > practically no programs. (see Photos attached) > > Thank you for any suggestions > > best Regards Oh I see. Yes, Qubes doesn't work (or barely works) inside another VM, for a lot of reasons. You'll have to install it to a disk and dual-boot to it to get it to work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f880747e-6f6b-4872-980e-04e675b3d324%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: install Qubes 3.2 Stucked at "Starting Switch Root..."
Hi Cooloutac, I've tried Fedora 23 Installation and it seems to work well (I'm writing this from Firefox after the Fedora 23 installation) Tanks for your suggestions Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b79189f-f925-4be3-8cd8-cc27b0cd6deb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: updated to fedora 24, deleted Template for 23 , however menus remain
On 06/07/2017 04:29 PM, cooloutac wrote: On Wednesday, June 7, 2017 at 9:59:25 PM UTC-4, yreb-qusw wrote: went thru this https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ upgrade all the defaults however I'm still seeing the Fedora 23 Template Domain in the Applications menu pull downs https://www.qubes-os.org/doc/remove-vm-manually/ step 4 is prolly all you need but check them all. ah so, that seems to have worked ; seems like it might be an idea to add it to the end of the upgrade F23->24 page .. :) cc: 'thelist' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e6417d0-c904-9869-7300-eed08356e309%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] The more cores the merrier?
I'm thinking about replacing one of my computers. I don't know if that will be my Qubes machine or one of the others. I talked to the owner of the local mom & pop computer shop. I said that I was considering getting an AMD processor, because they have a lot of cores. He said that most applications don't take advantage of more than four cores. I said that I want to run a lot of VMs. He said even there it didn't matter much. I'm guessing that he might be thinking of type 2 hypervisors, which are basically just another application running on Windows. I had assumed that a type 1 hypervisor such as Xen with Qubes would be different. Does anybody know if that is true? If I buy a computer with 8 cores and set up a VM to use 2 virtual CPUs, does Qubes assign 2 cores to it? If I have 3 VMs, each crunching intense numbers, does Qubes give them two cores each? (That leaves the other 2 cores for running the OS.) Or is this naive, because CPUs and OSes are complex things and don't work that simplistically? Or to simplify, assuming that an Intel CPU with 4 cores is roughly equivalent to an AMD CPU with 8 cores, would Qubes with a lot of open & busy VMs run a lot faster on the AMD machine? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1088df2a-2e16-41ef-bcb0-54bdf7517704%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: install Qubes 3.2 Stucked at "Starting Switch Root..."
Hi Cooloutac, Thanks for the suggestions, I'm downloading Fedora 23 now and I'll Install it as soon as I'll get it ;) What do you mean by a " a discrete gpu installed"? My Cpu is an i5 core 6500 and as Intel® HD Graphics 530 included (I don't think I'm able do disable it in the bios) and my motherboard is an Z270-p from ASUS and have an Integrated Graphics Processor- Intel® HD Graphics support, is this what you are referring as a discrete gpu installed"? where can I disable it in the Bios? I don't intend to run Qubes in a VM since it was not built to it, it was just a way to see if the images downloaded were ok... ;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/70c1ff15-0093-48f1-92bb-84b1e8724e85%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root
On 06/07/2017 05:23 PM, Vít Šesták wrote: Boot-time race condition sounds plausibly: * It could explain not having this issue on my old laptop (SSD+HDD mix – Debian's root.img stored on SSD, volatile.img stored on HDD) and having the issue on the new one (SSD only), despite having almost the same config. (But I've performed a clean install, so I can't exclude other influences.) * The VM it works with has somewhat larger /rw/config/rc.local. It performs various tasks (installing some VM-specific software, adding a new trusted CA, enabling and starting few services etc.), none of them is directly related to environment variables. So, maybe either some load or delay in rc.local causes the race condition to be won. Regards, Vít Šesták 'v6ak' BTW, have you tried enabling 'jessie-testing' and updating to see if that helps? -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/448cca05-78ea-260c-aa0e-4e250ccfe2df%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root
On 06/07/2017 05:23 PM, Vít Šesták wrote: Boot-time race condition sounds plausibly: * It could explain not having this issue on my old laptop (SSD+HDD mix – Debian's root.img stored on SSD, volatile.img stored on HDD) and having the issue on the new one (SSD only), despite having almost the same config. (But I've performed a clean install, so I can't exclude other influences.) * The VM it works with has somewhat larger /rw/config/rc.local. It performs various tasks (installing some VM-specific software, adding a new trusted CA, enabling and starting few services etc.), none of them is directly related to environment variables. So, maybe either some load or delay in rc.local causes the race condition to be won. Regards, Vít Šesták 'v6ak' Based on my own attempts to get Qubes-VM-hardening working as a service in Debian 8, I'd say the startup chain in Debian 8 is rather fragile. Debian 9 has been more stable and its what I've been using for 98% of my computing needs for the past year. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4565d9d2-2b3a-776d-8f05-afeabfbb1a1f%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Major problem after trying to set up wireless connection
You also might have usb controller handoff options in bios you can see if make a diff as well. I'm pretty sure I disabled all of them, but I am using usb3.0 and can't remember if I have enabled or disabled handoff for xhci controller, I will check when i get a chance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/44ba34bc-7363-43bd-b8f6-00135ab6847a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Major problem after trying to set up wireless connection
On Wednesday, June 7, 2017 at 10:03:35 AM UTC-4, barber...@gmail.com wrote: > On Wednesday, June 7, 2017 at 12:17:00 PM UTC+1, barber...@gmail.com wrote: > > Ok let me start off by saying I am new to qubes. I have been enjoying using > > it for the past month. However I have come across a major problem I > > cannot log on to qubes or access any of my vm's after trying to enable > > wifi. As my keyboard and mouse have been disabled and I cannot enter user > > password. > > > > Let me try and explain the problem in full here > > > > So I was following this tutorial on youtube > > https://www.youtube.com/watch?v=qFwbQ06h8Qo > > > > from internet.me who I found to be very informative. Unfortunately for me > > when the msgbox appeared saying "do you allow domain sys-usb to execute > > qubes.InputMouse operation on the domain "dom 0" everything freezes > > permenantly and I cannot use keyboard or mouse any more. > > > > Eventually I restart machine and cannot input disk password however when I > > remove the hide_all_usb section from the grub I can now enter disk password > > but cannot enter the user password that follows. I am stuck here and cannot > > access any of my information which is important to my work. I have tried > > using a PS2 keyboard but have had no success. I have tried googling similar > > problems but they all assume I can access the dom0 domain. I would greatly > > appreciate any assistance anyone could provide. > > oh and I definitely did set the policy to allow...and I have removed usbs and > reinserted them...so Im not sure how this happened in the first place theres gotta be something you missed man, double check and try again. fwiw I also use a usb to ps2 adapter and use the mouse proxy for a usb mouse. does the ps2 kb adapter work in the bios? Some mobos have options for fast boot. or when usb controls are able to be used. The exact option is escaping me, but if you are able to use mouse in your bios you probably have the features I'm thinking of. double check anything that can be related. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7270733c-5667-4dc5-8ced-20921b857561%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)
On 06/07/2017 08:39 PM, alexey.kuzme...@gmail.com wrote: Hi All, I am experiencing the same problem with AEM v3.0.4 and TBOOT v1.8.2 on Thinkpad X1 Carbon 4th Gen (20FCS5CY00) where it reboots precisely after executing GETSEC[SENTER]. "min_ram" option does not help. My setup: * UEFI BIOS in LegacyBoot mode with SecureBoot disabled * Discrete TPM 1.2 and Intel TXT enabled with "Physical presence" feature disabled * Fresh Qubes3.2 installed on 1TB SSD (NVME device) with /boot on MBR partition of a 128G USB flash drive. * Xen 4.6.1 with kernel 4.4.14 * SINIT matches the platform as per the TBOOT log output Anybody had any success or ideas how to make it work? -- Alex Going by the comments in issue #2155, at least one person did get it to boot by upgrading tboot to version 1.9.4. I also upgraded tboot, but had already got it booting with the min_ram parameter... at this stage I don't know if the newer tboot is the factor that allows my system to boot with AEM. An additional issue which I'm still experiencing with AEM is sleep/wake not working. My other versions are Xen 4.6.5 and Linux 4.9.28-16 (from qubes*testing). -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d0c92fb-7c69-bd7e-67e4-e24cdcc3c27c%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Wednesday, June 7, 2017 at 6:22:30 PM UTC-4, pixel fairy wrote: > https://ipv6.he.net/certification/faq.php > > it should work if the nat supports ip protocol 41, which most do. > > worst case you would have to make a layer 2 vpn to some outside host and do > it from there. openvpn can do this. but remember youd have to run that vpn in > the appvm. thats another rabbit hole. this is probably another hole, but you > only have to figure it out once. as basic security the first thing I've always done to harden a box is to disable ipv6.most sane windows and ubuntu hardening guides will have that as the very first suggestion. I'm sure there is many reasons but for me its just the simple fact that things can leak/tunnel through cause not everything is designed to monitor ipv6 yet. Some firewall programs I use for example do not support ipv6. Also It is also noisier on logs for admins that can eyeball. Also sometimes its not just your endpoint that can be misconfigured but some remote host you are connecting to. Basically what you want to do I consider a security risk. My ISP also does not use ipv6 and I have no need for it either, unless just for some experimentation and learning. But i'm no expert and obviously you have your reasons and you should be able to do what you want. I just hope its not enabled by default... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6d734f2-0926-4cfa-9ef2-b8ec1001e800%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Changing DVM default settings on start
On Wednesday, June 7, 2017 at 8:30:45 PM UTC-4, atlahua wrote: > Hi there, > > Is there a way to change DVM's default settings on start? > > i.e. start a DVM instance with no network access when the default DVM > template usually starts with sys-whonix as a proxy VM. > > Regards, > A. one way would be to start the dvm from the terminal of an appvm that has no network access, since it will inherit those appvm firewall rules. There is probably better way that someone else can chime in. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/95039d3c-8c00-46ad-b67d-941b6eedbed1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: install Qubes 3.2 Stucked at "Starting Switch Root..."
On Tuesday, June 6, 2017 at 7:05:55 AM UTC-4, Paulo Marques wrote: > I cooloutac > > Thank you for your suggestions > > "I would play around with bios settings man. set turn off secure boot, hdd > mode ahci, use legacy boot. change csm settings, try auto, set to boot other > os. check usb settings, any other hdd settings." > > I've done all that already (I've been doing that since last tuesday...) :( :P > ;) > > "Does baremetal fedora install and run ok?" > I haven't tried that, just tried to run Fedora on a Virtualbox VM and it runs > ok > > As the usb device for qubes installation loaded and checked the files. > I've tried also to follow this link instructions (below) as the message in > the beginning of the installation says > > Error messages beneath the > efi: EFI_MEMMAP is not enabled. > esrt: ESRT header is not in the memory map. > are: > dracud-pre-trigger[402]: cat: /tmp/dd_disk: No such file or directory. > dracut-initqueue[511]: mount: /dev/sdb is write protected while booting the > installation device. > > I've trie also to follow this instructions (see links below) > > https://www.qubes-os.org/doc/uefi-troubleshooting/ > https://www.reddit.com/r/Qubes/comments/6f2kuu/tutorial_for_those_having_installationboot/ > > "In GRUB menu1, select “Troubleshoot”, then “Boot from device”, then press e. > At the end of chainloader line add /mapbs /noexitboot. > Perform installation normally, but not reboot system at the end yet." > > but Before I can perform installation normally it runs the text command line > (in a speedy way) (I think that's the ANACONDA installer wright?) and in the > middle stops the text and says > > "starting show plymouth boot screen..." > and doesn't get out of there... > > So I've to reboot again after a wile and whatever options I choose from the > menu ( 1)install Qubes 3.2, 2) preform a test and install, 3) troubleshoot > and verboose mode, and 4) rescue a qubes installation I always get stuked in > the same frase/fase of the installation. > > Any suggestions?? > > Regards I don't have any other suggestions except that running things in vbox or vmware is not same as baremetal. I would try to install fedora 23 iso as baremetal to your hdd. just to narrow it to a qubes specific issue or help point to a solution. also Do you have a discrete gpu installed? Try to disable it and use the onboard one. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1150eaf7-dc7a-4b5d-8c49-6bd4b8ecedca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: updated to fedora 24, deleted Template for 23 , however menus remain
On Wednesday, June 7, 2017 at 9:59:25 PM UTC-4, yreb-qusw wrote: > went thru this > https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ > > upgrade all the defaults > > however I'm still seeing the Fedora 23 Template Domain in the > Applications menu pull downs https://www.qubes-os.org/doc/remove-vm-manually/ step 4 is prolly all you need but check them all. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c55d2eef-d84a-4587-9e07-c730a5e4a4fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VM root image file gone after simply creating a VM Backup
Hello, I got an APP VM to the point where I wanted it and thought it would be best to clone it for the future. I tested it prior and it worked. But when I went through the backup steps on the Qubes VM manager it worked, but after that none of the app VMs worked - they would all report: " Qubes Error while starting the 'fedora-24' VM: VM root image file doesn't exist: /var/lib/qubes/vm-templates/fedora-23/root.img " I have started this process over twice now: Reload Qubes fresh Update dom0 Upgrade fedora-23 to fedora-24 I would save the template as "base fedora-24" I would continue and add the apps I want: Chrome, Dropbox and printer settings. I would save that template as well, different name. I would test the Work and Personal Chrome browsers, no problem, worked fine. I would then backup the final fedora-24 and store it in a folder in dom0, under /user/Downloads. After that it broke, again - error message as stated. 1 - Can anyone explain what happened? 2 - How can I fix this without starting over? Thank you, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ca306ba-3a25-435b-9d12-4bcdab755b4c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] updated to fedora 24, deleted Template for 23 , however menus remain
went thru this https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ upgrade all the defaults however I'm still seeing the Fedora 23 Template Domain in the Applications menu pull downs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67d984f3-d76e-b2c3-70db-1e5228b1e225%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Unusually quick shutdown
On Tuesday, June 6, 2017 at 10:48:58 PM UTC-4, Christopher Thacker wrote: > I recently moved from Qubes 2 to 3.2. > > Qubes 2 took a long time to shutdown, presumably because of the LUKS > encryption. > > I noticed Qubes 3.2 shuts down much faster. The progress bar at the screen's > bottom doesn't even finish (doesn't reach the end) before the machine shuts > down. > > Is this behaviour change ok? you can press esc during progress bar and see the boot messages. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dee7c904-6ff8-406c-ad5c-8fbfb927d9f2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)
Hi All, I am experiencing the same problem with AEM v3.0.4 and TBOOT v1.8.2 on Thinkpad X1 Carbon 4th Gen (20FCS5CY00) where it reboots precisely after executing GETSEC[SENTER]. "min_ram" option does not help. My setup: * UEFI BIOS in LegacyBoot mode with SecureBoot disabled * Discrete TPM 1.2 and Intel TXT enabled with "Physical presence" feature disabled * Fresh Qubes3.2 installed on 1TB SSD (NVME device) with /boot on MBR partition of a 128G USB flash drive. * Xen 4.6.1 with kernel 4.4.14 * SINIT matches the platform as per the TBOOT log output Anybody had any success or ideas how to make it work? -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/298d610f-14cd-43d4-b721-ac75dd69485e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Documentation for upgrading Fedora 23 to 24
On Wednesday, June 7, 2017 at 1:33:31 PM UTC-4, Patrick Bouldin wrote: > Hi, I started with a fresh install of Qubes 3.2 > > Then I upgraded dom0 > > Then I decided to upgrade fedora-23 to fedora-24 using the steps here: > > https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ > > > I followed the "summary" instructions at the top. Then I decided to remove > fedora-23 from the system and added in some of the commands from the detail. > > This caused the image of fedora-24 to disappear as well. Note, one command I > used was: > > sudo dnf remove qubes-template-fedora-23 (and indeed I ensured I typed 23, > not 24). > > > When launching the VM it indicated there was no image file. > > So I'm doing this all over, loading a new Qubes. Question though, can someone > please edit these instructions to include deleting fedora-23 properly? > > They are: > > [user@dom0 ~]$ qvm-clone fedora-23 fedora-24 > [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img > [user@dom0 ~]$ qvm-run -a fedora-24 gnome-terminal > [user@dom0 ~]$ qvm-block -A fedora-24 > dom0:/var/tmp/template-upgrade-cache.img > [user@fedora-24 ~]$ sudo mkfs.ext4 /dev/xvdi > [user@fedora-24 ~]$ sudo mount /dev/xvdi /mnt/removable > [user@fedora-24 ~]$ sudo dnf clean all > [user@fedora-24 ~]$ sudo dnf --releasever=24 > --setopt=cachedir=/mnt/removable distro-sync > > (Shut down TemplateVM by any normal means.) > > [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img > [user@dom0 ~]$ qvm-trim-template fedora-24 > > Thanks, > Patrick read the long list of instructions, thats what I did. Those short list of instructions might skip some steps. or include ones you don't need. doublecheck with the full instructions. They might indeed need a correction but following the full instructions should work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7a12ec2b-9326-4c9e-b61a-cfc59e70c06f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: VM refused to give back memory in dom0 ?
On Wednesday, June 7, 2017 at 3:48:17 PM UTC-4, yreb-qusw wrote: > This is just a random thing, no need to reboot the VM when I see this ? I always do everytime I see a yellow triangle. Guess I'm just being paranoid. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/075602a7-140e-412f-9e8d-89fdd9f7ba35%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Changing DVM default settings on start
Hi there, Is there a way to change DVM's default settings on start? i.e. start a DVM instance with no network access when the default DVM template usually starts with sys-whonix as a proxy VM. Regards, A. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/629e674a3bff94aec102ff5c4883c618%40krutt.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Question(s) regarding Qubes minimal templates
Hey all, Thanks in advance to those kind enough to entertain these questions! - Given that more installed applications generally create a larger attack surface, why aren't the minimal templates set as the default templates for sensitive VMs such as the SysVMs? - Is this just a matter of convenience and/or usability? - Presuming this is planned for future releases, are there any particular changes or precautions that should be made/taken by those who opt to use a 'raw' minimal template as their TemplateVM for the aforementioned VMs? - Are there any significant protections afforded by the full-featured VM images that are absent in the appropriately configured minimal VMs [going by the current Qubes documentation]? Any pitfalls exposed by the latter? Best, TN Sent with [ProtonMail](https://protonmail.com) Secure Email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3FF2R8eHmwUOr3F2_ueuFAG9XRtJWBiID0s-mGm9cYSpKZk4pODF9YCujs_VonqdA-hdX1-2JqGWP73C3dexm9rc95CwuBlLtHCamQUkKr0%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - HP Spectre x360 15" 2016
Also tested successfully with firmware F.12 . On Thursday, May 25, 2017 at 4:19:32 PM UTC-4, Bill Carter wrote: > Beware during setup portion of install, NOT to select the sys-usb creation > option. The install will hang on that portion. Simply add afterward. > Disable SecureBoot. UEFI functions correctly. > > = > Bill Carter > PGP KeyID D5400378 > > On Friday, April 21, 2017 at 11:34:21 PM UTC-4, Bill Carter wrote: > > Attached! > > > > > > > > > > > > > > > > > > > > = > > Bill Carter > > > > bill...@gmail.com -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04732298-a687-4598-b828-10b594678f0e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to stop sys-whonix and sys-firewall from starting on boot?
Would this require a CLI command to disable or is this possible through Qubes Manager? I've noticed that whenever I deselect the "Start VM automatically on boot" option in the QM settings area [for sys-net and sys-firewall specifically] they still continue to boot up at system startup. Best, TN Sent with [ProtonMail](https://protonmail.com) Secure Email. Original Message Subject: Re: [qubes-users] How to stop sys-whonix and sys-firewall from starting on boot? Local Time: June 7, 2017 10:35 PM UTC Time: June 7, 2017 10:35 PM From: un...@thirdeyesecurity.org To: mari...@grrlz.net qubes-users@googlegroups.com On Wed, Jun 07, 2017 at 08:24:36PM +, mari...@grrlz.net wrote: > I have already disabled that option on the VM's settings and I have also > disabled automatic updates on Qubes Manager general settings but nothing > changed. > Any ideas? If you have any other qubes set to start automatically, then the upstream qubes will be started too. The default netvm is started automatically - you can stop this by disabling the qubes-netvm service in dom0. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607223539.GE5307%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6N6eQ_87HTlq-5m3O1wPgBZn9qMVujHXuASz7IOcxgyktvRD8vfIaU0nDexeUB7maGYzDPTrcC2fkwmVL2QIq0Ttwib0LsOEUOjdS6GqAo%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] "Restricted" applications launchable from AppVM via terminal?
Thank you for the quick answer, unman! I appreciate the added clarity. Sent with [ProtonMail](https://protonmail.com) Secure Email. Original Message Subject: Re: [qubes-users] "Restricted" applications launchable from AppVM via terminal? Local Time: June 7, 2017 10:39 PM UTC Time: June 7, 2017 10:39 PM From: un...@thirdeyesecurity.org To: Tomei Ningen qubes-users On Wed, Jun 07, 2017 at 06:14:03PM -0400, 'Tomei Ningen' via qubes-users wrote: > Hi all, > > I'm not sure whether anyone else has noticed this, if this is a feature/bug, > or if I'm simply misunderstanding what should be occuring, but I noticed that > despite ostensibly restricting applications from running within a given VM > via Qubes Manager by curating the "Selected" application list (VM settings > > applications > 'Available' / 'Selected'), I'm still able to launch whatever > arbitrary application from the command line. Is this intentional? > > Best, > TN > That's just a simple way of adjusting the applications that appear in the Menu for that qube. It's not a way of restricting what applications can be run in the qube. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/D52X0pjB-b7-a5sf9VPqVsm9YVVbrojWn43TbLmveaoYuTV3uAYE4ZH00AYzMTmL8-rrJymWW1zl3Vfcqgip2iDClZ8CIyRK7PnB59y0BKo%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] "Restricted" applications launchable from AppVM via terminal?
On Wed, Jun 07, 2017 at 06:14:03PM -0400, 'Tomei Ningen' via qubes-users wrote: > Hi all, > > I'm not sure whether anyone else has noticed this, if this is a feature/bug, > or if I'm simply misunderstanding what should be occuring, but I noticed that > despite ostensibly restricting applications from running within a given VM > via Qubes Manager by curating the "Selected" application list (VM settings > > applications > 'Available' / 'Selected'), I'm still able to launch whatever > arbitrary application from the command line. Is this intentional? > > Best, > TN > That's just a simple way of adjusting the applications that appear in the Menu for that qube. It's not a way of restricting what applications can be run in the qube. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607223910.GF5307%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - ASUSPRO B9440U
Hello Having played with Qubes 3.2 on my new laptop for a couple weeks, it is time to share my findings. The HCL file is attached to this email. ASUSTeK COMPUTER INC B9440UA Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Intel Corporation Wireless 8260 (rev 3a) qubes: R3.2 xen: 4.6.5 kernel: 4.8.12-12 In general things started to work out ok once I upgraded the kernel to 4.8.12, there was all sorts of weird problems before that upgrade, which I will spare you. Status with kernel 4.8.12-12: Wifi, keyboard, touchpad & screen works. Batterystatus indicator seems to be honest. Daily use in general works fine. I have created an usb-vm, a windows10 vm as well as several others and used the machine for daily work (java development, databases, email etc) for a while. Performance and responsiveness when running 4-5 vms and quite a few memory hungry applications is surprisingly good. Keyboard backlight cannot be turned on. Battery life is only half as good as advertised by ASUS. Powermanagement will blank the screen but hibernation and suspend to disk does not work. There is an error message along these lines "powersave verb not supported" when the machine was supposed to go into hibernation or suspend to disk. High res video eg. youtube is awfully slow & jerky in the fedora vms (haven't tried in windows ot debian vms yet). I suppose software rendered rather than GPU pass-through. I have not yet looked into if this might be configurable or some other drives might be available etc. Audio does not work. When I add the "Audio device" to a VM using the "VM manager" I get a "You've enabled dynamic memore balancing, some devices might not work!" message. When I press on and try to start the vm, it fails to start with the message: "Internal error: unable to reset PCI device, no FLR, PM reset or bus reset available". The Asus MiniDock that came with the laptop works like a charm (It is a tiny USB-C 3.1 -> HDMI, USB-3.0 and USB-C 3.1 device). I have tested it with a 2560x1440 monitor, a VGA projector and a USB stick. No problems observed. The Asus SimPro Dick 1A works partly. USB-3.0 and the powerbutton works. Ethernet does not work. No ethernet device shows up when plugged in. External monitors, does show a picture during boot. Erratic behavior after login, sometimes it works fine, sometimes one or both external monitors goes blank complaining of "no signal". Picture quality seem ok when there is a picture. Not yet tested: Audio, USB-C and SD-card reader -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1496875111.973.29.camel%40elof.dk. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-ASUSTeK_COMPUTER_INC_-B9440UA-20170608-000530.yml Description: application/yaml
Re: [qubes-users] How to stop sys-whonix and sys-firewall from starting on boot?
On Wed, Jun 07, 2017 at 08:24:36PM +, mari...@grrlz.net wrote: > I have already disabled that option on the VM's settings and I have also > disabled automatic updates on Qubes Manager general settings but nothing > changed. > Any ideas? If you have any other qubes set to start automatically, then the upstream qubes will be started too. The default netvm is started automatically - you can stop this by disabling the qubes-netvm service in dom0. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607223539.GE5307%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VM refused to give back memory in dom0 ?
On Wed, Jun 07, 2017 at 09:48:09AM -1000, yreb-qusw wrote: > This is just a random thing, no need to reboot the VM when I see this ? > > No need at all. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607223031.GD5307%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Active tasks in sys-net
On Wed, Jun 07, 2017 at 02:43:10PM +, brenso...@mac.hush.com wrote: > Hi all > Recently I have installed Qubes and started to read some docs but > haven't found an answer to this. > > I would know if there are applications or tasks in > sys-net/sys-firewall that benefit of internet connection, because I > see an active internet transmission before I begin to surf. > > Thanks, > This would depend on what templates you are using, and how they are configured. You can, if you wish, set custom iptables rules in sys-net and sys-firewall to restrict traffic from those qubes, or deny it completely. At a minimum there is the clockVM which will look up time. There is a function to check for updates - this is a service that you can turn off. (Look in Global Settings in Qubes Manager.) Fedora has (had?) a function to check for network connectivity. Most of these can be removed/disabled. You could run tcpdump in sys-net and capture the traffic if you want to be absolutely certain of what is happening. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607222933.GC5307%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
https://ipv6.he.net/certification/faq.php it should work if the nat supports ip protocol 41, which most do. worst case you would have to make a layer 2 vpn to some outside host and do it from there. openvpn can do this. but remember youd have to run that vpn in the appvm. thats another rabbit hole. this is probably another hole, but you only have to figure it out once. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c37e74f1-575e-4c2c-b15f-b5d5e9e48d72%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] No longer displays attached external hdd
On Wed, Jun 07, 2017 at 09:24:07PM +, Christopher Thacker wrote: > > > > Could you try to avoid top posting? It makes the flow difficu;t to > > follow. > > > > No, if you create a USB qube you will then be able to attach devices to > > other > > qubes as you did before. The advantage is that you reduce the risk of > > dom0 compromise. > > (I cant guarantee this is your problem, but it does seem likely.) > > > > Sorry, I don't understand. Do you mean write here instead of at the top? > > Thanks! > > > > > -- > -- Christopher Thacker Yes, it's one of the posting guidelines. I know that some people find it difficult, (and their mailer makes it more difficut to do this), but it's a good standard to use. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607221851.GB5307%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root
On Wed, Jun 07, 2017 at 02:23:45PM -0700, Vít Šesták wrote: > Boot-time race condition sounds plausibly: > > * It could explain not having this issue on my old laptop (SSD+HDD mix – > Debian's root.img stored on SSD, volatile.img stored on HDD) and having the > issue on the new one (SSD only), despite having almost the same config. (But > I've performed a clean install, so I can't exclude other influences.) > * The VM it works with has somewhat larger /rw/config/rc.local. It performs > various tasks (installing some VM-specific software, adding a new trusted CA, > enabling and starting few services etc.), none of them is directly related to > environment variables. So, maybe either some load or delay in rc.local causes > the race condition to be won. > > Regards, > Vít Šesták 'v6ak' It does sound plausible. But how is it that a vanilla template on SSD doesnt show the problem? If this were the case I would have thought there would be many reports. If you put a long delay in to rc.local in one of the problematic qubes does that solve the problem? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607221445.GA5307%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qube Install fail. due to unsupported hardware.
I have created a USB install media using DD. (Qube V 3.2) I have tested media with other older computers and it works. The Laptop I am trying to install to is a; #Acer predator G9-593-74N1 I have a "GeForce GTX 1070" Mobile chip. i'm assuming the GFX card is the issue. I can install via the TUI for some reasion. When I select HDD option (5) It doesn't prompt me for an excription key for LUKs then posts an error saying I didnt supply a key. How to I add the correct nvida drivers to the install media? Hardware via lspci; $ lspci 00:00.0 Host bridge: Intel Corporation Skylake Host Bridge/DRAM Registers (rev 07) 00:01.0 PCI bridge: Intel Corporation Skylake PCIe Controller (x16) (rev 07) 00:14.0 USB controller: Intel Corporation Sunrise Point-H USB 3.0 xHCI Controller (rev 31) 00:14.2 Signal processing controller: Intel Corporation Sunrise Point-H Thermal subsystem (rev 31) 00:15.0 Signal processing controller: Intel Corporation Sunrise Point-H Serial IO I2C Controller #0 (rev 31) 00:16.0 Communication controller: Intel Corporation Sunrise Point-H CSME HECI #1 (rev 31) 00:17.0 RAID bus controller: Intel Corporation 82801 Mobile SATA Controller [RAID mode] (rev 31) 00:1c.0 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #3 (rev f1) 00:1c.3 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #4 (rev f1) 00:1c.4 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #5 (rev f1) 00:1f.0 ISA bridge: Intel Corporation Sunrise Point-H LPC Controller (rev 31) 00:1f.2 Memory controller: Intel Corporation Sunrise Point-H PMC (rev 31) 00:1f.3 Audio device: Intel Corporation Sunrise Point-H HD Audio (rev 31) 00:1f.4 SMBus: Intel Corporation Sunrise Point-H SMBus (rev 31) 01:00.0 VGA compatible controller: NVIDIA Corporation GP104M [GeForce GTX 1070 Mobile] (rev a1) 06:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32) 0b:00.0 Ethernet controller: Qualcomm Atheros Killer E2400 Gigabit Ethernet Controller (rev 10) Xorg.log [ 136.260] (WW) Failed to open protocol names file /usr/lib64/xorg/protocol.txt [ 136.260] X.Org X Server 1.18.3 Release Date: 2016-04-04 [ 136.260] X Protocol Version 11, Revision 0 [ 136.261] Build Operating System: 4.4.9-300.fc23.x86_64 [ 136.261] Current Operating System: Linux localhost 4.4.14-11.pvops.qubes.x86_64 #1 SMP Tue Jul 19 01:14:58 UTC 2016 x86_64 [ 136.261] Kernel command line: inst.stage2=hd:LABEL=Qubes-R3.2-x86_64 i915.preliminary_hw_support=1 quiet rhgb rd.live.check [ 136.261] Build Date: 30 June 2016 11:04:38PM [ 136.261] Build ID: xorg-x11-server 1.18.3-3.fc23 [ 136.261] Current version of pixman: 0.34.0 [ 136.261]Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. [ 136.261] Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. [ 136.261] (++) Log file: "/tmp/X.log", Time: Sat May 27 06:20:01 2017 [ 136.262] (==) Using config directory: "/etc/X11/xorg.conf.d" [ 136.262] (==) Using system config directory "/usr/share/X11/xorg.conf.d" [ 136.286] (==) No Layout section. Using the first Screen section. [ 136.286] (==) No screen section available. Using defaults. [ 136.286] (**) |-->Screen "Default Screen Section" (0) [ 136.286] (**) | |-->Monitor "" [ 136.292] (==) No monitor specified for screen "Default Screen Section". Using a default monitor configuration. [ 136.292] (==) Automatically adding devices [ 136.292] (==) Automatically enabling devices [ 136.292] (==) Automatically adding GPU devices [ 136.292] (==) Max clients allowed: 256, resource mask: 0x1f [ 136.292] (==) FontPath set to: catalogue:/etc/X11/fontpath.d, built-ins [ 136.292] (==) ModulePath set to "/usr/lib64/xorg/modules" [ 136.292] (II) The server relies on udev to provide the list of input devices. If no devices become available, reconfigure udev or disable AutoAddDevices. [ 136.292] (II) Loader magic: 0x81ce00 [ 136.292] (II) Module ABI versions: [ 136.292]X.Org ANSI C Emulation: 0.4 [ 136.292]X.Org Video Driver: 20.0 [ 136.292]X.Org XInput driver : 22.1 [ 136.292]X.Org Server Extension : 9.0 [ 136.292] (++) using VT number 6 [ 136.292] (II) systemd-logind: logind integration requires -keeptty and -keeptty was not provided, disabling logind integration [ 136.396] (--) PCI:*(0:1:0:0) 10de:1be1:1025:1131 rev 161, Mem @ 0x6400/16777216, 0x5000/268435456, 0x6000/33554432, I/O @ 0x5000/128, BIOS @ 0x/524288 [ 136.396] (II) LoadModule: "glx" [ 136.397] (II) Loading /usr/lib64/xorg/modules/extensions/libglx.so [ 136.426] (II) Module glx: vendor="X.Org Foundation" [ 136.426]compiled for 1.18.3, module version = 1.0.0 [ 136.426]ABI
[qubes-users] "Restricted" applications launchable from AppVM via terminal?
Hi all, I'm not sure whether anyone else has noticed this, if this is a feature/bug, or if I'm simply misunderstanding what should be occuring, but I noticed that despite ostensibly restricting applications from running within a given VM via Qubes Manager by curating the "Selected" application list (VM settings > applications > 'Available' / 'Selected'), I'm still able to launch whatever arbitrary application from the command line. Is this intentional? Best, TN Sent with [ProtonMail](https://protonmail.com) Secure Email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/SdiNC9lWymfNDuYJumFOmHgbb8p74CWAZMbvyCB6rhyaTLxtq6T7Xah8SPQuIC90iB1lKSmGTNQ8cu9vfzM8DpVYhJfAu6oZoNmz6eo0lMg%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] No longer displays attached external hdd
On Wed, 7 Jun 2017 at 10:34, Unman wrote: > On Wed, Jun 07, 2017 at 03:22:21PM +, Christopher Thacker wrote: > > If I create an "USB" Qube then does that mean I could only use USB > storage > > devices on that particular USB Qube? > > > > I tried another USB device and got the same result, so I know it must be > > some system setting and not a faulty hardware issue. > > > > Thank you! > > > > > > On Wed, 7 Jun 2017 at 08:41, Unman wrote: > > > > > On Wed, Jun 07, 2017 at 12:25:52PM +, Christopher Thacker wrote: > > > > Hi Franz, > > > > > > > > Yes I saw that link earlier but didn't understand it. > > > > > > > > The link states ". . . Simply insert your USB drive, right-click on > the > > > > desired qube in the Qubes VM Manager list, click *Attach/detach block > > > > devices*, and select your desired action and device." > > > > > > > > That is what I always did on my old Qubes 2 system and it worked. It > > > > worked on my new Qubes 3.2 system until I updated it. After > updating, > > > the > > > > "Attach / Detach block devices" was "greyed out" which prevented me > from > > > > selecting it. > > > > > > > > I suspect this is a simple fix that I overlooked but I would > appreciate > > > any > > > > help. > > > > > > > > Thank you. > > > > > > > > > > > > On Tue, 6 Jun 2017 at 23:28, Franz <169...@gmail.com> wrote: > > > > > > > > > On Tue, Jun 6, 2017 at 11:32 PM, Christopher Thacker < > > > > > cathacke...@gmail.com> wrote: > > > > > > > > > >> I installed Qubes 3.2 (default Fedora) and it easily detected my > > > external > > > > >> hdd and let me attach and mount it. I used it as I normally > would. > > > > >> > > > > >> I applied the updates for the whole system and discovered that > Qubes > > > now > > > > >> does not detect my external hdd. This holds true even if I > restart or > > > > >> shutdown then start. > > > > >> > > > > >> Now if I plugin my external hdd, the option to attach to a Qube is > > > > >> "greyed out". Again this holds true even after restarts and > > > shutdowns. > > > > >> > > > > >> This is very puzzling and frustrating but I couldn't find any > > > literature > > > > >> to help me. I would appreciate any help. > > > > >> > > > > >> > > > > > Have you seen this: https://www.qubes-os.org/doc/usb/ > > > > > Best > > > > > Fran > > > > > > > > > > > > > > > > > > > >> Any thoughts? > > > > >> > > > > > > Do you have a usb qube? If not try creating one. It could be that usb > > > devices are now hidden from dom0, and you havent started a qube which > > > will proxy them to the system. > > > > > -- > > Could you try to avoid top posting? It makes the flow difficu;t to > follow. > > No, if you create a USB qube you will then be able to attach devices to > other > qubes as you did before. The advantage is that you reduce the risk of > dom0 compromise. > (I cant guarantee this is your problem, but it does seem likely.) Sorry, I don't understand. Do you mean write here instead of at the top? Thanks! > > -- -- Christopher Thacker -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANpb_zXghi2YU-3Vgvutn-Z7XXe_rgc%2BKbXZ7HX%3D1R2Zc7BHLw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root
Boot-time race condition sounds plausibly: * It could explain not having this issue on my old laptop (SSD+HDD mix – Debian's root.img stored on SSD, volatile.img stored on HDD) and having the issue on the new one (SSD only), despite having almost the same config. (But I've performed a clean install, so I can't exclude other influences.) * The VM it works with has somewhat larger /rw/config/rc.local. It performs various tasks (installing some VM-specific software, adding a new trusted CA, enabling and starting few services etc.), none of them is directly related to environment variables. So, maybe either some load or delay in rc.local causes the race condition to be won. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/327dc031-042e-42a8-97c8-6bfe9be70604%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to stop sys-whonix and sys-firewall from starting on boot?
I have already disabled that option on the VM's settings and I have also disabled automatic updates on Qubes Manager general settings but nothing changed. Any ideas? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df4fce9e1bb779c680f1d149de2627cf%40grrlz.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Hadrware Requirement List
On 06/07/2017 10:43 AM, Blackcat wrote: i just check my hardware list but i can't not found it, this is my laptop specification: ASUS S451LB Intel Core i3-4010U CPU 1.7Ghzx4 core NVIDIA 740M RAM 8 Gb Whether support to install single boot Qubes OS :D best regards The CPU is probably OK. But if you can turn off NVIDIA in BIOS (switch to Intel HD graphics) there is a better chance Qubes will work. A Qubes Live DVD/USB distro is available for download and booting it will give you an indication of compatibility with your system. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/458aa6bd-1fe1-6230-761b-67bb64476f14%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root
On 06/07/2017 12:31 PM, Vít Šesták wrote: I have the same kernel version, AppArmor default (haven't bothered about it) and VM connected to sys-firewall. To clarify, apparmor is enabled in kernelopts, but not inside the template. I doubt its affecting this issue, though. To make it even more strange, when I changed the command to run in a debian-8-based AppVM instead of the debian-8 itself, I realized there is some VM it works in. But it does not work in some other VMs based on the template. I have no idea why it behaves this way… Sounds like it might be a race condition... -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d275b99c-ce15-93a4-71f2-229a8fcc%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: No login after reverting to btrfs snapshot
Thanks for the notes! Looks like UEFI (which I don't use) adds an extra wrinkle to the issue. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/710a1a85-df0d-1be2-74b0-0df09db705e4%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VM refused to give back memory in dom0 ?
This is just a random thing, no need to reboot the VM when I see this ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc89d993-caf9-575d-dd78-c3ad95bced7e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Documentation for upgrading Fedora 23 to 24
On Wednesday, June 7, 2017 at 12:33:31 PM UTC-5, Patrick Bouldin wrote: > Hi, I started with a fresh install of Qubes 3.2 > > Then I upgraded dom0 > > Then I decided to upgrade fedora-23 to fedora-24 using the steps here: > > https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ > > > I followed the "summary" instructions at the top. Then I decided to remove > fedora-23 from the system and added in some of the commands from the detail. > > This caused the image of fedora-24 to disappear as well. Note, one command I > used was: > > sudo dnf remove qubes-template-fedora-23 (and indeed I ensured I typed 23, > not 24). > > > When launching the VM it indicated there was no image file. > > So I'm doing this all over, loading a new Qubes. Question though, can someone > please edit these instructions to include deleting fedora-23 properly? > > They are: > > [user@dom0 ~]$ qvm-clone fedora-23 fedora-24 > [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img > [user@dom0 ~]$ qvm-run -a fedora-24 gnome-terminal > [user@dom0 ~]$ qvm-block -A fedora-24 > dom0:/var/tmp/template-upgrade-cache.img > [user@fedora-24 ~]$ sudo mkfs.ext4 /dev/xvdi > [user@fedora-24 ~]$ sudo mount /dev/xvdi /mnt/removable > [user@fedora-24 ~]$ sudo dnf clean all > [user@fedora-24 ~]$ sudo dnf --releasever=24 > --setopt=cachedir=/mnt/removable distro-sync > > (Shut down TemplateVM by any normal means.) > > [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img > [user@dom0 ~]$ qvm-trim-template fedora-24 > > Thanks, > Patrick Update - I started again and I'd imagine I did something wrong, so I suggest the following update at the top of the upgrade page: Experienced users - use Summary, otherwise use detailed instructions. In the detailed instructions I'd suggest adding: (Recommended - After upgrading the Fedora 24 (from the Fedora 23 clone), clone the new Fedora 24 to a copy - and THEN continue with clean up steps. Thanks, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8613dc37-0cd9-4228-8f53-28f6e3120254%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Weird SSL issues
On 06/07/2017 08:43 AM, Bernhard wrote: >> Hello Qubes community! >> >> I have a weird issue with SSL (HTTPS) access. >> >> Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal sys-firewall. >> Any app-vm running Fedora 24 or Debian 9 (have not tested any other) have >> issues connecting to https sites with Chrome, Chromium or Firefox-esr. >> Sometimes it works, sometimes not... >> >> I have tested on numerous wired and wireless network with the same result.. >> >> Please help me figure this out! >> >> Dominique >> > Hello, I sometimes have SSL issues that all from the fact that the time > in the appvm are wrong (sometimes even in the future) - although dom0 is > accurately set up. If you have a cure to that (especially for debian) I > am interested ... maybe you experience the same problem? Bernhard > Are you running kernel 4.9.29 from current-testing? There's a workaround in this thread here: https://github.com/QubesOS/qubes-issues/issues/2840#issuecomment-305938895 And it should be fixed in the next kernel release. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oh9geh%24bt2%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Documentation for upgrading Fedora 23 to 24
Hi, I started with a fresh install of Qubes 3.2 Then I upgraded dom0 Then I decided to upgrade fedora-23 to fedora-24 using the steps here: https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ I followed the "summary" instructions at the top. Then I decided to remove fedora-23 from the system and added in some of the commands from the detail. This caused the image of fedora-24 to disappear as well. Note, one command I used was: sudo dnf remove qubes-template-fedora-23 (and indeed I ensured I typed 23, not 24). When launching the VM it indicated there was no image file. So I'm doing this all over, loading a new Qubes. Question though, can someone please edit these instructions to include deleting fedora-23 properly? They are: [user@dom0 ~]$ qvm-clone fedora-23 fedora-24 [user@dom0 ~]$ truncate -s 5GB /var/tmp/template-upgrade-cache.img [user@dom0 ~]$ qvm-run -a fedora-24 gnome-terminal [user@dom0 ~]$ qvm-block -A fedora-24 dom0:/var/tmp/template-upgrade-cache.img [user@fedora-24 ~]$ sudo mkfs.ext4 /dev/xvdi [user@fedora-24 ~]$ sudo mount /dev/xvdi /mnt/removable [user@fedora-24 ~]$ sudo dnf clean all [user@fedora-24 ~]$ sudo dnf --releasever=24 --setopt=cachedir=/mnt/removable distro-sync (Shut down TemplateVM by any normal means.) [user@dom0 ~]$ rm /var/tmp/template-upgrade-cache.img [user@dom0 ~]$ qvm-trim-template fedora-24 Thanks, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/17ed711d-05fa-40e4-8af7-4e1e61d53c63%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Wed, Jun 7, 2017 at 11:28 AM, pixel fairy wrote: > On Wednesday, June 7, 2017 at 5:39:31 AM UTC-7, Francesco wrote: > > > > Thanks. That is interesting. Once I set up a proxyvm for vpn and it was > working, but I was following some instructions. What I would need is to > leave an appVM open without nat, without firewall, just as it would be with > a standard non-Qubes linux distribution with IPv6 working. Any idea how to > do that? > > just run the tunnel client in that appvm. > > if you need to install it to the templatevm, clone the templatevm to > something like fedora24-ipv6, add the tunnel client to the new templatevm, > then set that as the template of the appvm that needs it. > > Many thanks pixel fairy, but the tunnel is not supposed to work behind a nat and I understand that Qubes VMs access network through a nat. Am I wrong? Best Fran > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/3d7e3d9c-90dc-421f-9f56-9e5acb590c0a%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAC-mQdV4xYbBvN%2BGywm6837iNX3HdJU8XntgjgaCWZ2A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: No login after reverting to btrfs snapshot
Thanks again for all your precious hints, Chris. It took me while to get that problem straight. Most helpful haven been: https://github.com/QubesOS/qubes-issues/issues/1871 https://btrfs.wiki.kernel.org/index.php/SysadminGuide#Snapshots Here are my notes to solve the problem of making and rolling back a btrfs snapshot after updating dom0 (in Emacs org-mode format): * Qubes ** Install on btrfs *** Manual partitioning In order to select btrfs as the root filesystem you have to select"Manual Partitioning". However selecting btrfs is not so easy. You have to follow this contrived avenue: 1. Select "Automatic partitioning" first and go thru the procedure until you're back to the main installation screen. 2. Select "Manual partitioning". In the dropdown select "btrfs". Then click on the link above to create the partitions. *** Later during installation During the installation we are dropped into a shell due to missing rootflags in xen.cfg. To fix this temporarily: # Make our btrfs system writable $>mount -o remount,rw /sysroot # List all subvolumes. Write down the ID for the 'root' subvolume. For me it was 257 $>btrfs subvolume list /sysroot # Change default subvolume to 'root'. Change 257 to whatever you got from the previous command $>btrfs subvolume set-default 257 /sysroot # Make sure the change was applied $>btrfs subvolume get-default /sysroot # Unmount and reboot into a working system $>umount /sysroot # Reboot the system *** After finishing the installation Reset the btrfs default subvolume to the top-level subvolume (ID 5) $>sudo btrfs subvolume set-default 5 / Edit /boot/efi/EFI/qubes/xen.cfg Add the following to the kernel line(s) rootflags=subvol=root Do NOT set the subvolid! It would make things harder down the road. Edit /etc/fstab Copy the line that mounts to / and contains the option subvol=root. On the copied line change / to /top-level and subvol=root to subvol=/ This will allow us to access the top-level subvolume again. We'll need that to move around snapshots. Add the mount point for the top-level subvolume $>sudo mkdir /top-level *** Make a snapshot, e.g. before updating dom0 First, let's have a look at our subvolumes. $>sudo btrfs subvolume list / ID 257 top level 5 path root ID 274 top level 257 path var/lib/machines As level 257 indicates in the second line, the subvolume var/lib/machines is nested in subvolume root. Nested subvolumes are NOT snapshot when snapshotting their parent. Hence we need not only snapshot subvolume root, but also subvolume var/lib/machines to be able to rollback: # Snapshot subvolume root $>sudo btrfs subvolume snapshot /top-level/root /top-level/before-update # Remove the empty directory from the snapshot $>sudo rm -rf /top-level/before-update/var/lib/machines # Snapshot the nested subvolume var/lib/machines $>sudo btrfs subvolume snapshot /var/lib/machines \ /top-level/before-update/var/lib/machines Don't forget to note the kernel you are currently booting. *** Rollback a snapshot, e.g. after a dom0 update went havoc Let's assume we have the above created snapshots. Do NOT set the default subvolume to the snapshot. Instead use 'mv'. Move snapshot into place # Move subvolume var/lib/machines out of the way $>sudo mv /top-level/root/var/lib/machines \ /top-level/root/var/lib/machines.old # Move subvolume root out of the way $>sudo mv /top-level/root /top-level/root.old # Rollback the snapshot into root's place $>sudo mv /top-level/before-update /top-level/root NOTABENE: MAKE SURE YOU'LL BOOT THE CORRECT KERNEL In the context of rolling back a snapshot after updating dom0, it might have occured that the dom0 update installed a newer kernel, thus modifying the xen.cfg. After rolling back the snapshot you must therefore make sure that you'll boot into the pre-update kernel next time. Hopefully, you noted the kernel used before the dom0 update! So, edit /boot/efi/EFI/qubes/xen.cfg to point the default back to the right kernel! Now you're ready to reboot. Hope that helps. Thanks, Bodo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b7c951b9-6df8-444b-8651-eaa52feec3a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root
I have the same kernel version, AppArmor default (haven't bothered about it) and VM connected to sys-firewall. To make it even more strange, when I changed the command to run in a debian-8-based AppVM instead of the debian-8 itself, I realized there is some VM it works in. But it does not work in some other VMs based on the template. I have no idea why it behaves this way… Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d02fec2-0196-4534-9fa8-0f54b43b55ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Weird SSL issues
On Wednesday, June 7, 2017 at 12:57:35 PM UTC-2:30, Unman wrote: > On Wed, Jun 07, 2017 at 04:43:18PM +0200, Bernhard wrote: > > > > > Hello Qubes community! > > > > > > I have a weird issue with SSL (HTTPS) access. > > > > > > Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal > > > sys-firewall. Any app-vm running Fedora 24 or Debian 9 (have not tested > > > any other) have issues connecting to https sites with Chrome, Chromium or > > > Firefox-esr. Sometimes it works, sometimes not... > > > > > > I have tested on numerous wired and wireless network with the same result. > > > > > > Please help me figure this out! > > > > > > Dominique > > > > > Hello, I sometimes have SSL issues that all from the fact that the time > > in the appvm are wrong (sometimes even in the future) - although dom0 is > > accurately set up. If you have a cure to that (especially for debian) I > > am interested ... maybe you experience the same problem? Bernhard > > > > Dominique > > Is this something new, or have you always had this problem? > > Have you updated your kernel in the VMs? If so, there's a known issue > affecting SSL. Try changing the kernel that you are using in the qubes > to an earlier version and see if that helps. > > unman Thanks for the quick answer. Do I change the kernel in the sys-net / sys-firewall or on the app-vm or both? Thanks Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b29a0d8d-bb9a-400b-9556-17867112e8a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] No longer displays attached external hdd
On Wed, Jun 07, 2017 at 03:22:21PM +, Christopher Thacker wrote: > If I create an "USB" Qube then does that mean I could only use USB storage > devices on that particular USB Qube? > > I tried another USB device and got the same result, so I know it must be > some system setting and not a faulty hardware issue. > > Thank you! > > > On Wed, 7 Jun 2017 at 08:41, Unman wrote: > > > On Wed, Jun 07, 2017 at 12:25:52PM +, Christopher Thacker wrote: > > > Hi Franz, > > > > > > Yes I saw that link earlier but didn't understand it. > > > > > > The link states ". . . Simply insert your USB drive, right-click on the > > > desired qube in the Qubes VM Manager list, click *Attach/detach block > > > devices*, and select your desired action and device." > > > > > > That is what I always did on my old Qubes 2 system and it worked. It > > > worked on my new Qubes 3.2 system until I updated it. After updating, > > the > > > "Attach / Detach block devices" was "greyed out" which prevented me from > > > selecting it. > > > > > > I suspect this is a simple fix that I overlooked but I would appreciate > > any > > > help. > > > > > > Thank you. > > > > > > > > > On Tue, 6 Jun 2017 at 23:28, Franz <169...@gmail.com> wrote: > > > > > > > On Tue, Jun 6, 2017 at 11:32 PM, Christopher Thacker < > > > > cathacke...@gmail.com> wrote: > > > > > > > >> I installed Qubes 3.2 (default Fedora) and it easily detected my > > external > > > >> hdd and let me attach and mount it. I used it as I normally would. > > > >> > > > >> I applied the updates for the whole system and discovered that Qubes > > now > > > >> does not detect my external hdd. This holds true even if I restart or > > > >> shutdown then start. > > > >> > > > >> Now if I plugin my external hdd, the option to attach to a Qube is > > > >> "greyed out". Again this holds true even after restarts and > > shutdowns. > > > >> > > > >> This is very puzzling and frustrating but I couldn't find any > > literature > > > >> to help me. I would appreciate any help. > > > >> > > > >> > > > > Have you seen this: https://www.qubes-os.org/doc/usb/ > > > > Best > > > > Fran > > > > > > > > > > > > > > > >> Any thoughts? > > > >> > > > > Do you have a usb qube? If not try creating one. It could be that usb > > devices are now hidden from dom0, and you havent started a qube which > > will proxy them to the system. > > > -- Could you try to avoid top posting? It makes the flow difficu;t to follow. No, if you create a USB qube you will then be able to attach devices to other qubes as you did before. The advantage is that you reduce the risk of dom0 compromise. (I cant guarantee this is your problem, but it does seem likely.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607153410.GC2853%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Shortcut stop working in Standalone VM
On Wed, Jun 07, 2017 at 08:05:22AM -0700, joffjo...@gmail.com wrote: > Den onsdag 7 juni 2017 kl. 15:56:03 UTC+2 skrev Unman: > > On Wed, Jun 07, 2017 at 05:18:06AM -0700, joffjo...@gmail.com wrote: > > > When I try to start an app from the shortcut menu for my standalone VM > > > the application is not starting. Quebes starts the VM. I did a sudo apt > > > auto-remove in the VM and I think it might be the cause of the shortcut > > > breaking. > > > > > > > Try opening a terminal and starting the application from there. If you > > DID remove the application you can always reinstall. > > All applications do still work, it is just the shortcut in the application > menu that broke. You can use Alt+F3 to sinmply edit the shortcuts - have a look to see what you are actually calling, and then try running the same command from a terminal in dom0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607153058.GB2853%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Weird SSL issues
On Wed, Jun 07, 2017 at 04:43:18PM +0200, Bernhard wrote: > > > Hello Qubes community! > > > > I have a weird issue with SSL (HTTPS) access. > > > > Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal > > sys-firewall. Any app-vm running Fedora 24 or Debian 9 (have not tested any > > other) have issues connecting to https sites with Chrome, Chromium or > > Firefox-esr. Sometimes it works, sometimes not... > > > > I have tested on numerous wired and wireless network with the same result. > > > > Please help me figure this out! > > > > Dominique > > > Hello, I sometimes have SSL issues that all from the fact that the time > in the appvm are wrong (sometimes even in the future) - although dom0 is > accurately set up. If you have a cure to that (especially for debian) I > am interested ... maybe you experience the same problem? Bernhard > Dominique Is this something new, or have you always had this problem? Have you updated your kernel in the VMs? If so, there's a known issue affecting SSL. Try changing the kernel that you are using in the qubes to an earlier version and see if that helps. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607152733.GA2853%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] No longer displays attached external hdd
If I create an "USB" Qube then does that mean I could only use USB storage devices on that particular USB Qube? I tried another USB device and got the same result, so I know it must be some system setting and not a faulty hardware issue. Thank you! On Wed, 7 Jun 2017 at 08:41, Unman wrote: > On Wed, Jun 07, 2017 at 12:25:52PM +, Christopher Thacker wrote: > > Hi Franz, > > > > Yes I saw that link earlier but didn't understand it. > > > > The link states ". . . Simply insert your USB drive, right-click on the > > desired qube in the Qubes VM Manager list, click *Attach/detach block > > devices*, and select your desired action and device." > > > > That is what I always did on my old Qubes 2 system and it worked. It > > worked on my new Qubes 3.2 system until I updated it. After updating, > the > > "Attach / Detach block devices" was "greyed out" which prevented me from > > selecting it. > > > > I suspect this is a simple fix that I overlooked but I would appreciate > any > > help. > > > > Thank you. > > > > > > On Tue, 6 Jun 2017 at 23:28, Franz <169...@gmail.com> wrote: > > > > > On Tue, Jun 6, 2017 at 11:32 PM, Christopher Thacker < > > > cathacke...@gmail.com> wrote: > > > > > >> I installed Qubes 3.2 (default Fedora) and it easily detected my > external > > >> hdd and let me attach and mount it. I used it as I normally would. > > >> > > >> I applied the updates for the whole system and discovered that Qubes > now > > >> does not detect my external hdd. This holds true even if I restart or > > >> shutdown then start. > > >> > > >> Now if I plugin my external hdd, the option to attach to a Qube is > > >> "greyed out". Again this holds true even after restarts and > shutdowns. > > >> > > >> This is very puzzling and frustrating but I couldn't find any > literature > > >> to help me. I would appreciate any help. > > >> > > >> > > > Have you seen this: https://www.qubes-os.org/doc/usb/ > > > Best > > > Fran > > > > > > > > > > > >> Any thoughts? > > >> > > Do you have a usb qube? If not try creating one. It could be that usb > devices are now hidden from dom0, and you havent started a qube which > will proxy them to the system. > -- -- Christopher Thacker -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANpb_zUr%2BAopKqgZAa7VzbyuqBhjxZ84y3Qugea-ihoAYD6TQw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Shortcut stop working in Standalone VM
Den onsdag 7 juni 2017 kl. 15:56:03 UTC+2 skrev Unman: > On Wed, Jun 07, 2017 at 05:18:06AM -0700, joffjo...@gmail.com wrote: > > When I try to start an app from the shortcut menu for my standalone VM the > > application is not starting. Quebes starts the VM. I did a sudo apt > > auto-remove in the VM and I think it might be the cause of the shortcut > > breaking. > > > > Try opening a terminal and starting the application from there. If you > DID remove the application you can always reinstall. All applications do still work, it is just the shortcut in the application menu that broke. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b470db84-8356-46b0-9d30-253639522385%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Weird SSL issues
> Hello Qubes community! > > I have a weird issue with SSL (HTTPS) access. > > Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal sys-firewall. > Any app-vm running Fedora 24 or Debian 9 (have not tested any other) have > issues connecting to https sites with Chrome, Chromium or Firefox-esr. > Sometimes it works, sometimes not... > > I have tested on numerous wired and wireless network with the same result. > > Please help me figure this out! > > Dominique > Hello, I sometimes have SSL issues that all from the fact that the time in the appvm are wrong (sometimes even in the future) - although dom0 is accurately set up. If you have a cure to that (especially for debian) I am interested ... maybe you experience the same problem? Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/790483d5-87ae-e2e2-9f25-d1b30bade364%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Hadrware Requirement List
i just check my hardware list but i can't not found it, this is my laptop specification: ASUS S451LB Intel Core i3-4010U CPU 1.7Ghzx4 core NVIDIA 740M RAM 8 Gb Whether support to install single boot Qubes OS :D best regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b88be1c-7920-4816-addf-f80e530ba4fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Active tasks in sys-net
Hi all Recently I have installed Qubes and started to read some docs but haven't found an answer to this. I would know if there are applications or tasks in sys-net/sys-firewall that benefit of internet connection, because I see an active internet transmission before I begin to surf. Thanks, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607144310.DE24AA0032%40smtp.hushmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Weird SSL issues
Hello Qubes community! I have a weird issue with SSL (HTTPS) access. Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal sys-firewall. Any app-vm running Fedora 24 or Debian 9 (have not tested any other) have issues connecting to https sites with Chrome, Chromium or Firefox-esr. Sometimes it works, sometimes not... I have tested on numerous wired and wireless network with the same result. Please help me figure this out! Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/db501baf-181e-4aea-a13c-d80da03fde14%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to restart qubes-guid after a OOM?
Hi, I'm using i3, and sometimes, after start a lot a VM, oomkiller kill my session, I'm redirect to lightdm, when I reconnect me, all vms in qubes-manager are yellow, not green. I tried "qvm-run --all true" but this doesn't help me, openned windows not come back. How can I manage this issue without lose, if I don't want to reboot? Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d7ec9aff-edb7-490c-a6b5-f1a72d16cc93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Wednesday, June 7, 2017 at 5:39:31 AM UTC-7, Francesco wrote: > > Thanks. That is interesting. Once I set up a proxyvm for vpn and it was > working, but I was following some instructions. What I would need is to leave > an appVM open without nat, without firewall, just as it would be with a > standard non-Qubes linux distribution with IPv6 working. Any idea how to do > that? just run the tunnel client in that appvm. if you need to install it to the templatevm, clone the templatevm to something like fedora24-ipv6, add the tunnel client to the new templatevm, then set that as the template of the appvm that needs it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d7e3d9c-90dc-421f-9f56-9e5acb590c0a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What is /var/lib/machines for?
On Wednesday, June 7, 2017 at 4:03:02 PM UTC+2, Unman wrote: > On Wed, Jun 07, 2017 at 06:43:13AM -0700, schulzebodo via qubes-users wrote: > > While trying to wrap my head around rolling back btrfs snapshots in dom0, I > > came across subvolume var/lib/machines whose parent subvolume is root. > > Could anybody please explain what this subvolume is for? Is it used at all? > > I'm asking because the Qubes VMs actually live in /var/lib/qubes. > > > > Thanks, > > Bodo > > > > It's not Qubes related - it's for containers - systemd will look here > for nspawn, for example. Thanks for the quick answer! Bodo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/442f6921-3dc5-458c-9e04-5daa1180ac87%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Major problem after trying to set up wireless connection
On Wednesday, June 7, 2017 at 12:17:00 PM UTC+1, barber...@gmail.com wrote: > Ok let me start off by saying I am new to qubes. I have been enjoying using > it for the past month. However I have come across a major problem I > cannot log on to qubes or access any of my vm's after trying to enable wifi. > As my keyboard and mouse have been disabled and I cannot enter user password. > > Let me try and explain the problem in full here > > So I was following this tutorial on youtube > https://www.youtube.com/watch?v=qFwbQ06h8Qo > > from internet.me who I found to be very informative. Unfortunately for me > when the msgbox appeared saying "do you allow domain sys-usb to execute > qubes.InputMouse operation on the domain "dom 0" everything freezes > permenantly and I cannot use keyboard or mouse any more. > > Eventually I restart machine and cannot input disk password however when I > remove the hide_all_usb section from the grub I can now enter disk password > but cannot enter the user password that follows. I am stuck here and cannot > access any of my information which is important to my work. I have tried > using a PS2 keyboard but have had no success. I have tried googling similar > problems but they all assume I can access the dom0 domain. I would greatly > appreciate any assistance anyone could provide. oh and I definitely did set the policy to allow...and I have removed usbs and reinserted them...so Im not sure how this happened in the first place -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/94e848b0-753c-4b41-b6a6-157d270d25e4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What is /var/lib/machines for?
On Wed, Jun 07, 2017 at 06:43:13AM -0700, schulzebodo via qubes-users wrote: > While trying to wrap my head around rolling back btrfs snapshots in dom0, I > came across subvolume var/lib/machines whose parent subvolume is root. Could > anybody please explain what this subvolume is for? Is it used at all? I'm > asking because the Qubes VMs actually live in /var/lib/qubes. > > Thanks, > Bodo > It's not Qubes related - it's for containers - systemd will look here for nspawn, for example. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607140259.GE1448%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Major problem after trying to set up wireless connection
On Wednesday, June 7, 2017 at 2:53:45 PM UTC+1, Unman wrote: > On Wed, Jun 07, 2017 at 04:17:00AM -0700, barberdai...@gmail.com wrote: > > Ok let me start off by saying I am new to qubes. I have been enjoying using > > it for the past month. However I have come across a major problem I > > cannot log on to qubes or access any of my vm's after trying to enable > > wifi. As my keyboard and mouse have been disabled and I cannot enter user > > password. > > > > Let me try and explain the problem in full here > > > > So I was following this tutorial on youtube > > https://www.youtube.com/watch?v=qFwbQ06h8Qo > > > > from internet.me who I found to be very informative. Unfortunately for me > > when the msgbox appeared saying "do you allow domain sys-usb to execute > > qubes.InputMouse operation on the domain "dom 0" everything freezes > > permanently and I cannot use keyboard or mouse any more. > > > > Eventually I restart machine and cannot input disk password however when I > > remove the hide_all_usb section from the grub I can now enter disk password > > but cannot enter the user password that follows. I am stuck here and cannot > > access any of my information which is important to my work. I have tried > > using a PS2 keyboard but have had no success. I have tried googling similar > > problems but they all assume I can access the dom0 domain. I would greatly > > appreciate any assistance anyone could provide. > > > > It sounds to me as if you have not succeeded in having the sys-usb > proxy mouse and keyboard to dom0. I think that was covered in the video > where he sets the policy to "allow" - obviously you didn't follow this > step. > If you think you DID do this, try unplugging and replugging the mouse > and keyboard to see if you can get one or other working. If you just get > that prompt, you didn't configure policy correctly. > > You don't say why a PS2 keyboard doesn't work - it should. Do you get any > response to key presses? (Lights coming on etc?) > I don't know what level of competence in Linux you have, (as opposed to > Qubes). You could boot from a live usb, and stop sys-usb from starting: > this would at least allow you back in and you would be able to > configure the box correctly. Thanks so much for response, much appreciated. I tried to use usb to ps2 adapter for keyboard which I thought should work but did not. I will try and get my hands on a PS2 keyboard tomorrow and see if it is successful. I will update info once this is complete. Thanks again -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7410afe-46c5-4f45-b3d8-2cf87663a9a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: File shortcut missing
I solved the Problem. Somehow, Nautilus was missing?! i dont know how this could be possible, since i'd never uninstall Nautilus. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/80f6e71e-9604-4495-b40c-b47d9427531e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Shortcut stop working in Standalone VM
On Wed, Jun 07, 2017 at 05:18:06AM -0700, joffjo...@gmail.com wrote: > When I try to start an app from the shortcut menu for my standalone VM the > application is not starting. Quebes starts the VM. I did a sudo apt > auto-remove in the VM and I think it might be the cause of the shortcut > breaking. > Try opening a terminal and starting the application from there. If you DID remove the application you can always reinstall. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607135601.GD1448%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Major problem after trying to set up wireless connection
On Wed, Jun 07, 2017 at 04:17:00AM -0700, barberdai...@gmail.com wrote: > Ok let me start off by saying I am new to qubes. I have been enjoying using > it for the past month. However I have come across a major problem I > cannot log on to qubes or access any of my vm's after trying to enable wifi. > As my keyboard and mouse have been disabled and I cannot enter user password. > > Let me try and explain the problem in full here > > So I was following this tutorial on youtube > https://www.youtube.com/watch?v=qFwbQ06h8Qo > > from internet.me who I found to be very informative. Unfortunately for me > when the msgbox appeared saying "do you allow domain sys-usb to execute > qubes.InputMouse operation on the domain "dom 0" everything freezes > permanently and I cannot use keyboard or mouse any more. > > Eventually I restart machine and cannot input disk password however when I > remove the hide_all_usb section from the grub I can now enter disk password > but cannot enter the user password that follows. I am stuck here and cannot > access any of my information which is important to my work. I have tried > using a PS2 keyboard but have had no success. I have tried googling similar > problems but they all assume I can access the dom0 domain. I would greatly > appreciate any assistance anyone could provide. > It sounds to me as if you have not succeeded in having the sys-usb proxy mouse and keyboard to dom0. I think that was covered in the video where he sets the policy to "allow" - obviously you didn't follow this step. If you think you DID do this, try unplugging and replugging the mouse and keyboard to see if you can get one or other working. If you just get that prompt, you didn't configure policy correctly. You don't say why a PS2 keyboard doesn't work - it should. Do you get any response to key presses? (Lights coming on etc?) I don't know what level of competence in Linux you have, (as opposed to Qubes). You could boot from a live usb, and stop sys-usb from starting: this would at least allow you back in and you would be able to configure the box correctly. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607135342.GC1448%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] What is /var/lib/machines for?
While trying to wrap my head around rolling back btrfs snapshots in dom0, I came across subvolume var/lib/machines whose parent subvolume is root. Could anybody please explain what this subvolume is for? Is it used at all? I'm asking because the Qubes VMs actually live in /var/lib/qubes. Thanks, Bodo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41c2698d-0427-4b64-8bbb-cfbf58ef9c22%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] No longer displays attached external hdd
On Wed, Jun 07, 2017 at 12:25:52PM +, Christopher Thacker wrote: > Hi Franz, > > Yes I saw that link earlier but didn't understand it. > > The link states ". . . Simply insert your USB drive, right-click on the > desired qube in the Qubes VM Manager list, click *Attach/detach block > devices*, and select your desired action and device." > > That is what I always did on my old Qubes 2 system and it worked. It > worked on my new Qubes 3.2 system until I updated it. After updating, the > "Attach / Detach block devices" was "greyed out" which prevented me from > selecting it. > > I suspect this is a simple fix that I overlooked but I would appreciate any > help. > > Thank you. > > > On Tue, 6 Jun 2017 at 23:28, Franz <169...@gmail.com> wrote: > > > On Tue, Jun 6, 2017 at 11:32 PM, Christopher Thacker < > > cathacke...@gmail.com> wrote: > > > >> I installed Qubes 3.2 (default Fedora) and it easily detected my external > >> hdd and let me attach and mount it. I used it as I normally would. > >> > >> I applied the updates for the whole system and discovered that Qubes now > >> does not detect my external hdd. This holds true even if I restart or > >> shutdown then start. > >> > >> Now if I plugin my external hdd, the option to attach to a Qube is > >> "greyed out". Again this holds true even after restarts and shutdowns. > >> > >> This is very puzzling and frustrating but I couldn't find any literature > >> to help me. I would appreciate any help. > >> > >> > > Have you seen this: https://www.qubes-os.org/doc/usb/ > > Best > > Fran > > > > > > > >> Any thoughts? > >> Do you have a usb qube? If not try creating one. It could be that usb devices are now hidden from dom0, and you havent started a qube which will proxy them to the system. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607134119.GB1448%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On 06/07/2017 03:37 PM, Unman wrote: > On Wed, Jun 07, 2017 at 09:39:30AM -0300, Franz wrote: >> On Wed, Jun 7, 2017 at 8:53 AM, pixel fairy >> wrote: >> >>> On Tuesday, June 6, 2017 at 11:27:17 PM UTC-7, Alex wrote: >>> If anybody could find/link/remember the reasons why IPv6 was explicitly discarded in a first moment I'd like to re-read that... >>> > [...] > On reasons why IPv6 isnt yet implemented, there are various remarks. > Back in February Marek said: We're not considering having > directly-addressable IPv6 VMs by default (maybe an optional feature, > but not sure if even that). When we'll implement IPv6 support, it > will also use NAT. There are many reasons for that: - not expose VMs > to external traffic by default (even in case of some firewall error, > not allow directly address particular selected VM) - not leak (or at > least make it harder to guess) information about source VM / number > of them (or even the fact of using multiple VMs) - not reconfigure > every VM when user switch to a different network, including plugging > in VPN services etc - the above is especially important in case of > some privacy use cases, to not leak "real" address to the VM > That was the quote I was looking for, thanks Unman. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c1706d4a-1e2d-49c4-dc6c-a7a8214483dc%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Wed, Jun 07, 2017 at 09:39:30AM -0300, Franz wrote: > On Wed, Jun 7, 2017 at 8:53 AM, pixel fairy wrote: > > > On Tuesday, June 6, 2017 at 11:27:17 PM UTC-7, Alex wrote: > > > > > If anybody could find/link/remember the reasons why IPv6 was explicitly > > > discarded in a first moment I'd like to re-read that... > > > > heres the last thread i know of on the subject, https://groups.google.com/ > > forum/?hl=en#!topic/qubes-devel/9WtBiQXvCOY > > > > i believe the current plan is to nat ipv6, probably in v4. > > > > you could probably do the same today from a proxyvm, which should work > > similarly to using one for a vpn. you would also have to set your ipv6 > > firewall rules in this, or another proxyvm chained to that. > > > > > Thanks. That is interesting. Once I set up a proxyvm for vpn and it was > working, but I was following some instructions. What I would need is to > leave an appVM open without nat, without firewall, just as it would be with > a standard non-Qubes linux distribution with IPv6 working. Any idea how to > do that? > Best > Fran > If you search the archive for cjdns, you'll find a thread where someone did have IPv6 working. One issue is sorting the ip6tables, but this is quite straight forward. On reasons why IPv6 isnt yet implemented, there are various remarks. Back in February Marek said: We're not considering having directly-addressable IPv6 VMs by default (maybe an optional feature, but not sure if even that). When we'll implement IPv6 support, it will also use NAT. There are many reasons for that: - not expose VMs to external traffic by default (even in case of some firewall error, not allow directly address particular selected VM) - not leak (or at least make it harder to guess) information about source VM / number of them (or even the fact of using multiple VMs) - not reconfigure every VM when user switch to a different network, including plugging in VPN services etc - the above is especially important in case of some privacy use cases, to not leak "real" address to the VM unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170607133734.GA1448%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] File shortcut missing
Hello, i have a weird problem, the file shortcut of my debian9 template is missing. I dont know wy ore when it was gone, but even after reinstalling the template, its still missing.Since i use the debian-9 template for the download/untrusted vm, this is very uncomfortable. Is there any (easy) way to restore this shortcut.Im realy not afraid of the terminal, but im no programmer either, so if possible please give me the terminal-commands if you do know them already, because i will have to google almost every-one greetings finsh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2538acd3-b4f3-4b3b-b342-36307678e44d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Wed, Jun 7, 2017 at 8:53 AM, pixel fairy wrote: > On Tuesday, June 6, 2017 at 11:27:17 PM UTC-7, Alex wrote: > > > If anybody could find/link/remember the reasons why IPv6 was explicitly > > discarded in a first moment I'd like to re-read that... > > heres the last thread i know of on the subject, https://groups.google.com/ > forum/?hl=en#!topic/qubes-devel/9WtBiQXvCOY > > i believe the current plan is to nat ipv6, probably in v4. > > you could probably do the same today from a proxyvm, which should work > similarly to using one for a vpn. you would also have to set your ipv6 > firewall rules in this, or another proxyvm chained to that. > > Thanks. That is interesting. Once I set up a proxyvm for vpn and it was working, but I was following some instructions. What I would need is to leave an appVM open without nat, without firewall, just as it would be with a standard non-Qubes linux distribution with IPv6 working. Any idea how to do that? Best Fran > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/b5c2033e-4ef9-4b6f-b52a-e9e52de7b24c%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qANcNp7fb5awD1SYew_khj_rJR0MOA_oVzWd4rXsJnVZg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] No longer displays attached external hdd
Hi Franz, Yes I saw that link earlier but didn't understand it. The link states ". . . Simply insert your USB drive, right-click on the desired qube in the Qubes VM Manager list, click *Attach/detach block devices*, and select your desired action and device." That is what I always did on my old Qubes 2 system and it worked. It worked on my new Qubes 3.2 system until I updated it. After updating, the "Attach / Detach block devices" was "greyed out" which prevented me from selecting it. I suspect this is a simple fix that I overlooked but I would appreciate any help. Thank you. On Tue, 6 Jun 2017 at 23:28, Franz <169...@gmail.com> wrote: > On Tue, Jun 6, 2017 at 11:32 PM, Christopher Thacker < > cathacke...@gmail.com> wrote: > >> I installed Qubes 3.2 (default Fedora) and it easily detected my external >> hdd and let me attach and mount it. I used it as I normally would. >> >> I applied the updates for the whole system and discovered that Qubes now >> does not detect my external hdd. This holds true even if I restart or >> shutdown then start. >> >> Now if I plugin my external hdd, the option to attach to a Qube is >> "greyed out". Again this holds true even after restarts and shutdowns. >> >> This is very puzzling and frustrating but I couldn't find any literature >> to help me. I would appreciate any help. >> >> > Have you seen this: https://www.qubes-os.org/doc/usb/ > Best > Fran > > > >> Any thoughts? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "qubes-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to qubes-users+unsubscr...@googlegroups.com. > > >> To post to this group, send email to qubes-users@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/qubes-users/adb7b25d-c221-4534-a485-563a894f7b65%40googlegroups.com >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- -- Christopher Thacker -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANpb_zWbt9L%2Be1ynDFE5rjhiUxZ8dDEkCNfHu%2BBJGh-oNJ1w9w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Shortcut stop working in Standalone VM
When I try to start an app from the shortcut menu for my standalone VM the application is not starting. Quebes starts the VM. I did a sudo apt auto-remove in the VM and I think it might be the cause of the shortcut breaking. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5c2b2f12-fa83-4067-a199-74cb052bc3b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Wednesday, June 7, 2017 at 4:53:09 AM UTC-7, pixel fairy wrote: > i believe the current plan is to nat ipv6, probably in v4. i should clarify, i meant the current plan being to nat ipv6 in qubes-os 4.x, not to make some 4 to 6 translation bridge. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c66d7b83-472a-4277-b4af-e2d9ed8d4485%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Tuesday, June 6, 2017 at 11:27:17 PM UTC-7, Alex wrote: > If anybody could find/link/remember the reasons why IPv6 was explicitly > discarded in a first moment I'd like to re-read that... heres the last thread i know of on the subject, https://groups.google.com/forum/?hl=en#!topic/qubes-devel/9WtBiQXvCOY i believe the current plan is to nat ipv6, probably in v4. you could probably do the same today from a proxyvm, which should work similarly to using one for a vpn. you would also have to set your ipv6 firewall rules in this, or another proxyvm chained to that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b5c2033e-4ef9-4b6f-b52a-e9e52de7b24c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Major problem after trying to set up wireless connection
Ok let me start off by saying I am new to qubes. I have been enjoying using it for the past month. However I have come across a major problem I cannot log on to qubes or access any of my vm's after trying to enable wifi. As my keyboard and mouse have been disabled and I cannot enter user password. Let me try and explain the problem in full here So I was following this tutorial on youtube https://www.youtube.com/watch?v=qFwbQ06h8Qo from internet.me who I found to be very informative. Unfortunately for me when the msgbox appeared saying "do you allow domain sys-usb to execute qubes.InputMouse operation on the domain "dom 0" everything freezes permenantly and I cannot use keyboard or mouse any more. Eventually I restart machine and cannot input disk password however when I remove the hide_all_usb section from the grub I can now enter disk password but cannot enter the user password that follows. I am stuck here and cannot access any of my information which is important to my work. I have tried using a PS2 keyboard but have had no success. I have tried googling similar problems but they all assume I can access the dom0 domain. I would greatly appreciate any assistance anyone could provide. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3bb5e5ca-3c7b-49f0-8ed7-43beee1ba8bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
