Re: [qubes-users] Qube-Firewall: How to handle changing IPs?
I mentioned DNS pinning in the very end and posted a working solution there as well. I personally use it since about back then. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f99c46ba-09d2-f811-80be-63530900943c%40hackingthe.net. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
On Thu, Aug 11, 2022, 3:10 PM Martin Holst Swende wrote: > > On 8/11/22 11:38, Demi Marie Obenour wrote: > > 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? > > I don't have a sys-gui-gpu at the moment, but will test that. This page > (https://www.qubes-os.org/doc/guivm-configuration/) is still the most > relevant/recent description, right? > > I think so? I don’t use sys-gui-gpu myself, and I will admit that there > are quite a few bugs when using it. Still, if it works, then the > possible parts of the code that could be to blame is much lower. If > sys-gui-gpu in PV mode works, then the problem is almost certainly the > userspace drivers (Mesa). If sys-gui-gpu in HVM mode works, but it > fails in PV mode, then the problem is likely in the way i915 and Xen > interact. > > > I have tested this now. When I boot, the problem remains. Opening the Qube > Manager shows that the sys-gui-gpu qube is not running. I tried starting it > from the manager, > and it led to immediate black screen, requiring a hard shutdown. The logs > for that qube are here: > > dom0 will kernel panic if the GPU is removed from it while in use. I > recommend preventing the i915 kernel module from being loaded in dom0 > via the dom0 kernel command line. > > > I've tried some variants now. Disabling i915 (by moving the driver flie) > doesn't do much. It boots up as usual, same problems, and if I try to boot > the sys-gui-gpu qube, it blackscreens and requires hard shutdown. > New development: I used the boot param: module_blacklist=i915 (and the drivers were also removed from the filesystem). This time, there were no graphics glitches. However, the sys-gui-gpu did not come up. I started a work -qube Firefox, thinking it maybe would kickstart the gui vm, but no. So maybe those gui-vm config steps do not fully enable it? I eventually (again) tried manually starting it, with the result of immediate blackscreen freeze. Not sure where that leaves me? I don't even know what the whole i915 thing is all about, what is it supposed to improve? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CANC2dUco%2BHrHq69a8_uKJCj-18D%2Ba_NbkQ54y5DQRsez9c4PUw%40mail.gmail.com.
Re: [qubes-users] Qube-Firewall: How to handle changing IPs?
Sorry, I just noticed that I missed your answer because you did not answer me directly, but only to the list. The issue you reference to is quite long to read and parts of it are several years old, is there something ready for testing? You say "less often", for my imap-server imap.web.de this semms to appen about every second weeks I think. Am 29.07.22 um 17:43 schrieb David Hobach: See [1]. It happens less often than one might think though. [1] https://github.com/QubesOS/qubes-issues/issues/5225 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/81d7bf81-8049-d036-ee09-fc41674f5cb9%40web.de.
Re: [qubes-users] Qube-Firewall: How to handle changing IPs?
Is there really no approach to fix this? What about a cron job which checks for a change DNS resolve every now and then and updates the ip-filter, for example? Am 29.07.22 um 11:08 schrieb r.wiesb...@web.de: Hi there, many large providers use CDNs or similar structures, which results in the same FQDN being resolved to different IPs. Afaik the Qube-Firewall-Settings resolve a DNS entry only once (on add/edit) and internaly use that IP. This is a problem with my mail-provider (web.de) as well es for Updates of Thunderbird Add-Ons. Besides workarounds like manually refreshing the firewall settings or temporary allowing full web access: is there a fix for these issues? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e612d9c-e5a2-fb2c-89de-0c4c308b013f%40web.de.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
On 8/11/22 11:38, Demi Marie Obenour wrote: 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? I don't have a sys-gui-gpu at the moment, but will test that. This page (https://www.qubes-os.org/doc/guivm-configuration/) is still the most relevant/recent description, right? I think so? I don’t use sys-gui-gpu myself, and I will admit that there are quite a few bugs when using it. Still, if it works, then the possible parts of the code that could be to blame is much lower. If sys-gui-gpu in PV mode works, then the problem is almost certainly the userspace drivers (Mesa). If sys-gui-gpu in HVM mode works, but it fails in PV mode, then the problem is likely in the way i915 and Xen interact. I have tested this now. When I boot, the problem remains. Opening the Qube Manager shows that the sys-gui-gpu qube is not running. I tried starting it from the manager, and it led to immediate black screen, requiring a hard shutdown. The logs for that qube are here: dom0 will kernel panic if the GPU is removed from it while in use. I recommend preventing the i915 kernel module from being loaded in dom0 via the dom0 kernel command line. I've tried some variants now. Disabling i915 (by moving the driver flie) doesn't do much. It boots up as usual, same problems, and if I try to boot the sys-gui-gpu qube, it blackscreens and requires hard shutdown. /Martin -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9071b635-7798-45ee-2fe9-8e99c8172966%40gmail.com.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Aug 11, 2022 at 11:30:50AM +0200, Martin Holst Swende wrote: > > On 8/11/22 10:59, Demi Marie Obenour wrote: > > On Thu, Aug 11, 2022 at 09:07:22AM +0200, Martin Holst Swende wrote: > > > > >>> Happy to try out any suggestion/experiment. > > >> > > >> 1. Does i915.enable_psr2_sel_fetch=0 help? > > > > > No, no change that I can see. > > > > Okay, so that is not the problem. > > > > >> 2. What X11 driver is Xorg using? If it is using Intel, does > > >> modesetting help? If it is using modesetting, does Intel help? > > > > > > > More full logs/notes can be found at > > > https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-dom0_testing-txt > > > . > > > > > I'm not sure how to interpret the logs, it looks to me like "intel no, > > > modesetting yes". Not sure how/what to change here, given a nudge in the > > > right direction I can try to explore it more. > > > > That is what it looks like to me also. > > > > >> 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? > > > > > I don't have a sys-gui-gpu at the moment, but will test that. This page > > > (https://www.qubes-os.org/doc/guivm-configuration/) is still the most > > > relevant/recent description, right? > > > > I think so? I don’t use sys-gui-gpu myself, and I will admit that there > > are quite a few bugs when using it. Still, if it works, then the > > possible parts of the code that could be to blame is much lower. If > > sys-gui-gpu in PV mode works, then the problem is almost certainly the > > userspace drivers (Mesa). If sys-gui-gpu in HVM mode works, but it > > fails in PV mode, then the problem is likely in the way i915 and Xen > > interact. > > > I have tested this now. When I boot, the problem remains. Opening the Qube > Manager shows that the sys-gui-gpu qube is not running. I tried starting it > from the manager, > and it led to immediate black screen, requiring a hard shutdown. The logs > for that qube are here: dom0 will kernel panic if the GPU is removed from it while in use. I recommend preventing the i915 kernel module from being loaded in dom0 via the dom0 kernel command line. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmL0zgYACgkQsoi1X/+c IsEB3w//V5thcPTmgEQhPwd4/8qSZWx3OqmvEiNDkH4Mj+Aw1mVICbMprqeyhUz0 8rlJK2sjPvZvF0xNRRuHedtdolliw/R5u0pQWoTtQ+CJd3hPJsoEXRja8lyPVYdS UBvSNzPbsWZjCfE4uqEyHIhdEDmd53X/vvTikS9fu7x3+REdKTHd/tMR1yTB7bfw chLg67/FFU1fgHVGQAkj3Hi2Rh8NF1uzG4VRLo0XFf0JG+M+SSb9L9MKijUkZWJZ Qa9iuPn3wCrm9eNhWzskfatNnjh3PsYPVHH1f2X3bqH6TsGkpxbz2YyOVAp9PmDT uvGUooDlouFfClKRPxtmkjqvnrquVbdzUgE6OdW023MgA6m5/eF8nHQYZLw3qcAz apPwx9rjRKzRwE57saI+CFJGwuxlmD/8w9B+oWJ8bgXPcmEgmgM3rqsZrXgYM4uw Ktq6tM1KZYbNN7naMEowPhvrMMbu2xx5OMxkQ9wZsU1HxFVY2zwAcOQttXblt5lj VQEAUeysXvCffmrzhORqaUFuzBIX7iWoU5PCuCG2Pfb0YX9FeBhyaZlLLDA90R6m yp4YWyNAZeq0Gfn3gZd2IVcYSdw+HjuWdYPTdhfhOA0wq5SxVt8MEtKe+ZelSSiw bhZLV0PN+2ZLkIed5a0YM+FDnqIugLRNBMz50eeVzKAl8lInHyY= =Gu+c -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YvTOBm3bzTVfto24%40itl-email.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
On 8/11/22 10:59, Demi Marie Obenour wrote: On Thu, Aug 11, 2022 at 09:07:22AM +0200, Martin Holst Swende wrote: >>> Happy to try out any suggestion/experiment. >> >> 1. Does i915.enable_psr2_sel_fetch=0 help? > No, no change that I can see. Okay, so that is not the problem. >> 2. What X11 driver is Xorg using? If it is using Intel, does >> modesetting help? If it is using modesetting, does Intel help? > More full logs/notes can be found at https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-dom0_testing-txt > . > I'm not sure how to interpret the logs, it looks to me like "intel no, > modesetting yes". Not sure how/what to change here, given a nudge in the > right direction I can try to explore it more. That is what it looks like to me also. >> 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? > I don't have a sys-gui-gpu at the moment, but will test that. This page > (https://www.qubes-os.org/doc/guivm-configuration/) is still the most > relevant/recent description, right? I think so? I don’t use sys-gui-gpu myself, and I will admit that there are quite a few bugs when using it. Still, if it works, then the possible parts of the code that could be to blame is much lower. If sys-gui-gpu in PV mode works, then the problem is almost certainly the userspace drivers (Mesa). If sys-gui-gpu in HVM mode works, but it fails in PV mode, then the problem is likely in the way i915 and Xen interact. I have tested this now. When I boot, the problem remains. Opening the Qube Manager shows that the sys-gui-gpu qube is not running. I tried starting it from the manager, and it led to immediate black screen, requiring a hard shutdown. The logs for that qube are here: https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-guest-sys-gui-gpu-log https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-guest-sys-gui-gpu-dm-log I then switched it to PV mode. Same thing, does not startup + blackscreen if I start it explicitly. >> If PV sys-gui-gpu with a dom0-provided kernel works, then the problem is >> almost certainly old dom0 userspace: either an old X server, old Mesa, >> or both. If you could build modern Mesa and/or X11 for dom0 and try >> again, that would be awesome. > Left for future reference, I'm taking baby steps here :) Valid :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/399aa34c-e872-1b9e-0cfa-da3a401c0961%40gmail.com.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, Aug 11, 2022 at 09:07:22AM +0200, Martin Holst Swende wrote: > > > > Happy to try out any suggestion/experiment. > > > > 1. Does i915.enable_psr2_sel_fetch=0 help? > > No, no change that I can see. Okay, so that is not the problem. > > 2. What X11 driver is Xorg using? If it is using Intel, does > > modesetting help? If it is using modesetting, does Intel help? > > > More full logs/notes can be found at > https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-dom0_testing-txt > . > > I'm not sure how to interpret the logs, it looks to me like "intel no, > modesetting yes". Not sure how/what to change here, given a nudge in the > right direction I can try to explore it more. That is what it looks like to me also. > > 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? > > I don't have a sys-gui-gpu at the moment, but will test that. This page > (https://www.qubes-os.org/doc/guivm-configuration/) is still the most > relevant/recent description, right? I think so? I don’t use sys-gui-gpu myself, and I will admit that there are quite a few bugs when using it. Still, if it works, then the possible parts of the code that could be to blame is much lower. If sys-gui-gpu in PV mode works, then the problem is almost certainly the userspace drivers (Mesa). If sys-gui-gpu in HVM mode works, but it fails in PV mode, then the problem is likely in the way i915 and Xen interact. > > If PV sys-gui-gpu with a dom0-provided kernel works, then the problem is > > almost certainly old dom0 userspace: either an old X server, old Mesa, > > or both. If you could build modern Mesa and/or X11 for dom0 and try > > again, that would be awesome. > > Left for future reference, I'm taking baby steps here :) Valid :) - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmL0xOwACgkQsoi1X/+c IsFd2w/+PURi2vrHaEzWaEJAS9mlUKM4gdel9oqaGuIWpOrFpNnjNSW4xuYy3HSB j9fxftynuJgk36Fz3xza75mrGTY1HQ3ntkJmx/ABNB42YeAanElvo1ZZhLZbI4KD 8EU+EmFRTRlXZqxtvyQX3BqFDW3QTSY+dQLuNOYfe66/SfCYObWu1CeOjPT10Sdj DtFzmzNV0vsF8bxRUGkrJRyNr6HdArRmS3a83PsaAA5KWN3vDasjNl80vBUfEJnN yYPlVtZMdEdopAadPwXbiJ2/l9i2t6NFomm2XI8L4tHreW9BPvkf3BrAIRmnOKqw Nwdvw8s0An9Dn1gdWJFtem9Mf8T+KYQ20aMJzTVbyamotV7vBQE+zPV5zCgjtzBP FIZH/UOT1g3hftnzARUQ53CN7juwMAOLiFV+Nbg8IQeb4y1Anthu6qiJjJMMAkTL mq3PNKqjWsBSk1in3C32RzUrBmSBEsuW0xw+ns/Dm5BnIuFn+0yOssbntMec/RK1 JA3HMVNpX0TY8RX85ZDH3ZoZz6RkjMxQLgJAbeQ5AkkFJgZ7xKACrphC3SAtgJgf iW7v16IoCzwq2vnmWgEAGKYMp7zoeeOqS2DNAWrvPiHQl1CKllYBWvIIB1wWEiEM VFJ0XfIgzr1OTRzoIos9vC5CkXyhuYm0v9HT5GWRTTgUszgvlbc= =fOYw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YvTE7Do1xCeR8rYU%40itl-email.
Re: [qubes-users] Re: HCL - Lenovo X1 Carbon gen 10
> Happy to try out any suggestion/experiment. 1. Does i915.enable_psr2_sel_fetch=0 help? No, no change that I can see. 2. What X11 driver is Xorg using? If it is using Intel, does modesetting help? If it is using modesetting, does Intel help? More full logs/notes can be found at https://gist.github.com/holiman/83c76e4cd98d087719773486a77d9112#file-dom0_testing-txt . I'm not sure how to interpret the logs, it looks to me like "intel no, modesetting yes". Not sure how/what to change here, given a nudge in the right direction I can try to explore it more. 3. Does HVM sys-gui-gpu work? What about PV (not PVH!) sys-gui-gpu? I don't have a sys-gui-gpu at the moment, but will test that. This page (https://www.qubes-os.org/doc/guivm-configuration/) is still the most relevant/recent description, right? If PV sys-gui-gpu with a dom0-provided kernel works, then the problem is almost certainly old dom0 userspace: either an old X server, old Mesa, or both. If you could build modern Mesa and/or X11 for dom0 and try again, that would be awesome. Left for future reference, I'm taking baby steps here :) Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/903b394e-c96a-2570-566f-cea58a217d17%40gmail.com.
