Re: [qubes-users] No wired internet (Intel I219-LM) on new 4.1 install
According the doc, you don't need to do that. Firewall policy which is see with qvm-firewall sys-firewall: 0. tcp 443 1. dns 2. icmp 3. drop I still can't solve the problem. On Wednesday, 25 May 2022 at 07:18:35 UTC+3 sv...@svensemmler.org wrote: > On 5/24/22 08:36, M wrote: > > sys-firewall - limit traffic to * on TCP port 443. > > I tried ping google from sys-net and sys-firewall terminal. > > From sys-net domain+ip went through, sys-firewall only ip. > > * ping uses ICMP which the firewall will always let through unless you use > qvm-firewall > * DNS queries are routed by Qubes OS to the netvm, which is in your case > sys-firewall > * once you allow UDP port 53 in the firewall settings in sys-firewall DNS > should work > > > Updates are also not working. > > Well, they need DNS. ;-) ... and also Fedora will try to contact some HTTP > URLs > > If you don't want to allow HTTP in sys-firewall, you can > > 1. clone it to sys-update > 2. set sys-update as updatevm and in the policy for updates > 3. allow HTTP for sys-update > 4. set "provides networking" to false for sys-update > > That means sys-update will be used as update proxy but no other qube can > use it as network (netvm). > > /Sven > > -- > public key: https://www.svensemmler.org/2A632C537D744BC7.asc > fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7 > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18ea6cba-e769-446d-b19f-73dfdb244073n%40googlegroups.com.
Re: [qubes-users] Problems with announced Fedora 35 templates
On Sat, May 28, 2022, 3:28 PM Viktor Ransmayr wrote: > Hello Qubes Community, > > I run into a problem already in the very first step of the standard > installation method: > > If I perform "sudo qubes-dom0-update qubes-template-fedora-35" in a 'dom0' > terminal, I receive the following error msg: > > [vr@dom0 ~]$ sudo qubes-dom0-update qubes-template-fedora-35 > Redirecting to 'qvm-template install fedora-35' > [Qrexec] /bin/sh: /etc/qubes-rpc/qubes.TemplateSearch: No such file or > directory > ERROR: qrexec call 'qubes.TemplateSearch' failed. > [vr@dom0 ~]$ > > My Qubes R4.1 system so far had two 'dom0' updates, which successfully > finished using the Qubes Updater ... > > If I try it manually, I always receive the following feedback: > > [vr@dom0 ~]$ > [vr@dom0 ~]$ sudo qubes-dom0-update > Using sys-firewall as UpdateVM to download updates for Dom0; this may take > some time... > No updates available > [vr@dom0 ~]$ > > Any ideas on why the template is not found - and - what I should > additionally check on my system? > > With kind regards, > > Viktor > I reported a similar problem a few days ago. At the time the f35 templates were not appearing on some indexes and the devs were looking into it. I just used a browser to download the rpm's from itl and installed them locally. Note : You should be using qvm-template command with R4.1, which is why the forwarding message. > -- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ5FDng8-XhrUHbcXVyCvedwx0Xbw2YhDa4x9oMQ0z74LSaf5g%40mail.gmail.com.
[qubes-users] Problems with announced Fedora 35 templates
Hello Qubes Community, I run into a problem already in the very first step of the standard installation method: If I perform "sudo qubes-dom0-update qubes-template-fedora-35" in a 'dom0' terminal, I receive the following error msg: [vr@dom0 ~]$ sudo qubes-dom0-update qubes-template-fedora-35 Redirecting to 'qvm-template install fedora-35' [Qrexec] /bin/sh: /etc/qubes-rpc/qubes.TemplateSearch: No such file or directory ERROR: qrexec call 'qubes.TemplateSearch' failed. [vr@dom0 ~]$ My Qubes R4.1 system so far had two 'dom0' updates, which successfully finished using the Qubes Updater ... If I try it manually, I always receive the following feedback: [vr@dom0 ~]$ [vr@dom0 ~]$ sudo qubes-dom0-update Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... No updates available [vr@dom0 ~]$ Any ideas on why the template is not found - and - what I should additionally check on my system? With kind regards, Viktor -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5b11cb95-eedc-42f6-acd8-ebf77d5a3159n%40googlegroups.com.
Re: [qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
On Tue, 2022-05-24 at 12:35 -0400, Demi Marie Obenour wrote: > On Tue, May 24, 2022 at 10:37:18AM +0200, Qubes OS Users Mailing List > wrote: > > https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable > > states: > > > To do this [make a particular application open everything in a > > > disposable VM], enable a service named app-dispvm.X in that > > > qube, > > > where X is the application ID. > > > > and invokes `app-dispvm.thunderbird` as an example. > > > > How would you do that for an application installes and run through > > flatpak? > > Flatpak-installed applications still have an application ID, which is > what gets passed to qubes.StartApp to launch the application. Thank you for your answer. Lengthy googling has dug up no answer to what an "application ID" actually is or how to look it up. Could you please help with that? Given a running program, how do I identify it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/48af07c3fae3c96c5a012615641609946e29735e.camel%40graumannschaft.org.
Re: [qubes-users] Failing Salt code: out of ideas and wrong error
On Wed, 2022-05-25 at 15:08 +0100, 'unman' via qubes-users wrote:
> On Tue, May 24, 2022 at 11:54:27PM +0200, 'Johannes Graumann' via
> qubes-users wrote:
> > Can any one point me to why the following fails? I have been
> > banging my
> > head against this for a while ...
> >
> > --- SNIP ---
> > create bind dirs config file:
> > file.managed:
> > - name: /rw/config/qubes-bind-dirs.d/50_user.conf
> > - makedirs: True
> > - mode: 644
> > - dir_mode: 755
> >
> > {% set binddirs = ['/usr/local'] %}
> >
> > {% for binddir in binddirs %}
> > configure '{{ binddir }}' to be persistent:
> > file.replace:
> > - name: /rw/config/qubes-bind-dirs.d/50_user.conf
> > - pattern: "^binds+=( '{{ binddir }}' )$"
> > - repl: "binds+=( '{{ binddir }}' )"
> > - append_if_not_found: True
> > {% endfor %}
> > --- SNIP ---
> >
> > The corresponding error ("State 'create bind dirs config file' in
> > SLS
> > 'custom_dom0.sys-vpn-mpihlr_assert_vpn_setup' is not formed as a
> > list")
> > is a complete red herring, as the so called first part by itself
> > works
> > just fine and only fails when I add the latter (jinja) part ...
> >
> > How do I properly deal with the single quotes in `pattern` and
> > `repl`?
> >
> > Thanks for any pointers.
> >
> > Sincerely, Joh
> >
> >
>
> Hi Joh
>
> Change the closing tag on the for statement to "-%}"
> This is, I think, salt specific - according to the jinja specs it
> will remove whitespace
> Your use of single quotes in pattern and repl will be fine.
>
> A simpler (and lazier) formulation would use file.append:
>
> {% for binddir in binddirs %}
> configure '{{ binddir }}' to be persistent:
> file.append:
> - name: /rw/config/qubes-bind-dirs.d/50_user.conf
> - text: "binds+=( '{{ binddir }}' )"
> - makedirs: True
> {% endfor %}
>
> You can drop the explicit file.managed in this case.
>
> unman
Thank you so much! Addition of the darn `-` made my problem disappear
... this one really had me pulling my hear out!
Sincerely, Joh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/63be168de19dca02f1e7760a318f6caff6fdf2ca.camel%40graumannschaft.org.
