[qubes-users] Running VMs without xorg to trim down RAM ?
Okay, so here's the gist: I have a configured netvm and firewallvm I don't need to be able to properly run a terminal there most of the time because everything I wanted to do, is already done there (scripts, firewall rules, etc etc etc etc) I am running this qubes install on a laptop so RAM is like, in great demand. Wanted to trim off a few more MB RAM from each of my firewallvms and some other servicevms I have (USB, etc). Seems like running VM at equivalent of init 3 should be possible, however, trying to run init3 command or any flavor of systemctl isolate multi-user.target does not produce desired result (Xorg still runs, it seems) So the questions are 1) is it possible to configure a VM to run a "minimum" set of services a-la init 3 without all the fancy GUI stuff? 2) how to return it to "normal" operation (by using the "run a command in vm" functionality perhaps) if I temporarily need the GUI again? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab98c2f3-c959-437e-b11f-1b1e93b92c5b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - ASUS UX305FA
Hi! Could you please tell more about your experience with Qubes on UX305FA? I am considering ordering a notebook with M-5Y10c CPU for use with Qubes but I'd like to know more On Tuesday, February 14, 2017 at 9:49:59 AM UTC+3, CF wrote: > Works well. I was able to use a bluetooth external speaker in a > fedora-24 based VM: > sudo dnf install pavucontrol pulseaudio-module-bluetooth bluez blueman > sudo service bluetooth restart > pactl load-module module-bluetooth-driver > blueman-manager & > pavucontrol & -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50698fa8-1cb9-450a-a78a-5c081115266a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Is it possible to run browser and other "chatty" applications as dedicated users in appvm?
On Monday, January 30, 2017 at 10:25:48 PM UTC+3, Garrett Robinson wrote: > On 01/30/2017 11:21 AM, Jane Jok wrote: > > > I know that Qubes security model doesn't rely on users system for security, > > but combined with iptables, this could prevent traffic leaks when running > > certain "wonky" VPN configs (for instance, ipsec based VPNs where a tun > > device is absent) by straight up disallowing a certain user from > > communicating over anything other than the VPN link. > Hm, this sound like you're running a VPN in your AppVM. Are you? If so, > a better solution (that can easily achieve your goal of preventing > leaks, albeit for an entire VM instead of a specific user of a VM) is to > use a ProxyVM, as documented here: https://www.qubes-os.org/doc/vpn/. - I already have a bunch of proxyvms running different VPNs for... different reasons. Unless I get a box with more ram or someone much smarter than me does one of those super-fancy <100MB RAM unikernel VM things, but for ipsec tunnels, this is the best option. Besides, it's not a "high risk" VM or anything like that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c06a65f-f624-4c86-a983-2198343eefb3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] problem with running mullvad in proxyvm (DNS weirdness and autostart question)?
Hello! So, long story short, I've successfully configured a debian-based ProxyVM to run Mullvad's GUI client (I know one can use "vanilla OpenVPN" to connect to mullvad, I still prefer their GUI thing and decided to give it a try) In a word, as long as one does not select "block internet access on connection failure" everything works. However, there is a persistent DNS leak from any AppVM connected to the MullvadProxyVM (as detected by ipleak.net) Also, if I take the "block connection if tunnel breaks" suggestion from here https://www.qubes-os.org/doc/vpn/ (that is, add iptables -I FORWARD -o eth0 -j DROP iptables -I FORWARD -i eth0 -j DROP to my iptables in the MullvadProxyVM) No connected AppVM can resolve hostnames (direct IP works tho) I have, however, figured out a sort-a-kinda solution. The solution I have found so far is to edit resolv.conf in AppVM to something external (like say Google's DNS, 8.8.8.8) As long as AppVM's resolv.conf has 8.8.8.8 (or any other external nameserver) in it, everything works like a charm without any DNS leaks. However, it the resolv.conf in AppVMs is not very persistent, and even if /rw/config/rc.local is modified to adjust resolv.conf, certain events (like changing netvms) trigger restoration of "old" resolv.conf So, my first question is: 1) is there a way to prevent reset of manually edited resolv.conf, particularly in case when you change AppVM's netvm ? My second question is 2) is there is a way to automatically start a particular GUI application whenever a given VM starts ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/99bbe4f2-c35a-43e7-902e-7904b1134170%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] not sure if should post this to qubes-devel but... has Alpine been considered for a Qubes Template?
On Sunday, June 19, 2016 at 5:47:31 PM UTC+3, Andrew David Wong wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-06-19 07:40, daltong defourne wrote: > > Hello! Basically, I've been reading about Alpine Linux and it seems > > to me that it might make for a pretty good basis for an AppVM > > > > The good: Alpine is pretty Xen-friendly Alpine comes with Grsec/PaX > > out-of-the-box Alpine is extremely compact (<200 MB images) > > > > The bad: Alpine uses musl libc which is kinda kinky and might (?) > > cause issues > > > > (I know of > > https://www.qubes-os.org/doc/building-non-fedora-template/ but > > frankly don't have the chops to do make an Alpine-based image > > myself) > > > > There was a discussion about Alpine on qubes-devel last year: > > https://groups.google.com/d/topic/qubes-devel/G6fGD2qxcZc/discussion > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJXZrB8AAoJENtN07w5UDAw+8QP/RMG5O3Nd1prSctA2Bk2JoRu > waJq93etNV9RZPF7DbZAq4Htmjlh807Eb1R251YGMYq6vzM9DvCODsA+daYQ45ud > XAoLfQLbJ9O+40Jmf0KYeGqtPPR/HgdqR8uu5gzgHkTr9SghqYoEJEdaa09bXjvm > 42M7FgjIP/hQnqwxMSeAtCviDudcOBob3wbAfnzH107dJsCvA6GyKp7AAvVUxEEh > xrBcY5ze/+ATAsFQJ7NjhrUE+ZqEWhGAwxi7hvxjo8NHilRUHaab2+194tylzBzM > jIseyxHSLyvaP4Uzim/rrn8iUg3i0z0zn7eIS09y+10CdF88xUoCTieSymPtBuAC > t/uK//qlni3LsLRkhkvIpvxTX0pz7bMpfUHuA7ccQc5ehdFiwL8ZKfMy3xc9tNZm > RvWLf3BtgKqDt1DMIIkxTInlHVwVEdTgdPHScb/IUzkfGx8vu2MP9VqE78TUzVbY > vZiuavBwY0sAEjSUQ8itS0DhUMKZERNlKKaIXQM5k+2Xb17gN2NHDF/Z1pncRE0E > OnbS5ncWOUI/Dd0NMmLthnyUxLgivCNp+LksTM/gkQDiU0vc5e5lqU6J+/3GJ1iQ > 7gyyMdAfw1hbxgvCX6DOjDGjzjsDtnVhF9nH7ihWEyXOcStN61C2IlxKBA9jPorm > wE34QhgxsWslnthMwTbk > =V6NN > -END PGP SIGNATURE- > I wonder if using something like this https://micahflee.com/2016/01/debian-grsecurity/ to "grsec up" a Debian template VM would be more productive (search turns up a lot of stories about how hard it is to marry a Xen VM to grsec, but they are pretty old. I think nowadays Grsec comes with a special "is kernel going to be a Xen guest" switch that should "theoretically" make it work out of the box. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8a03032-d9c6-483f-98d4-1d03247288cf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] New qubes user question/issue: firewall VM consuming unexpected amount of RAM
Hello! I'm new to Qubes, but I did a fair stab at reading the docs and googling for stuff about firewall-vm My question is thus: is it normal for Firewall VM consume 1.5-1.8 GB RAM (after clean install, this is my first startup) ? is there a way to reduce RAM consumption? (I have just 4 GB ram on this box, and spending 1.5 GB on nothing but a firewall is a bit... unpleasant) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/effaf4da-b36f-4419-a947-b65b2006827b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
