[qubes-users] Re: Privacy in Qubes

[Person]

On Tuesday, September 19, 2017 at 11:02:50 AM UTC+8, Person wrote:
> Let's say you have an online identity that you want to keep separate from 
> your personal information. On Qubes, is it possible to keep i information 
> completely separate without physical separation? I have considered using a 
> separate OS virtualized in Qubes, but it may possibly leak the same device 
> data. Multibooting with Qubes is also not the safest idea. 
> 
> What is the best way to keep online information from being traced back to you 
> on Qubes?

Oh, okay. Can this issue can be minimized on Tor or other certain types of 
browsers? Would a certain VPN work? (I normally distrust VPNs, and certain ones 
don't work well with Tor, so I probably will not use VPNs.) 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/910d98ee-72c9-49f8-abc9-f89683ffd5a0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Privacy in Qubes

[Drew White]

On Wednesday, 27 September 2017 06:08:47 UTC+10, Person  wrote:
> About querying the browser directly: 
> How exactly do I change the browser information to prevent such queries? I 
> have Mozilla Firefox in sys-net.

Not possible. It's built into the browser. you would have to rewrite it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7c0ae8ef-35f8-4c70-a216-d4db5866670a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to uninstall or reinstall Whonix

[Person]

On Monday, September 25, 2017 at 7:52:22 AM UTC+8, cooloutac wrote:
> On Sunday, September 24, 2017 at 3:59:28 PM UTC-4, Person wrote:
> > It seems that the VMs have already been replaced. Which is good considering 
> > that then I don't need to delete the old templates. 
> > 
> > However, the system didn't automatically give me an anon-Whonix or 
> > sys-Whonix templates, so I tried making some for myself. (I'm not sure if 
> > there is a easier or better way to get the templates, if there is, please 
> > inform me.) 
> > 
> > I tried to download Tor Browser on Whonix-ws, and it doesn't work. My 
> > internet connectivity and Whonix VMs are working fine, but there is an 
> > error because "Tor could not connect to the Tor control port". 
> > 
> > Specifically, the error I saw was this: http://imgur.com/eQWNgcf.
> 
> whonix already comes with tor browser.

Well, (probably) because I deleted and reinstalled Whonix, Tor Browser isn't 
downloaded to whonix-ws yet. There is an app specifically for me to download 
Tor Browser, but unfortunately, it is not working.

https://imgur.com/eQWNgcf

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03940a4d-9aa6-48f6-b4cf-5dfab69172ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Install Whonix Templates in R4.0 rc1/2

[nicholas roveda]

Thanks for the answer.

The release note specified at that time there was no Whonix template available 
for R4.0 rc1, but now they are available in the template-community repo and we 
are at rc2 (almost).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e82475a2-c46d-4945-940f-d5b0a9dbe212%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] /var/log excessive filesystem usage

[haaber]

> On 09/26/2017 09:44 AM, taii...@gmx.com wrote:
> 
> Please check settings in /etc/systemd/journald.conf to make sure
> journald only logs what you need (and, in my case, does not discard what
> it thinks I don't need).
Could you me more specific which entry in the default settings are
responsible for this space-consuming logging ?Thanks, Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10b54fb4-099c-8b20-63ce-5133e639d0ed%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Privacy in Qubes

[Person]

About querying the browser directly: 
How exactly do I change the browser information to prevent such queries? I have 
Mozilla Firefox in sys-net.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b429e5d0-077c-42c7-80bf-9d2d8528eefa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Install Whonix Templates in R4.0 rc1/2

[iry]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

nicholas roveda:

> Which is the correct procedure to install the Whonix templates from
> the Templates Community Repo in R4.0 rc1 (current-testing)?

Hi Nicholas!

Unfortunately, Whonix is not available in Qubes 4.0 rc1 which has been
documented as a known issue in its release note.

A more detailed answer can be found here:
https://forums.whonix.org/t/qubes-4-0-rc1-cant-find-the-whonix-template-
package/4221/2

Best,
iry
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJZyp/EAAoJEKFLTbxtzdU87G4P/A/7VUKl1Sx45WVbQD/VMoLZ
sKl2CzZD3MUHdRTEkwMxvY9qvYeeeCSYHiDMv3waxGqACB6qCCo1qx7KTSaisHyd
/zbxg2sFAU0mZp78aOgB7rGwkrqQxg7XAJuHfXFvxemx2U/G9najdmB0lzhCXm49
+yKNn4tek7wq1BTiynuA+aNN3uPY/XTjI7z+CwanldXwG5g/ox/LsmrBAqXlX1wR
kUg6zT4B4Yefq4g96I7k3QiDl/9bH+lkFI0CAi60fG6PkGKetPpmqzrFuQENH04h
zbVwVpQQKt3BXmfr0lBopaIBBKUvmTrgEOunxJqnOrLzgWmPQIgfEBOztP3s7WTX
1sNX6k4u+Z0uF7hoa5CZAZr7JxOzaQmg2M4XVo3/gDSo+SlgSxW688UvzZAGjv70
ljtbchyWgiILNILUpZlDksRYni9nkcmf6+yDmLTB3ddcj8SCrXQq4ppzNZl8WN10
7YdtjBr5teQgCrMrEZ1hY/R13b4L3v0WzI8d21GNJJi+uUgap+VXd5IjH1MXSudI
vVj1oslTf40YvXMDYpQZEZ2mPNt18sACeGzRPAzo3ioTq5h0BUS0ooibu7gL8sGs
gX7wBdgO54SRqFICSMji7XC7FRE5GDjvh160YfMFe+/JQDGycYv0ki0esweu0CIb
ROqSgWT28EF88bXPUP/U
=FZLg
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oqe742%24bgp%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.


0x6DCDD53C.asc
Description: application/pgp-keys


0x6DCDD53C.asc.sig
Description: PGP signature

[qubes-users] 4.0rc1 X Server Restarts during idle times

[David Hobach]

Hi all,

does anyone else have the issue in 4.0rc1 that the X server restarts 
after X screensaver locks when you go away from your laptop?


This is rather annoying as it kills the screensaver and restarts some 
other services which I'd usually not prefer to have restarted...


Unfortunately I didn't spot anything suspicious in the logs, i.e. I'm 
not 100% sure whether it's a bug or due to some strange config that I 
have. :-(


Best Regards
David

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa5b9900-17cf-d52b-fa30-36f9d9b807f2%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qubes-users] /var/log excessive filesystem usage

[David Hobach]

On 09/26/2017 09:56 AM, Alex wrote:

On 09/26/2017 09:44 AM, taii...@gmx.com wrote:

Update: deleting the contents of /var/log, /tmp and /var/tmp caused my
system to be unbootable which is silly as these are not meant to be
permanent locations

I received errors about qmemmman not being able to write a file, to
which I had to revert the changes and re-create it's directory to render
the system bootable again.


That's very strange - not the fact that qmemman does not work if you
remove its log directory, but the size on disk.

I've had this R3.2 installation since october 2016, and my /tmp has 4KB
worth of data, /var/tmp 20KB and the biggest is /var/log with 1.8GB.

But inside /var/log the biggest directory is journald/, that takes 99%
of the space, while qubes/ takes only 3.2 MB - the second biggest
directory being xen/ at 8.3MB.

To check directory size I used "du", with a line like this:
/var/log# du --max=1 -h

Please check settings in /etc/systemd/journald.conf to make sure
journald only logs what you need (and, in my case, does not discard what
it thinks I don't need).


Yes the default settings in 3.2 were quite ridiculous - also made me get 
a few GB over time, journalctl wouldn't even load at some point...

Didn't check that in 4.0 yet...

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/507b79f7-a3d4-a12b-ee34-39c527e60093%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qubes-users] Re: Privacy in Qubes

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/25/2017 09:10 PM, Drew White wrote:
> Debian, Slackware, CentOS, Windows 3.11,95,98,2000,xp,7,8,10 (32
> and 64 bit versions of available). I run OSX, ESXi, PFSense,
> Android 4, 5, 6, 7, Qubes 1,2,3, XEN, PASOS, COFFEE, OS/2,

why? (just curious, maybe off topic for this list)

/Sven
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJZynX6AAoJENpuFnuPVB+2+I4P/RrDrdI8mIh7JDGJEkAR0HH0
KpxsqBOEKAy9juPu+domotmHaj8czLRNqaNTJkI9kxqH7CQbAIoLf1z4H5JeYw8e
BXD0V4x3S4Ik7tlISqTHwHq9DfN2KUmJhl1k9SewLfQBqgF7O892YjKItPbeZ3kJ
OMCu98YgA2tcfmNh2B2f6Sx4hX51JaB/NQtvGaAu0pjRCQwn2GZwpZnxAYYOnAER
NRKZQwGVczE0m1FIkL1HtWBOB268u8uni2LKYoGHRkcq2RvDiezVlPtPXj1s4MQS
y1J8o0YrjL5EtZBGi+XcCiFSUM36smMuE906tXfAcwvON9LPFLfc3qkmhXrTYkLx
w99b+oDiWD9aVnr0XMN/iAl1ZlNp53Us/8FkeizmrKJ9imSKJUUMj70QKZAwgyXX
ait5tpUdKczI5jq7fC6C8H4/IGt+PI0XqBH2AHGDDY9l3TSPTXwWZv0xOYXOxwR6
+jufPeJwnXZjyL05Tz2a/iYy4m7zP1rIT1lL5ox7oyEL2Kk3Z24X6y2JXDoqe8lt
cY16o7aT2sXbESQAiOp4RfjxCGyGJRieIVlPnnfydu62fqte8BB9Jfbk3LvdKqxr
eUpBQ5jkQsMrAXculMwt23Xqu8fwnI+KFZuMeLttgNGdr73MoV+td7i3I8l3mWFv
mHEyXu1L+BtEg8+IHEGi
=CVVV
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e47315f-d635-589d-d02b-769d9113f4d7%40SvenSemmler.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to recover VMs copied before reinstall?

[Ron Hunter-Duvar]

On September 26, 2017 9:20:57 AM MDT, 'One7two99' via qubes-users 
 wrote:
>Hello Ron,
>
>>  Original Message 
>> Subject: Re: [qubes-users] How to recover VMs copied before
>reinstall?
>> Local Time: 26 September 2017 4:58 PM
>> From: ro...@shaw.ca
>>
>> [...] I want to access my existing ones from the previous install,
>not create new ones. I put a lot of hours into getting them set up the
>way I wanted them, and they contain important data I don"t want to
>lose. [...]
>
>I am also building all sys- / template- and App-VMs based on the
>available templates in Qubes. As I would like to rollout Qubes for
>friends and maybe also co-workers I have documented each step when
>configuring/provisioning new AppVMs or templates.
>
>I've written a handful scripts which will take the default
>qubes-templates and apply all updates / packe installation and
>post-configuration tasks without user interaction.
>This reduces time rebuilding the system but also allows another backup
>policy where I only store the data and reinstall everything else from
>my scripts.
>
>If you're interested I can forward them to you.
>
>[799]

I'm not sure if that will help, but I'll take a look. If I can at least get my 
files into new appvms of the same name, it would do the trick.

Thanks,
Ron

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/60E8F6C5-38BA-43DA-8B4F-319D038140CE%40shaw.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to recover VMs copied before reinstall?

['One7two99' via qubes-users]

Hello Ron,

>  Original Message 
> Subject: Re: [qubes-users] How to recover VMs copied before reinstall?
> Local Time: 26 September 2017 4:58 PM
> From: ro...@shaw.ca
>
> [...] I want to access my existing ones from the previous install, not create 
> new ones. I put a lot of hours into getting them set up the way I wanted 
> them, and they contain important data I don"t want to lose. [...]

I am also building all sys- / template- and App-VMs based on the available 
templates in Qubes. As I would like to rollout Qubes for friends and maybe also 
co-workers I have documented each step when configuring/provisioning new AppVMs 
or templates.

I've written a handful scripts which will take the default qubes-templates and 
apply all updates / packe installation and post-configuration tasks without 
user interaction.
This reduces time rebuilding the system but also allows another backup policy 
where I only store the data and reinstall everything else from my scripts.

If you're interested I can forward them to you.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/jJXR49ffEpPWVgTLq0Opt79wCxiTBLu-gdalVusIXziThGVEqjIbjOnSbKTbT4raMtEs743LAvQdjHnF1jaMUAO3ohdUBlHH5cBAIygDc1E%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to recover VMs copied before reinstall?

[Ron Hunter-Duvar]

On September 26, 2017 4:20:34 AM MDT, Chris Laprise  wrote:
>On 09/25/2017 07:12 PM, Ron Hunter-Duvar wrote:
>> Hi,
>>
>> My first Qubes install ended up unbootable, and I didn't have a
>recent enough backup of my VMs. So I booted from a Ubuntu live cd,
>mounted the partitions, and copied everything off to a backup drive and
>did a clean reinstall.
>>
>> Now I've copied my appvms back to /var/lib/qubes/appvms/, but they
>don't show up in the VM Manager.
>>
>> Can anyone tell me how to get these appvms useable again?
>>
>> Thanks,
>> Ron
>>
>
>Try using `qvm-add-appvm vmname templatename`.

Doesn't that just create a new appvm? I want to access my existing ones from 
the previous install, not create new ones. I put a lot of hours into getting 
them set up the way I wanted them, and they contain important data I don't want 
to lose.

I am wondering if creating new ones of the same name, then overwriting the img 
files with the old ones would work. 

Thanks,
Ron

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/EAA26BF9-CB89-4F54-A754-A7B2BB36B630%40shaw.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Windows support in Qubes 4.0?

[Raymond Rizzuto]

On Tuesday, September 26, 2017 at 10:10:13 AM UTC-4, Raymond Rizzuto wrote:
> On Friday, September 15, 2017 at 10:24:21 PM UTC-4, Ray Rizzuto Jr wrote:
> > Oh, that's a shame.  It would be handy to have better Windows support for 
> > the couple of programs I still depend on.  Sound for Quicken would be a 
> > very nice to have - the audible feedback is handy.  Is there any plan to 
> > address that after 4.0?
> > 
> > 
> 
> I really think that having Audio support for a Windows VM to put it on par 
> with Linux VMs should be on the roadmap somewhere.  Is it?

Given that Qubes 4.0 is switching from PV to HVM, wouldn't the issue of audio 
impact all HVMs, whether Linux or Windows?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8f9978f8-84bc-4d97-bab7-82c5f977d98e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Hardened VM templates in Qubes

[Reg Tiangha]

On 2017-09-25 6:42 AM,
dhfgebenskzkwkwnd...@gmail.com wrote:
> Hello, please tell me if there are guides to hardening VM templates? 
> Coldhak.ca is dead, is there anything else or use KSPP manually?
> 
> Thanks.
> 

Most of the KSPP options have been enabled in the most recent versions
of the 4.9 kernel in the Qubes repository, at least for the ones that
exist in that branch of the kernel. Obviously, more options have been
introduced in newer branches so you'd have to compile those kernel
versions on your own if you wanted them.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oqdn27%24v2l%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to make package available in work template that I installed in fedora-23 template?

[kabunettech]

Hello everyone,
I'm going through 
https://www.qubes-os.org/doc/software-update-vm/#how-templatevms-work-in-qubes 
guide and installed few packages in fedora-23 terminal to have them permanently 
on the system.

They are preserved after system restart, however I can't find the step on how 
to make them available in different templates, 'work' for example.


Package is available under /usr/bin/ in fedora-23.


Any advice really appreciated,

Thank you, 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/718a5475-a77e-4c0e-ad9e-6db1caf77a9d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to recover VMs copied before reinstall?

[Chris Laprise]

On 09/25/2017 07:12 PM, Ron Hunter-Duvar wrote:

Hi,

My first Qubes install ended up unbootable, and I didn't have a recent enough 
backup of my VMs. So I booted from a Ubuntu live cd, mounted the partitions, 
and copied everything off to a backup drive and did a clean reinstall.

Now I've copied my appvms back to /var/lib/qubes/appvms/, but they don't show 
up in the VM Manager.

Can anyone tell me how to get these appvms useable again?

Thanks,
Ron



Try using `qvm-add-appvm vmname templatename`.

--

Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9d07c73b-df84-cf14-e0ec-e6f21034a269%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Has anyone tried to activate SELINUX in Fedora 25?

[pels]

On Sunday, September 24, 2017 at 6:19:15 PM UTC+2, cooloutac wrote:
> On Sunday, September 24, 2017 at 12:17:33 PM UTC-4, cooloutac wrote:
> > On Sunday, September 24, 2017 at 12:16:34 PM UTC-4, cooloutac wrote:
> > > On Thursday, September 21, 2017 at 4:40:42 AM UTC-4, pels wrote:
> > > > On Wednesday, September 20, 2017 at 2:54:31 PM UTC+2, cooloutac wrote:
> > > > > On Wednesday, September 20, 2017 at 4:41:58 AM UTC-4, pels wrote:
> > > > > > I'd like to activate SELINUX(enforcing) in VMs (f25 and 
> > > > > > f25-minimal), but fails:
> > > > > > 
> > > > > > [1.510532] audit: type=1404 audit(1505894636.317:2): 
> > > > > > enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295
> > > > > > [1.601491] audit: type=1403 audit(1505894636.408:3): policy 
> > > > > > loaded auid=4294967295 ses=4294967295
> > > > > > [1.605815] systemd[1]: Successfully loaded SELinux policy in 
> > > > > > 95.611ms.
> > > > > > [1.617897] systemd[1]: Failed to mount tmpfs at /run: 
> > > > > > Permission denied
> > > > > > [.[0;1;31m!!.[0m] Failed to mount API filesystems, freezing.
> > > > > > [1.621206] systemd[1]: Freezing execution.
> > > > > > 
> > > > > > I had it enabled  in fedora 24 but after upgrading failed
> > > > > > I create a new template (f25 and f25-minimal) with same effect.
> > > > > > 
> > > > > > I have tried to reset SELinux to its initial state:
> > > > > > yum remove selinux-policy
> > > > > > rm -rf /etc/selinux
> > > > > > yum install selinux-policy-targeted
> > > > > > fixfiles -f -F relabel
> > > > > > reboot
> > > > > > 
> > > > > > Any ideas?
> > > > > > 
> > > > > > Thank you very much
> > > > > > 
> > > > > > Best Regards
> > > > >   
> > > > >   Is this a vm, if so do we really care if systemd is running in it?  
> > > > >  You sure thats selinux?  what does sestatus say? 
> > > > > 
> > > > > When googling this error seems people have same issue when running 
> > > > > docker.  And you have to set seccomp to unconfined.
> > > > 
> > > > Thank you cooloutac
> > > > 
> > > > -Is this a vm
> > > > It happens in Templates and VMs.
> > > > 
> > > > -Is this a vm, if so do we really care if systemd is running in it?
> > > > The problem is when i enable SELINUX VMs/templates doesn't "boot" or 
> > > > fail to start. 
> > > > If I disable SELINUX, the templates/VMs start whithout problems and 
> > > > systemd is activated.
> > > > 
> > > > -You sure thats selinux?
> > > > Yes i'm pretty sure, it's exactly the same config that i had in 
> > > > fedora24.
> > > > In dom0
> > > > qvm-prefs -s fedora-25 kernelopts "nopat security=selinux selinux=1"
> > > > and in VMs/Templats
> > > > /etc/selinux/config
> > > > 
> > > > SELINUX=enforcing 
> > > > SELINUXTYPE=targeted
> > > > 
> > > > Default selinux config
> > > > 
> > > > -what does sestatus say?
> > > > I can't execute anything in template/VMs 
> > > > in dom0:
> > > > qvm-run fedora-25 --nogui -pass-io -u root "sestatus"
> > > > Error(fedora-25): Domain 'fedora-25':qreexec not connected
> > > > 
> > > > -When googling this error seems people have same issue when running 
> > > > docker.  And you have to set seccomp to unconfined
> > > > 
> > > > Yes, i've read it, but i don't know how disable seccomp and the 
> > > > consequences...
> > > > 
> > > > 
> > > > Could you make me a big favour and try to activate SELINUX?
> > > > 
> > > > Thank you very much
> > > > 
> > > > Best regards
> > > 
> > > Probably only useful in the template vm.  But still not sure how 
> > > beneficial it would be was my point though.  Its probably not compatible 
> > > with qubes, sounds like it breaks qrexec, maybe not worth the headache 
> > > man.
> > 
> > If they exploiting xen already I don't think it really matters at that 
> > point.  But i'm far from an expert.
> 
> I'm sorry for spam,  but wanted to add an alternative option is use multiple 
> template vms for installing diff untrusted software,  of course this requires 
> more resources,  but Qubes in general requires more resources and specific 
> capable hardware for best compatibility.


Thank you cooloutac. Probably not a big deal, i'm not going to spent a lot of 
time, but i'd like to know why works in fedora 24 and not in fedora 25. If I 
find the solution i'll posted. Probaly i  can't find the solution, because my 
knowledge is limited. 

Thank you again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf88ea14-d0bd-4d74-88bd-4ef60c05200b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] /var/log excessive filesystem usage

[Alex]

On 09/26/2017 09:44 AM, taii...@gmx.com wrote:
> Update: deleting the contents of /var/log, /tmp and /var/tmp caused my
> system to be unbootable which is silly as these are not meant to be
> permanent locations
> 
> I received errors about qmemmman not being able to write a file, to
> which I had to revert the changes and re-create it's directory to render
> the system bootable again.
> 
That's very strange - not the fact that qmemman does not work if you
remove its log directory, but the size on disk.

I've had this R3.2 installation since october 2016, and my /tmp has 4KB
worth of data, /var/tmp 20KB and the biggest is /var/log with 1.8GB.

But inside /var/log the biggest directory is journald/, that takes 99%
of the space, while qubes/ takes only 3.2 MB - the second biggest
directory being xen/ at 8.3MB.

To check directory size I used "du", with a line like this:
/var/log# du --max=1 -h

Please check settings in /etc/systemd/journald.conf to make sure
journald only logs what you need (and, in my case, does not discard what
it thinks I don't need).

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c654af8-737b-d884-d0b2-b397a7b737fd%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] /var/log excessive filesystem usage

[taii...@gmx.com]

Update: deleting the contents of /var/log, /tmp and /var/tmp caused my 
system to be unbootable which is silly as these are not meant to be 
permanent locations


I received errors about qmemmman not being able to write a file, to 
which I had to revert the changes and re-create it's directory to render 
the system bootable again.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f86ca21-d642-3a37-25d6-7be279802930%40gmx.com.
For more options, visit https://groups.google.com/d/optout.