Re: [qubes-users] Full networking between VMs

[arthur . summers]

On Tuesday, March 17, 2020 at 9:25:27 PM UTC-5, unman wrote:
>
> On Tue, Mar 17, 2020 at 12:13:57PM -0700, arthur...@gmail.com 
>  wrote: 
> > 
> > 
> > The command you listed: 
> > iifname "vif*" oifname "vif*" accept 
> > 
> > Is that a proper iptables rule, or are there placeholders in there that 
> I 
> > need to change specific to my system? Since iptables syntax is rather 
> > unclear to me, I want to be sure before I go running things in my 
> > sys-firewall. Shouldn't it be something like this? 
> > sudo iptables -A FORWARD -i "vif*" -o "vif*" -j ACCEPT 
> > 
> > Then, in each one of my client qubes, I would run something like this: 
> > sudo iptables -I INPUT -i "vif*" -j ACCEPT 
> > 
>
> Sorry Arthur, that's nftables syntax. 
> For iptables, you would want: 
> `sudo iptables -I FORWARD -i "vif*" -o "vif*" -j ACCEPT` 
> because you want that rule to PRECEDE the existing one that blocks 
> traffic. 
>
> For nftables I would rewrite the FORWARD chain and atomically rewrite it 
> at 
> sys-firewall startup. 
> You can do this by using the scripts in /rw/config. 
>

For posterity sake, this is what worked (please correct me if I'm adding 
something that is incorrect or potentially dangerous). On sys-firewall, I 
added this:
sudo iptables -I FORWARD 2 -s 10.137.0.0/24 -d 10.137.0.0/24 -j ACCEPT

Then, on each qube I want to allow network access, I added this:
sudo iptables -I INPUT -s 10.137.0.0/24 -j ACCEPT

It seems to work just fine. Thanks for your help, unman! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/21354887-3ae3-4d4d-af94-1a4ad9cf5d31%40googlegroups.com.

Re: [qubes-users] Full networking between VMs

[arthur . summers]

On Tuesday, March 17, 2020 at 10:57:39 AM UTC-5, unman wrote:
>
> On Tue, Mar 17, 2020 at 08:03:51AM -0700, arthur...@gmail.com 
>  wrote: 
> > Qubes is the only well-maintained type-1 client hypervisor that exists 
> as 
> > far as I know. I tried XenClient earlier in the decade, and it was an 
> > awesome product in my opinion. However, it ceased development. 
> > 
> > I think my use-case could be accomplished via iptables rules, but as I 
> > mentioned, I've never been very good with those rules and don't use it 
> > enough to have become proficient. This page is a good starting point and 
> > specifically mentions my use-case: 
> > 
> https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes 
> > 
> > However, rules have to be added to sys-firewall *and* each VM on a 
> per-IP 
> > basis. I would think there is a way to add a rule to sys-firewall that 
> > would open networking between all VMs by using CIDR blocks. Yes? No? 
> > 
> > For those still concerned with security, it would always be possible to 
> > have two sys-firewall VMs: one to provide the default isolation and one 
> to 
> > allow networking between systems. That would be a great setup, but I 
> just 
> > don't know how to do it. 
> > 
> > On Monday, March 16, 2020 at 11:31:17 PM UTC-5, Sven Semmler wrote: 
> > > 
> > > On Mon, Mar 16, 2020 at 09:16:40PM -0700, arthur...@gmail.com 
> > >  wrote: 
> > > > Interesting. It seems a little dated, though. Have you ever used it? 
> > > > 
> > > > On Monday, March 16, 2020 at 11:10:22 PM UTC-5, Sven Semmler wrote: 
> > > > > This looks like what you want: 
> > > > > https://github.com/Rudd-O/qubes-network-server 
> > > > > (last updated in Nov 2018) 
> > > 
> > > Nope. I don't have your use case. I wonder if plain vanilla 
> hypervisors 
> > > wouldn't be a better fit for you. 
> > > 
> > > /Sven 
> > > 
>
> The convention here is not to top-post. 
> Please scroll to the bottom of the message before you start typing. Or 
> reply inline. 
> It only takes you seconds, makes it much easier to follow threads, and 
> cumulatively saves your fellow users hours. 
>
> In *full* knowledge of what you are doing you probably only need to add 1 
> rule at the sys-firewall level in the FORWARD chain: 
> iifname "vif*" oifname "vif*" accept 
> You will still need to add incoming allow rules in INPUT chain per qube, 
> depending on 
> what service they offer. Not a huge issue. 
>
> The idea of having multiple sys firewalls is easy to implement, depending 
> on how you want it to work. Give some more detail on exactly what you 
> want. (Clearly stating the aim is the first step toward solution.) 
>

Sorry for the top-post. I always forget that about Google Groups.

The command you listed:
iifname "vif*" oifname "vif*" accept 

Is that a proper iptables rule, or are there placeholders in there that I 
need to change specific to my system? Since iptables syntax is rather 
unclear to me, I want to be sure before I go running things in my 
sys-firewall. Shouldn't it be something like this?
sudo iptables -A FORWARD -i "vif*" -o "vif*" -j ACCEPT

Then, in each one of my client qubes, I would run something like this:
sudo iptables -I INPUT -i "vif*" -j ACCEPT

If you could help me get the syntax right, that would be *super* helpful! 
Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8c6742e-5e13-451b-8f16-f5827aa1cc6b%40googlegroups.com.

Re: [qubes-users] Full networking between VMs

[arthur . summers]

Qubes is the only well-maintained type-1 client hypervisor that exists as 
far as I know. I tried XenClient earlier in the decade, and it was an 
awesome product in my opinion. However, it ceased development.

I think my use-case could be accomplished via iptables rules, but as I 
mentioned, I've never been very good with those rules and don't use it 
enough to have become proficient. This page is a good starting point and 
specifically mentions my use-case:
https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes

However, rules have to be added to sys-firewall *and* each VM on a per-IP 
basis. I would think there is a way to add a rule to sys-firewall that 
would open networking between all VMs by using CIDR blocks. Yes? No?

For those still concerned with security, it would always be possible to 
have two sys-firewall VMs: one to provide the default isolation and one to 
allow networking between systems. That would be a great setup, but I just 
don't know how to do it.

On Monday, March 16, 2020 at 11:31:17 PM UTC-5, Sven Semmler wrote:
>
> On Mon, Mar 16, 2020 at 09:16:40PM -0700, arthur...@gmail.com 
>  wrote: 
> > Interesting. It seems a little dated, though. Have you ever used it? 
> > 
> > On Monday, March 16, 2020 at 11:10:22 PM UTC-5, Sven Semmler wrote: 
> > > This looks like what you want: 
> > > https://github.com/Rudd-O/qubes-network-server 
> > > (last updated in Nov 2018) 
>
> Nope. I don't have your use case. I wonder if plain vanilla hypervisors 
> wouldn't be a better fit for you. 
>
> /Sven 
>
> -- 
>  public key: https://www.svensemmler.org/0x8F541FB6.asc 
> fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db02370a-a57a-4172-8843-968c542dfc2f%40googlegroups.com.

Re: [qubes-users] Full networking between VMs

[arthur . summers]

Interesting. It seems a little dated, though. Have you ever used it?

On Monday, March 16, 2020 at 11:10:22 PM UTC-5, Sven Semmler wrote:
>
> On Mon, Mar 16, 2020 at 08:21:24PM -0700, arthur...@gmail.com 
>  wrote: 
> > With full acknowledgement that my question goes against the default 
> > security principles of Qubes, what firewall rules would I need to 
> configure 
> > to allow full networking between my VMs? 
>
> This looks like what you want: 
> https://github.com/Rudd-O/qubes-network-server 
> (last updated in Nov 2018) 
>
> /Sven 
>
> -- 
>  public key: https://www.svensemmler.org/0x8F541FB6.asc 
> fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a38c987-6339-4f92-a983-fa945e68bc76%40googlegroups.com.

[qubes-users] Full networking between VMs

[arthur . summers]

My use-case for Qubes is largely to help segment my work/personal systems 
as well as allow me to run VMs for development. That second part is a bit 
of a challenge, though. By design, whenever I spin up a new VM, I have to 
explicitly allow ports between the VM and my existing systems. I 100% 
understand why this is the case from a security perspective. However, for 
my use-case, I'd like the sys-firewall to behave more like a traditional 
hypervisor like ESXi.

With full acknowledgement that my question goes against the default 
security principles of Qubes, what firewall rules would I need to configure 
to allow full networking between my VMs? By no means am I an iptables guru, 
so I need a little help . . .

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9af459a-c46e-428a-b648-86a7210bbdd3%40googlegroups.com.

[qubes-users] Convert template-based VM to standalone?

[arthur . summers]

Say I have a template-based VM, and I want to "fork" it to be standalone so 
that it's no longer based on the template. I know I could just create a new 
standalone VM from a template and copy files over from my home directory . 
. . but is there a way to just convert the existing guest from 
template-based to standalone? Is there something I could run from the 
command line?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/592504a9-a013-4e7b-9700-47919551738c%40googlegroups.com.

[qubes-users] Re: Android-x86 7.1-r2 with GAPPS installation guide

[arthur . summers]

Here are my modified instructions. There were a few tweaks such as adding a 
few more packages to get via apt, editing a different manifest, and 
retrieving OpenGapps via git lfs:

# Create a builder AppVM based on whonix-14-ws or Debian in which you'll 
build android-x86.
# You'll need 120GB for android-x86 sources and temp build files and 30GB 
for swap.
# Extend private storage size to 160GB via GUI or in dom0:
qvm-volume extend android-builder:private 160g


# Add 30GB swap in builder VM:
sudo fallocate -l 30G /tmp/swapfile
sudo chmod 0600 /tmp/swapfile 
sudo mkswap /tmp/swapfile 
sudo swapon /tmp/swapfile


# Add the following repository to /etc/apt/sources.list (openjdk-8 is 
required, but it is not available under Debian 10):
# deb https://deb.debian.org/debian sid main


# Install packages in whonix-14-ws (or Debian) template:
sudo apt-get update
sudo apt-get install openjdk-8-jdk gnupg flex bison gperf build-essential 
zip zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 lib32ncurses5-dev 
x11proto-core-dev libx11-dev lib32z-dev libgl1-mesa-dev libxml2-utils 
xsltproc unzip gettext libyaml-dev dosfstools syslinux syslinux-utils 
xorriso mtools makebootfat lunzip git-core curl python-pip libssl-dev bc 
libelf-dev git-lfs python-pip git-core curl clang libncurses5 
libncurses5-dev


# In builder VM run:
sudo ln -s /sbin/mkdosfs /usr/local/bin/mkdosfs
sudo pip install prettytable Mako pyaml dateutils --upgrade
export _JAVA_OPTIONS="-Xmx8G"
echo 'export _JAVA_OPTIONS="-Xmx8G"' >> ~/.profile
echo "sudo swapon /tmp/swapfile" >> /rw/config/rc.local


# Download android-x86 sources:
mkdir android-x86
cd android-x86
curl https://storage.googleapis.com/git-repo-downloads/repo > repo
chmod a+x repo
sudo install repo /usr/local/bin
rm repo
git config --global user.name "Your Name"
git config --global user.email "r...@example.com"
repo init -u git://git.osdn.net/gitroot/android-x86/manifest -b oreo-x86 -m 
android-x86-8.1-r1.xml


# To add GAPPS to your build you need to add the build system, and the 
wanted sources to your manifest.
# Edit .repo/manifests/android-x86-8.1-r1.xml and add the following towards 
the end:
https://github.com/opengapps/";  />
https://gitlab.opengapps.org/opengapps/";  />









# Download sources:
repo sync --no-tags --no-clone-bundle --force-sync -j$( nproc --all )


# If you choose to add GAPPS, then edit file 
device/generic/common/device.mk and add at the beginning:
#OpenGAPPS

GAPPS_VARIANT := pico

GAPPS_PRODUCT_PACKAGES += Chrome \
KeyboardGoogle \
LatinImeGoogle \
GoogleTTS \
YouTube \
PixelIcons \
PixelLauncher \
Wallpapers \
PixelLauncherIcons \
WebViewGoogle \
GoogleServicesFramework \
GoogleLoginService \

GAPPS_FORCE_BROWSER_OVERRIDES := true
GAPPS_FORCE_PACKAGE_OVERRIDES := true

GAPPS_EXCLUDED_PACKAGES := FaceLock \
AndroidPlatformServices \
PrebuiltGmsCoreInstantApps \


# And at the end add:
#OpenGAPPS
$(call inherit-product, vendor/opengapps/build/opengapps-packages.mk)

# OpenGapps changed their repo to require git-lfs. There may be a better 
way to do this, but if you're building with GApps, this gets the right 
files. It takes awhile:
cd vendor
rm -r opengapps
git clone https://github.com/opengapps/opengapps.git
cd opengapps
git lfs install
./download_sources.sh --shallow x86_64
cd ../../

# Edit android-x86 sources for XEN compatibility:
sed -i -e 's|/sys/block/\[shv\]d\[a-z\]|/sys/block/\[shv\]d\[a-z\] 
/sys/block/xvd\[a-z\]|g' bootable/newinstaller/install/scripts/1-install
sed -i -e 's|/sys/block/\[shv\]d\$h/\$1|/sys/block/\[shv\]d\$h/\$1 
/sys/block/xvd\$h/\$1|g' bootable/newinstaller/install/scripts/1-install
sed -i -e 's|hmnsv|hmnsvx|g' bootable/newinstaller/initrd/init


# Edit android-x86 sources for Debian build environment:
sed -i -e 's|genisoimage|xorriso -as mkisofs|g' 
bootable/newinstaller/Android.mk


# Configure build target:
. build/envsetup.sh
lunch android_x86_64-userdebug


# Configure kernel:
/usr/bin/make -C kernel O=$OUT/obj/kernel ARCH=x86_64 menuconfig


# You need to edit these parameters:
XEN=yes
XEN_BLKDEV_BACKEND=yes
XEN_BLKDEV_FRONTEND=yes
XEN_NETDEV_BACKEND=no
XEN_NETDEV_FRONTEND=no
SECURITY_SELINUX_BOOTPARAM=yes
SECURITY_SELINUX_BOOTPARAM_VALUE=1
SECURITY_SELINUX_DISABLE=yes
DEFAULT_SECURITY_SELINUX=yes


# The kernel config will be in out/target/product/x86_64/obj/kernel/.config

# Also, you can edit the config to set the device type from tablet to phone.
# Edit device/generic/common/device.mk and change PRODUCT_CHARACTERISTICS 
from tablet to default:
PRODUCT_CHARACTERISTICS := default


# Start the build:
make -j$( nproc --all ) iso_img


# After you got the iso, create the android network VM. If you choose the 
android VM's netvm as sys-whonix directly, the network won't work. You need 
to have intermediate netvm between android VM and sys-whonix. Create new 
AppVM sys-android based on fedora template with netvm sys-whonix and set 
"provides network".

# Create android 

[qubes-users] Re: Android-x86 7.1-r2 with GAPPS installation guide

[arthur . summers]

So, I managed to get the instructions to work (albeit with a few 
modifications - I'll post them when/if I can figure out the GApps issue). 
However, I'm having issues whenever I try to include and compile GApps. I 
can confirm that Android-x86 will build successfully on its own, but when I 
include GApps in my device.mk, I get a lot of these after every GApps app 
build:

End-of-central-directory signature not found. Either this file is not a 
zipfile, or it constitutes one disk of a multi-part archive. In the latter 
case the central directory and zipfile comment will be found on the last 
disk(s) of this archive.


I then get these for each app before it all fails:

Unable to open 
'out/target/product/x86_64/obj/APPS/PixelLauncherIcons_intermediates/package.apk'
 
for verification


I've got the complete log, my device.mk, etc, but does anyone know what's 
up?

On Thursday, December 12, 2019 at 9:20:54 PM UTC-6, arthur...@gmail.com 
wrote:
>
> Are the instructions in the first post edited and updated, or are there 
> more recent instructions which should be used? I'm personally interested in 
> an image with GApps (I downloaded the nogapps ISO and tried to somehow 
> install GApps, but to no avail - I wasn't sure if the image provided up 
> near the start of the thread was functional). If there are updated/verified 
> instructions that could be provided, that would be awesome!
>
> On Saturday, April 27, 2019 at 6:29:08 PM UTC-5, alex.j...@gmail.com 
> wrote:
>>
>> On Saturday, April 27, 2019 at 9:35:19 PM UTC, alex.j...@gmail.com wrote:
>> > On Thursday, April 25, 2019 at 10:20:32 PM UTC, Daniil Travnikov wrote:
>> > > I am stuck on this process already twice.
>> > > 
>> > > When I put the command
>> > > 
>> > > Download sources:
>> > > repo sync --no-tags --no-clone-bundle --force-sync -j$( nproc --all )
>> > > 
>> > > 
>> > > and when it show this:
>> > > 
>> > > 
>> > > From git://git.osdn.net/gitroot/android-x86/platform/frameworks/av
>> > >  * [new branch]  nougat-x86 -> x86/nougat-x86
>> > > Fetching project platform/external/android-clat
>> > > remote: Counting objects: 1, done
>> > > remote: Finding sources: 100% (793/793)   
>> > > remote: Total 793 (delta 244), reused 793 (delta 244)
>> > > Receiving objects: 100% (793/793), 517.38 KiB | 0 bytes/s, done.
>> > > Resolving deltas: 100% (244/244), done.
>> > > From https://android.googlesource.com/platform/external/android-clat
>> > >  * [new tag] android-7.1.2_r36 -> android-7.1.2_r36
>> > > 
>> > > 
>> > > I got nothing, I mean it's look like freeze.
>> > 
>> > Did you try to remove downloaded repo and sync it again from scratch? 
>> The OpenGAPPS repo changed, see below, maybe it's somehow related.
>> > 
>> > I'd recommend to build Android 8 release, the mouse works fine there. 
>> Also the Settings bug is fixed if you use userdebug build variant instead 
>> of eng.
>> > The guide in the same as in first post except:
>> > 
>> > Android 8 will take 211GB to build. I've build it with 32GB RAM without 
>> swap, maybe it'll work with less RAM.
>> > 
>> > repo init -u git://git.osdn.net/gitroot/android-x86/manifest -b 
>> oreo-x86 -m android-x86-8.1-r1.xml
>> > instead of 
>> > repo init -u git://git.osdn.net/gitroot/android-x86/manifest -b 
>> android-x86-7.1-r2
>> > 
>> > https://github.com/opengapps/";  />
>> > https://gitlab.nezorfla.me/opengapps/";  />
>> > > revision="master" remote="opengapps" />
>> > > revision="master" remote="nezor" />
>> > > revision="master" remote="nezor" />
>> > > clone-depth="1" revision="master" remote="nezor" />
>> > instead of
>> > https://github.com/opengapps/";  />
>> > > revision="master" remote="opengapps" />
>> > > revision="master" remote="opengapps" />
>> > > revision="master" remote="opengapps" />
>> > > clone-depth="1" revision="master" remote="opengapps" />
>> > 
>> > lunch android_x86_64-userdebug
>> > instead of
>> > lunch android_x86_64-eng
>> > 
>> > /usr/bin/make -C kernel O=$OUT/obj/kernel ARCH=x86_64 menuconfig
>> > instead of
>> > make -C kernel O=$OUT/obj/kernel ARCH=x86_64 menuconfig
>>
>> I've uploaded the working Android 8.1 iso for those who need it for a 
>> test, but I don't recommend to use it for security reasons and it's better 
>> to build the iso yourself:
>> https://drive.google.com/open?id=1Y4P77mlPPlXBzYrJ5yHJ7XM6gLVsQQm0
>>
>> md5sum android_x86_64-oreo-nogapps.iso 
>> b3af7a84820dd9fb32dd40c68f285993  android_x86_64-oreo-nogapps.iso
>>
>> sha1sum android_x86_64-oreo-nogapps.iso 
>> 16e9bcf0da44929b223fc2ab1df97de0df26d9fb  android_x86_64-oreo-nogapps.iso
>> sha256sum
>>
>> sha256sum android_x86_64-oreo-nogapps.iso 
>> b7d9aa5f9c401202ea24b63e95bb0f38d1f981381a719257c1a2f526e0cf636f 
>>  android_x86_64-oreo-nogapps.iso
>>
>> sha512sum android_x86_64-oreo-nogapps.iso 
>> 16f2666a20499f31472fc933a670c47070e0db14686b605b69254d054dcc63893b564e5a35e84e1daf7b7fd80f955a2834956a1bb029e93563b7d8c44787666b
>>  
>>  android_x86_64-oreo-nogapps.iso
>>
>

[qubes-users] Re: Android-x86 7.1-r2 with GAPPS installation guide

[arthur . summers]

Are the instructions in the first post edited and updated, or are there 
more recent instructions which should be used? I'm personally interested in 
an image with GApps (I downloaded the nogapps ISO and tried to somehow 
install GApps, but to no avail - I wasn't sure if the image provided up 
near the start of the thread was functional). If there are updated/verified 
instructions that could be provided, that would be awesome!

On Saturday, April 27, 2019 at 6:29:08 PM UTC-5, alex.j...@gmail.com wrote:
>
> On Saturday, April 27, 2019 at 9:35:19 PM UTC, alex.j...@gmail.com wrote:
> > On Thursday, April 25, 2019 at 10:20:32 PM UTC, Daniil Travnikov wrote:
> > > I am stuck on this process already twice.
> > > 
> > > When I put the command
> > > 
> > > Download sources:
> > > repo sync --no-tags --no-clone-bundle --force-sync -j$( nproc --all )
> > > 
> > > 
> > > and when it show this:
> > > 
> > > 
> > > From git://git.osdn.net/gitroot/android-x86/platform/frameworks/av
> > >  * [new branch]  nougat-x86 -> x86/nougat-x86
> > > Fetching project platform/external/android-clat
> > > remote: Counting objects: 1, done
> > > remote: Finding sources: 100% (793/793)   
> > > remote: Total 793 (delta 244), reused 793 (delta 244)
> > > Receiving objects: 100% (793/793), 517.38 KiB | 0 bytes/s, done.
> > > Resolving deltas: 100% (244/244), done.
> > > From https://android.googlesource.com/platform/external/android-clat
> > >  * [new tag] android-7.1.2_r36 -> android-7.1.2_r36
> > > 
> > > 
> > > I got nothing, I mean it's look like freeze.
> > 
> > Did you try to remove downloaded repo and sync it again from scratch? 
> The OpenGAPPS repo changed, see below, maybe it's somehow related.
> > 
> > I'd recommend to build Android 8 release, the mouse works fine there. 
> Also the Settings bug is fixed if you use userdebug build variant instead 
> of eng.
> > The guide in the same as in first post except:
> > 
> > Android 8 will take 211GB to build. I've build it with 32GB RAM without 
> swap, maybe it'll work with less RAM.
> > 
> > repo init -u git://git.osdn.net/gitroot/android-x86/manifest -b 
> oreo-x86 -m android-x86-8.1-r1.xml
> > instead of 
> > repo init -u git://git.osdn.net/gitroot/android-x86/manifest -b 
> android-x86-7.1-r2
> > 
> > https://github.com/opengapps/";  />
> > https://gitlab.nezorfla.me/opengapps/";  />
> >  revision="master" remote="opengapps" />
> >  revision="master" remote="nezor" />
> >  revision="master" remote="nezor" />
> >  clone-depth="1" revision="master" remote="nezor" />
> > instead of
> > https://github.com/opengapps/";  />
> >  revision="master" remote="opengapps" />
> >  revision="master" remote="opengapps" />
> >  revision="master" remote="opengapps" />
> >  clone-depth="1" revision="master" remote="opengapps" />
> > 
> > lunch android_x86_64-userdebug
> > instead of
> > lunch android_x86_64-eng
> > 
> > /usr/bin/make -C kernel O=$OUT/obj/kernel ARCH=x86_64 menuconfig
> > instead of
> > make -C kernel O=$OUT/obj/kernel ARCH=x86_64 menuconfig
>
> I've uploaded the working Android 8.1 iso for those who need it for a 
> test, but I don't recommend to use it for security reasons and it's better 
> to build the iso yourself:
> https://drive.google.com/open?id=1Y4P77mlPPlXBzYrJ5yHJ7XM6gLVsQQm0
>
> md5sum android_x86_64-oreo-nogapps.iso 
> b3af7a84820dd9fb32dd40c68f285993  android_x86_64-oreo-nogapps.iso
>
> sha1sum android_x86_64-oreo-nogapps.iso 
> 16e9bcf0da44929b223fc2ab1df97de0df26d9fb  android_x86_64-oreo-nogapps.iso
> sha256sum
>
> sha256sum android_x86_64-oreo-nogapps.iso 
> b7d9aa5f9c401202ea24b63e95bb0f38d1f981381a719257c1a2f526e0cf636f 
>  android_x86_64-oreo-nogapps.iso
>
> sha512sum android_x86_64-oreo-nogapps.iso 
> 16f2666a20499f31472fc933a670c47070e0db14686b605b69254d054dcc63893b564e5a35e84e1daf7b7fd80f955a2834956a1bb029e93563b7d8c44787666b
>  
>  android_x86_64-oreo-nogapps.iso
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aebd068b-32f8-4468-90b3-6cbcb5c8bd73%40googlegroups.com.

[qubes-users] Overriding Spectre/Meltdown mitigations?

[arthur . summers]

My use case for Qubes is less security-focused and more 
separation/compartmentalization of systems-focused. If XenClient was still 
a thing, I'd be using it. I even tried to hack at ESXi to get X11 running 
and maybe use it as a client hypervisor, but no luck.

That said, while I take security seriously, I also weigh it against things 
like risk and performance. I recently upgraded my BIOS to take care of an 
issue I had with my fans going at 100% after resuming from suspend:
https://groups.google.com/forum/#!topic/qubes-users/hkj5BkR8Z8E

Here is the BIOS I flashed:
https://www.dell.com/support/home/us/en/04/drivers/driversdetails?driverid=MJ0KC&oscode=W732&productcode=precision-m6800-workstation

However, the new BIOS appears to allow kernel modules that address the 
Spectre/Meltdown vulnerabilities to run . . . and WOW, did my system get 
slow. Running updates on one of my templates resulted in the VM crashing 
repeatedly and never successfully updating. VMs are regularly taking up a 
large percentage of CPU. I added the nospectre_v1, nospectre_v2, and 
nospec_store_bypass_disable kernel parameters, and that seemed to help 
somewhat, but I have two questions:

   - In GRUB, do I add those kernel params to the multiboot /xen- line, 
   the module /vmlinuz- line, or somewhere else?
   - Are there other modules that I could disable to improve performance?

Obviously, I completely understand that this is not recommended and goes 
against the purpose of Qubes as an OS, but from a risk perspective, I'm 
willing to take the trade-off for a bit of extra performance.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ec8fce57-a87c-43c0-b36e-d9a46339b40c%40googlegroups.com.

Re: [qubes-users] Re: Changing the clipboard shortcut in 4.0 doesn't work

[Andrew "Arthur" Summers]

. . . I need to turn over my MS in Information Systems and my BS in
Computer Science. I don't know how I overlooked that - probably because
I've been doing PHP for the last few years, so I only notice // and /**/ as
comments? Sigh . . . I'm sorry for being a bother . . . Thanks, though!

On Sun, Aug 11, 2019 at 9:41 AM unman  wrote:

> On Sat, Aug 10, 2019 at 10:50:41AM -0700, arthur.summ...@gmail.com wrote:
> > Sorry - I don't use Google Groups enough, so I just hit "Post Reply"
> > assuming that it would be smart enough to put the reply in the right
> place.
> >
> > I looked at the XFCE keyboard shortcuts and window manager keyboard
> > shortcuts, and Ctrl-Alt-c/v aren't in use. There might be another place
> to
> > look, but those are the main ones off the top of my head. However, I'm
> not
> > sure if this is a window manager issue since the keyboard shortcut is
> > controlled by the Qubes Clipboard program (qui-clipboard).
> >
> > I don't know enough about the Qubes internals to trace how it picks up
> the
> > setting from /etc/qubes/guid.conf (and why it isn't accepting my values
> > after I changed them). I tried doing a recursive grep to find any other
> > places where the default shortcut may be set, but it got a little
> > mind-bending.
> >
> > I'm happy to provide more details from my system, though - my fingers
> just
> > really want to use my custom shortcut because they've been confused ever
> > since I upgraded. ;-)
> >
> > On Friday, August 9, 2019 at 7:47:07 PM UTC-5, unman wrote:
> > >
> > > On Sat, Aug 03, 2019 at 10:39:31AM -0700, arthur...@gmail.com
> > >  wrote:
> > > > Any thoughts, here? My fingers are trained to use "Ctrl-Shift-c" and
> > > > "Ctrl-Shift-v" for copying from the terminal and pasting without
> > > > formatting, and it's getting to be quite bothersome that I can't
> change
> > > > this shortcut using the instructions in the docs. I'd really like to
> > > figure
> > > > out what's up.
> > > >
> > > > Thanks!
> > > >
> > > > On Thursday, July 25, 2019 at 9:42:32 AM UTC-5, arthur...@gmail.com
> > > wrote:
> > > > >
> > > > > As a follow-up because I see this has been asked at-length both
> here
> > > an on
> > > > > GitHub: I tried changing this to "Ctrl-Alt-c" and "Ctrl-Alt-v" in
> > > > > /etc/qubes/guid.conf (using that syntax and capitalization
> EXACTLY).
> > > Is my
> > > > > syntax incorrect? I had this working in 3.2, but it won't work in
> 4.0.
> > > > > Strange . . .
> > > > >
> > > > > On Wednesday, July 24, 2019 at 7:33:10 PM UTC-5,
> arthur...@gmail.com
> > > > > wrote:
> > > > >>
> > > > >> I prefer to use a different shortcut for the Qubes clipboard
> because
> > > > >> Ctrl+Shift+V is an existing shortcut for "paste without
> formatting"
> > > in most
> > > > >> applications. However, I've tried editing /etc/qubes/guid.conf
> and
> > > > >> restarting my VMs (I actually restarted my whole system), but no
> > > luck. I
> > > > >> figure something changed now that the clipboard is a standalone
> > > > >> application, but I'm not sure what needs to be modified.
> > > > >>
> > > > >> Thanks!
> > > > >>
> > > > >
> > >
> > > Please dont top post.
> > >
> > > Making that change works fine for me, but I use KDE.
> > > I wonder if that make a difference? Does Xfce use those key combos
> > > already?
> > >
> >
>
> And again - just check the message and drop to the bottom. A few seconds
> for you and easier for everyone else. (I dont envy you using groups web)
>
> Just to check, you *have* uncommented those lines in the conf file?
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/C98IysnmQPQ/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20190811144153.GA16707%40thirdeyesecurity.org
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRgY4vTf8O7a%2BEhmc4sqgTQ8vyNq4663Pfy%3DR6D3AbEXHEg%40mail.gmail.com.

Re: [qubes-users] Re: Changing the clipboard shortcut in 4.0 doesn't work

[arthur . summers]

Sorry - I don't use Google Groups enough, so I just hit "Post Reply" 
assuming that it would be smart enough to put the reply in the right place.

I looked at the XFCE keyboard shortcuts and window manager keyboard 
shortcuts, and Ctrl-Alt-c/v aren't in use. There might be another place to 
look, but those are the main ones off the top of my head. However, I'm not 
sure if this is a window manager issue since the keyboard shortcut is 
controlled by the Qubes Clipboard program (qui-clipboard).

I don't know enough about the Qubes internals to trace how it picks up the 
setting from /etc/qubes/guid.conf (and why it isn't accepting my values 
after I changed them). I tried doing a recursive grep to find any other 
places where the default shortcut may be set, but it got a little 
mind-bending.

I'm happy to provide more details from my system, though - my fingers just 
really want to use my custom shortcut because they've been confused ever 
since I upgraded. ;-)

On Friday, August 9, 2019 at 7:47:07 PM UTC-5, unman wrote:
>
> On Sat, Aug 03, 2019 at 10:39:31AM -0700, arthur...@gmail.com 
>  wrote: 
> > Any thoughts, here? My fingers are trained to use "Ctrl-Shift-c" and 
> > "Ctrl-Shift-v" for copying from the terminal and pasting without 
> > formatting, and it's getting to be quite bothersome that I can't change 
> > this shortcut using the instructions in the docs. I'd really like to 
> figure 
> > out what's up. 
> > 
> > Thanks! 
> > 
> > On Thursday, July 25, 2019 at 9:42:32 AM UTC-5, arthur...@gmail.com 
> wrote: 
> > > 
> > > As a follow-up because I see this has been asked at-length both here 
> an on 
> > > GitHub: I tried changing this to "Ctrl-Alt-c" and "Ctrl-Alt-v" in 
> > > /etc/qubes/guid.conf (using that syntax and capitalization EXACTLY). 
> Is my 
> > > syntax incorrect? I had this working in 3.2, but it won't work in 4.0. 
> > > Strange . . . 
> > > 
> > > On Wednesday, July 24, 2019 at 7:33:10 PM UTC-5, arthur...@gmail.com 
> > > wrote: 
> > >> 
> > >> I prefer to use a different shortcut for the Qubes clipboard because 
> > >> Ctrl+Shift+V is an existing shortcut for "paste without formatting" 
> in most 
> > >> applications. However, I've tried editing /etc/qubes/guid.conf and 
> > >> restarting my VMs (I actually restarted my whole system), but no 
> luck. I 
> > >> figure something changed now that the clipboard is a standalone 
> > >> application, but I'm not sure what needs to be modified. 
> > >> 
> > >> Thanks! 
> > >> 
> > > 
>
> Please dont top post. 
>
> Making that change works fine for me, but I use KDE. 
> I wonder if that make a difference? Does Xfce use those key combos 
> already? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8db40e60-eee9-4313-9c2a-1eb051d42f06%40googlegroups.com.

[qubes-users] Re: Changing the clipboard shortcut in 4.0 doesn't work

[arthur . summers]

Any thoughts, here? My fingers are trained to use "Ctrl-Shift-c" and 
"Ctrl-Shift-v" for copying from the terminal and pasting without 
formatting, and it's getting to be quite bothersome that I can't change 
this shortcut using the instructions in the docs. I'd really like to figure 
out what's up.

Thanks!

On Thursday, July 25, 2019 at 9:42:32 AM UTC-5, arthur...@gmail.com wrote:
>
> As a follow-up because I see this has been asked at-length both here an on 
> GitHub: I tried changing this to "Ctrl-Alt-c" and "Ctrl-Alt-v" in 
> /etc/qubes/guid.conf (using that syntax and capitalization EXACTLY). Is my 
> syntax incorrect? I had this working in 3.2, but it won't work in 4.0. 
> Strange . . .
>
> On Wednesday, July 24, 2019 at 7:33:10 PM UTC-5, arthur...@gmail.com 
> wrote:
>>
>> I prefer to use a different shortcut for the Qubes clipboard because 
>> Ctrl+Shift+V is an existing shortcut for "paste without formatting" in most 
>> applications. However, I've tried editing /etc/qubes/guid.conf and 
>> restarting my VMs (I actually restarted my whole system), but no luck. I 
>> figure something changed now that the clipboard is a standalone 
>> application, but I'm not sure what needs to be modified.
>>
>> Thanks!
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/36579acd-095a-4b27-af00-299ef1002c26%40googlegroups.com.

[qubes-users] Re: Fans at 100% after resume from sleep; laptop gets VERY hot

[arthur . summers]

Interesting - I would have thought that this was a Qubes-y issue:
https://askubuntu.com/questions/948025/high-fan-speed-after-suspend-only-on-ac-16-04

I haven't tried updating my BIOS, but just now, I tried doing this in dom0:

sudo sh -c "echo auto > /sys/bus/pci/devices/:00:1f.[X]/power/control" 
(where [X] represents every device pointer in that directory - it differs from 
system to system)

Worked like a charm . . . for now, at least.


On Thursday, July 18, 2019 at 1:54:17 PM UTC-5, arthur...@gmail.com wrote:
>
> This was an issue on 3.2 and still on 4.0. My system runs just fine 
> normally, but if I put it to sleep, the CPU and GPU fans run at full, and 
> my laptop gets rather hot. Looking at top doesn't show anything unusual, 
> and none of the VMs are suddenly using a lot of CPU. I'm not exactly sure 
> what's up.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db1c0d59-1959-442f-892a-2f792a3532d4%40googlegroups.com.

[qubes-users] Re: Changing the clipboard shortcut in 4.0 doesn't work

[arthur . summers]

As a follow-up because I see this has been asked at-length both here an on 
GitHub: I tried changing this to "Ctrl-Alt-c" and "Ctrl-Alt-v" in 
/etc/qubes/guid.conf (using that syntax and capitalization EXACTLY). Is my 
syntax incorrect? I had this working in 3.2, but it won't work in 4.0. 
Strange . . .

On Wednesday, July 24, 2019 at 7:33:10 PM UTC-5, arthur...@gmail.com wrote:
>
> I prefer to use a different shortcut for the Qubes clipboard because 
> Ctrl+Shift+V is an existing shortcut for "paste without formatting" in most 
> applications. However, I've tried editing /etc/qubes/guid.conf and 
> restarting my VMs (I actually restarted my whole system), but no luck. I 
> figure something changed now that the clipboard is a standalone 
> application, but I'm not sure what needs to be modified.
>
> Thanks!
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2bee2e3f-a669-4949-9950-2e34c19b2584%40googlegroups.com.

[qubes-users] Changing the clipboard shortcut in 4.0 doesn't work

[arthur . summers]

I prefer to use a different shortcut for the Qubes clipboard because 
Ctrl+Shift+V is an existing shortcut for "paste without formatting" in most 
applications. However, I've tried editing /etc/qubes/guid.conf and 
restarting my VMs (I actually restarted my whole system), but no luck. I 
figure something changed now that the clipboard is a standalone 
application, but I'm not sure what needs to be modified.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f89de975-447b-493d-bb12-0cf6b068cb97%40googlegroups.com.

[qubes-users] Re: Fans at 100% after resume from sleep; laptop gets VERY hot

[arthur . summers]

Here's my dmidecode (where's the attach file button? Shouldn't I be able to do 
that? *shrug* Sorry for posting this as text, but I'm not seeing that button):

# dmidecode 3.1
Getting SMBIOS data from sysfs.
SMBIOS 2.7 present.
101 structures occupying 5032 bytes.
Table at 0x000ED8D0.

Handle 0xDA00, DMI type 218, 251 bytes
OEM-specific Type
Header and Data:
DA FB 00 DA B2 00 37 5F 1F 36 40 05 00 05 00 03
00 06 00 06 00 05 00 07 00 07 00 00 00 0B 00 0B
00 01 00 0C 00 0C 00 02 00 0D 00 0D 00 03 00 0F
00 0F 00 00 00 11 00 11 00 02 00 12 00 12 00 04
00 22 00 22 00 01 00 23 00 23 00 00 00 28 00 28
00 00 00 29 00 29 00 01 00 2A 00 2A 00 02 00 2B
00 2B 00 FF FF 2C 00 2C 00 FF FF 2D 00 2D 00 02
00 2E 00 2E 00 00 00 40 00 40 00 01 00 41 00 41
00 00 00 42 00 42 00 01 00 43 00 43 00 00 00 55
00 55 00 00 00 5C 00 5C 00 01 00 5D 00 5D 00 00
00 65 00 65 00 00 00 66 00 66 00 01 00 6D 00 6D
00 05 00 6E 00 6E 00 01 00 7D 00 7D 00 FF FF 93
00 93 00 01 00 94 00 94 00 00 00 9B 00 9B 00 01
00 9D 00 9D 00 01 00 9E 00 9E 00 00 00 9F 00 9F
00 00 00 A0 00 A0 00 01 00 A1 00 A1 00 00 00 A3
00 A3 00 01 00 FF FF FF FF 00 00

Handle 0xDA01, DMI type 218, 251 bytes
OEM-specific Type
Header and Data:
DA FB 01 DA B2 00 37 5F 1F 36 40 D1 00 D1 00 01
00 D2 00 D2 00 00 00 EA 00 EA 00 00 00 EB 00 EB
00 01 00 EC 00 EC 00 02 00 ED 00 ED 00 00 00 F0
00 F0 00 01 00 F1 00 F1 00 00 00 F2 00 F2 00 01
00 F3 00 F3 00 02 00 09 01 09 01 00 00 0E 01 0E
01 01 00 0F 01 0F 01 00 00 17 01 17 01 00 00 18
01 18 01 01 00 19 01 19 01 00 00 1A 01 1A 01 01
00 1B 01 1B 01 00 00 1C 01 1C 01 01 00 1D 01 1D
01 00 00 1E 01 1E 01 01 00 1F 01 1F 01 00 00 20
01 20 01 01 00 21 01 21 01 00 00 22 01 22 01 01
00 2B 01 2B 01 01 00 2C 01 2C 01 00 00 2D 01 2D
01 01 00 2E 01 2E 01 00 00 35 01 35 01 FF 00 37
01 37 01 00 00 38 01 38 01 01 00 39 01 39 01 02
00 40 01 40 01 00 00 41 01 41 01 01 00 44 01 44
01 00 00 45 01 45 01 01 00 46 01 46 01 00 00 47
01 47 01 01 00 FF FF FF FF 00 00

Handle 0xDA02, DMI type 218, 251 bytes
OEM-specific Type
Header and Data:
DA FB 02 DA B2 00 37 5F 1F 36 40 4A 01 4A 01 00
00 4B 01 4B 01 01 00 52 01 52 01 01 00 53 01 53
01 00 00 75 01 75 01 02 00 76 01 76 01 01 00 7B
01 7B 01 00 00 7C 01 7C 01 01 00 7F 01 7F 01 00
00 80 01 80 01 01 00 81 01 81 01 00 00 82 01 82
01 01 00 83 01 83 01 00 00 84 01 84 01 01 00 85
01 85 01 00 00 86 01 86 01 01 00 89 01 89 01 00
00 8A 01 8A 01 01 00 93 01 93 01 00 00 94 01 94
01 01 00 98 01 98 01 04 00 9B 01 9B 01 00 00 9C
01 9C 01 01 00 C2 01 C2 01 02 00 C3 01 C3 01 01
00 CE 01 CE 01 02 00 D8 01 D8 01 00 00 D9 01 D9
01 01 00 DE 01 DE 01 00 00 DF 01 DF 01 01 00 E2
01 E2 01 01 00 E3 01 E3 01 02 00 E8 01 E8 01 00
00 E9 01 E9 01 01 00 EA 01 EA 01 00 00 EB 01 EB
01 01 00 02 02 02 02 00 00 03 02 03 02 01 00 04
02 04 02 00 00 FF FF FF FF 00 00

Handle 0xDA03, DMI type 218, 251 bytes
OEM-specific Type
Header and Data:
DA FB 03 DA B2 00 37 5F 1F 36 40 05 02 05 02 01
00 16 02 16 02 06 00 2D 02 2D 02 01 00 2E 02 2E
02 00 00 32 02 32 02 02 00 33 02 33 02 01 00 35
02 35 02 01 00 36 02 36 02 00 00 44 02 44 02 01
00 45 02 45 02 00 00 4A 02 4A 02 01 00 4B 02 4B
02 01 00 4C 02 4C 02 00 00 64 02 64 02 01 00 65
02 65 02 00 00 66 02 66 02 01 00 67 02 67 02 00
00 68 02 68 02 01 00 69 02 69 02 00 00 6C 02 6C
02 01 00 6D 02 6D 02 00 00 6E 02 6E 02 00 00 85
02 85 02 01 00 86 02 86 02 00 00 94 02 94 02 01
00 95 02 95 02 00 00 A3 02 A3 02 01 00 A4 02 A4
02 00 00 A5 02 A5 02 01 00 A6 02 A6 02 00 00 A7
02 A7 02 01 00 A8 02 A8 02 00 00 B4 02 B4 02 01
00 B5 02 B5 02 00 00 BD 02 BD 02 01 00 BE 02 BE
02 00 00 CD 02 CD 02 01 00 D8 02 D8 02 FF FF D9
02 D9 02 FF FF FF FF FF FF 00 00

Handle 0xDA04, DMI type 218, 251 bytes
OEM-specific Type
Header and Data:
DA FB 04 DA B2 00 37 5F 1F 36 40 DA 02 DA 02 FF
FF DB 02 DB 02 FF FF DC 02 DC 02 FF FF DD 02 DD
02 FF FF DE 02 DE 02 FF FF DF 02 DF 02 FF FF E3
02 E3 02 01 00 E4 02 E4 02 00 00 E5 02 E5 02 01
  

[qubes-users] Fans at 100% after resume from sleep; laptop gets VERY hot

[arthur . summers]

This was an issue on 3.2 and still on 4.0. My system runs just fine normally, 
but if I put it to sleep, the CPU and GPU fans run at full, and my laptop gets 
rather hot. Looking at top doesn't show anything unusual, and none of the VMs 
are suddenly using a lot of CPU. I'm not exactly sure what's up.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4af2cb2b-6dcf-4c5c-98dd-d0f2e8b318e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HVM Mouse Emulation Options

[arthur . summers]

On Thursday, June 2, 2016 at 1:33:42 AM UTC-5, Drew White wrote:
> On Sunday, 8 May 2016 09:31:31 UTC+10, fred_...@sigaint.org  wrote:I've 
> installed an Android-based HVM (Remix OS). When installed on bare
> 
> metal, physical usb mice behave like normal desktop mice in the OS.
> 
> 
> 
> However, in the HVM, the cursor needs to be dragged around with the mouse.
> 
> I read previously on qubes-users that Qubes uses USB Tablet emulation.
> 
> Could that be the cause? Is it possible to use PS/2 emulation instead?
> 
> 
> 
> I'm not sure if this is more of a Xen topic than a Qubes one. Tried
> 
> searching for "xen virtual mouse usb tablet ps/2" with no success. Thanks
> 
> in advance!
> 
> 
> 
> 
> 
> I have no issue with this. the cursor works normally for me. Wether it be x86 
> or x64 it doesn't matter.
> I move the mouse and click and it works. 
> 
> Perhaps there is some other issue with your PC/Virtual?

I'm gonna necro this. I'm on 3.2, and I have the same problem. I actually 
couldn't get Remix to boot, so I used vanilla Android-x86. It boots, but no 
mouse. I also tried ChromeOS images by ArnoldTheBat, but those wouldn't boot, 
either. I've had a lot of problems getting HVMs to work (probably PEBKAC, but 
that's why I've never been a huge fan of Xen). Any settings I can fiddle with?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d3b2a865-2336-4dc0-adf9-bfb4b7a98e8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unnecessary things in dom0/templates?

[arthur . summers]

I just updated dom0 and saw a few packages - avahi and openssl - that made me 
curious as to why they are there. I'm all about having a lean system, so I 
remove things where and when I can. If there's a reason for these things being 
there, then that's cool, but since dom0 is network-isolated, that struck me as 
a little odd.

I'm also curious to know if other people have thoughts on certain packages and 
why they're included (in dom0 or in templates), so feel free to list them on 
this thread.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dada00c0-bd26-4d35-9f60-72beab685e67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2 RC2: Network Manager notification on system resume from suspend won't go away

[Andrew "Arthur" Summers]

Correct on both counts, yes. Just a minor glitch/very slight annoyance.

On Aug 13, 2016 1:35 AM, "Andrew David Wong"  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-08-12 08:07, arthur.summ...@gmail.com wrote:
> > This is not a huge "bug" but just a superficial flaw. After I suspend my
> > system, upon resume, I get a notification from Network Manager that the
> > network connection has been disconnected. This notification won't go away
> > unless I click to close it. There is a bug that was reported back in 2011
> > that seems to precisely describe the behavior that I'm experiencing, but
> > I'm having trouble finding where and how it was patched (related bugs
> > indicate that it is Ubuntu-specific, Gnome 3 specific, etc):
> >
> > https://bugs.launchpad.net/ubuntu/+source/xfce4-notifyd/+bug/835972
> >
> > Let me know if you need any further information from me!
> >
>
> Thanks for the report. Just to confirm: The network *does* automatically
> reconnect. It's simply the disconnection notification that (incorrectly)
> persists. Correct?
>
> Also, I assume you're using Xfce4. Is that correct?
>
> Tracking here:
>
> https://github.com/QubesOS/qubes-issues/issues/2244
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJXrr/CAAoJENtN07w5UDAw91sP/0rmx1zSXwfUepeOnwuJxHm4
> 22hKjeE+NJWg7wOe21gEd/nQWHRk6mZAVzgBM/MPgWQ1f9qeLn9zleq27sAWDN7G
> HUGDBXmEq0/R64MgwITij76OhutJJxRbEMQId7VRhqeQzFnQWhrmg0VqUqRtLs0v
> +zez1eBwEL7xhkMOt8UJ7EnbPEapTZG2xe5oduifK+9zk9j53cPNqDNSkUHmB77S
> xuCPAjYeZ9ml4YIj63BU0fT/QqGFX0G/nGZ1uMDWw9WNJWhblz3VB7QHtIS+4CV5
> lX+vUx5B1xp80Xo4L51jb1hwcPtIVSKTHanFq82J5jJgOUJoQB14jU2uIF1z2e0k
> n4UR7DiZNC4dvktze7L7IgxdJLhDmPyIfmqUMi0onawY/L6YHPjmi3ACgPGy3Q+y
> CCjB64Uf0nlpr5ftK0/rIgshyOliGUo5M2qyVQC6dskKvlxxFUI9K3JxH4T5VQXX
> 4tREJbTB1Dt89lyUUrwUAn26u0zq/Hr/sS6ojPK6pR7fliJjoBvABlW+1phPLsyn
> ZCEwxg3nN60hSMQxYDPoCJv2zi08gMY7SfIEjBHidFmRP5lDg2ioFOP0/Bvp3BxF
> 7TcoTDvDDM6X2fJOJx5ZBFLbTUPWEiOQNTSnlXZdPh2SE10uTw8vocR7KL13QmLJ
> 6KhxT0KiUFdv9NiS4I8Z
> =8MRR
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRgYYbHV4jtKW9OeuPBPtVrbAdHQHgwo6GpgXram0ej3T-A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] 3.2 RC2: Network Manager notification on system resume from suspend won't go away

[arthur . summers]

This is not a huge "bug" but just a superficial flaw. After I suspend my 
system, upon resume, I get a notification from Network Manager that the network 
connection has been disconnected. This notification won't go away unless I 
click to close it. There is a bug that was reported back in 2011 that seems to 
precisely describe the behavior that I'm experiencing, but I'm having trouble 
finding where and how it was patched (related bugs indicate that it is 
Ubuntu-specific, Gnome 3 specific, etc):

https://bugs.launchpad.net/ubuntu/+source/xfce4-notifyd/+bug/835972

Let me know if you need any further information from me!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ae6584a-a172-47dd-8144-ce06d9236f0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: What do you think about the idea of a FileVM?

[Andrew "Arthur" Summers]

I'm seriously taking this thread on a tangent, but are there any FOSS GUIs
that have been specifically built for Xen? Heck, any free proprietary GUIs?
I see paid options, abandoned projects, and cross-hypervisor solutions
(those don't tend to be great), but one reason I never delved into Xen is
that I couldn't figure out a good, free, standard GUI for management. I
figured that's one reason Qubes built one from scratch, but something
pre-existing would likely have OVA import functions.

Alright, now I'm starting to ramble...

On Tue, Aug 2, 2016, 9:01 PM Drew White  wrote:

> On Tuesday, 2 August 2016 08:43:43 UTC+10, fmu...@gmail.com  wrote:
> > I don't know about OVAs, but I imported a Virtualbox VM. If you search
> for virtualbox you'll find the post with the procedure. Maybe this link
> will work: https://groups.google.com/forum/#!topic/qubes-users/YQyRSoRQWCU
>
> I've been working on getting the OVAs decoded and imported for a while
> now. The primary issue us the fact that they can be OVA versions 1,2,3,
> etc.. And this causes issues within Qubes when it's decoded and put in.
>
> OVA1 is easy and just works. OVA2 is a little more tricky though.
>
> Qubes itself can't accomplish this because it can't do the later versions
> of the OVAs, however in my manager I have been adding in the software and
> configurations to allow for importing many different machines, including
> P2V support, but that is currently only for linux clients.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRgb8MpgQHRp5hL6bzFLcEDbfzwZ9n%3D%2B6UZ8Jr5XD3hNOOw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: What do you think about the idea of a FileVM?

[Andrew "Arthur" Summers]

Does Xen have a native import/export format? I'm WAY more familiar with
VMware offerings (which handle loads of formats), but if there's a way to
add OVA import to Qubes down the road, I'd be in love. Heck, if there's an
add-on or a command to run from Dom0 that I could use now, I'm down.

On Mon, Aug 1, 2016 at 5:43 PM  wrote:

> On Friday, 29 July 2016 20:12:45 UTC-4, arthur@gmail.com  wrote:
> > I agree with the idea of having an option for a storage VM, but my
> agreement goes a little deeper (and forks a bit). I know that the primary
> goal of Qubes is security, but there are a lot of different use cases for
> it. I use it because I like the compartmentalization provided by VMs.
> Security is almost a secondary for me - I wanted a bare-metal client
> hypervisor. Since XenClient no longer exists and no other offerings are
> well maintained, I landed on Qubes. For my purposes, sharing storage would
> be great, but baking it in DOES defeat the primary goals of the project.
> >
> > Personally, I'm a huge fan of Turnkey Linux (http://turnkeylinux.org),
> and I use their stuff regularly to stand up infrastructure components or
> for testing. They have a fileserver VM, and it's pretty beautiful.
> Actually, all of their stuff is pretty beautiful. However, unless I missed
> something, I don't see an easy way to import an OVA/VMDK into Qubes. If
> that existed, I'd be happier than a dog with eight legs (yes, I said that).
> This would solve a lot of use cases, simplify the creation of third party
> HVMs, and still maintain the goals of the project.
> >
> > Thoughts?
>
> I don't know about OVAs, but I imported a Virtualbox VM. If you search for
> virtualbox you'll find the post with the procedure. Maybe this link will
> work: https://groups.google.com/forum/#!topic/qubes-users/YQyRSoRQWCU

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRgatC5VHtfRGH78psOQ5mN%2B%3DtA%3D-j7KshqKmn7Je5hT4Wg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2 RC2 - laptop screen lock bug

[Andrew "Arthur" Summers]

I attached the output of dmesg after I removed the "fix" I made. I also
included the output of lspci. Marek would probably know in better detail,
but it seems like the sound card's misconfiguration is causing the system
to wait for it to respond. Since it never responds, the system doesn't
sleep, there is a bit of a delay during startup/shutdown, and I obviously
have no sound.

On Sun, Jul 31, 2016 at 5:02 PM Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-07-30 16:11, arthur.summ...@gmail.com wrote:
> > Ah, right you are - it DOES have to do with the sound card. My system was
> > failing to go to sleep when I closed my laptop lid (I actually hate that
> > setting). This was because my sound card wasn't configured properly. I
> > couldn't launch any of the audio mixer programs, and dmesg was giving the
> > error: snd_hda_intel :03:00.1: Cannot lock devices!
> >
> > I "fixed" it with the hack of adding the following to a modprobe.d conf
> > file: options snd-hda-intel enable=0,1,0
> >
> > Now, the system goes to sleep properly when I close the lid. However,
> > since my sound card worked in 3.1, this means that there is an issue with
> > the snd_hda_intel module in 3.2 RC2. Do you need more info about my
> > system?
> >
>
> I've been trying to think about how we would file a useful bug report for
> this, but it seems like there's not much to go on (yet).
>
> Can we say anything more concrete than just "the sound card worked in 3.1,
> but
> it doesn't work in 3.2-rc2"?
>
> Is this an accurate summary?
>
> "Standby works by itself. The sound card works by itself. But standby only
> works when the sound card is disabled, and enabling the sound card causes
> standby not to work."
>
> Also, did you already give the exact model of the sound card?
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJXnnV4AAoJENtN07w5UDAwMCoQAIAwDkrWt5POuB+osrEuqoT7
> CIoofWTqNEJHGSX5TiKR3fWwnI8ZEGnZ6SyRxVe2OK8+crloJXSOTWdBGhVS5cAh
> NH0XflsIMYNmIusiZXYWRX/CVWdblgYSqNUz1RLVPX3xNIDUiKyMcI4XsXJU0v1C
> b8QhkR1ZlWiG3eOpkYHeAefL6ft9YvfbkZ88OD3NmLGfqcvXrkNt0FY/wXbJkSNf
> 8AJxtuxdzLXiKAUpqh051CHYgS8AWPm/w2XbiLlNkQ/PBvrJfIUCbxyN4VVaA3+R
> zkDekvJg/f27Og9Z9a8RyZeAC85T/ma3175dd9r7KBY7ARXGXFnBj2gtBYPDzNRw
> tXX7JNTy5OSRUNDzBkqmX+UGeehpM5ysaHminpjKT6FFrpOc7d9gTLQsPa+2VP0S
> odtM99nKao2YUolqy4H4NiVxkBAmWiXP2g4fpZ5Znu2q9vlcVVg4VbnGt1PgS8Um
> dhnTt6dRQH0Ncj6e8rqhdR248LfB6qZ0cM2ZLiBLDLHqJpaCCcGKIsIWlTnF2LbH
> b9XLrkRMsEu7jPjlhwAvW5oulavRcJUUhfqo/j1n+VPnbr8r+WZ3EOezfrubzng3
> csTL3iYyEJ6yOa6jWC0WKAUCH65aA6Y+jBdeC/DrLwR+Z7+CZiRcBRRDjgORfB3U
> nNReYlHx3aOVaNlZczHt
> =lpN0
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRgagOqSYL-Wo4atJ%3D-PJ7o%2BJYCo942RVk9dX89TGXqVi-g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


lspci
Description: Binary data


dmesg
Description: Binary data

Re: [qubes-users] Re: Qubes 3.2 rc2 has been released!

[Andrew "Arthur" Summers]

Awesome! I figured going through the release notes would be the best thing
to do, but I imagine that there are some more specific tests that the team
would like to have executed. I'll wait for Marek to respond first.

Note that for me, I couldn't get the installer for RC1 to load. 3.1 worked
just fine, though. So far, the only big difference I've found is my
soundcard not being configured correctly, and it caused things like standby
and resume to not work right (already reported, but happy to provide more
details - just ask).

On Sun, Jul 31, 2016, 4:32 PM Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-07-31 14:10, arthur.summ...@gmail.com wrote:
> > Two questions: 1) Do you have a list of specific things that you would
> > like users to check based on changes/fixes you made from RC1 to RC2? I've
> > got RC2 installed and would gladly provide feedback.
>
> Thank you for offering to test it! It would be great if you could
> specifically
> test the new changes from the previous release candidate. (Marek, do we
> have a
> fine-grained way to view those changes? It looks like our lowest level of
> granularity is point releases, e.g., R3.1 to R3.2, but not R3.2-rc1 to
> R3.2-rc2.)
>
> Here are the release notes for R3.2:
>
> https://www.qubes-os.org/doc/releases/3.2/release-notes/
>
> As that page points out, you can find more detailed descriptions and
> discussions in completed GitHub issues with the "Release 3.2" milestone:
>
>
> https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+sort%3Aupdated-desc+
> milestone%3A%22Release+3.2%22+label%3Arelease-notes+is%3Aclosed
> 
>
> (But as I mentioned above, this doesn't really distinguish between changes
> that occurred in R3.2-rc1 and R3.2-rc2. I think it would still be helpful
> to
> test both, though.)
>
> > 2) As a new user to the community, where is the preferred place to post
> > bugs? So far, I've just been dumping them in the qubes-users section (I
> > reported my snd_hda_intel issue), but I'm not sure if that's where you
> > want them to go.
>
> Thanks for asking! All bugs have to go into qubes-issues on GitHub
> eventually
> so that we can track what gets fixed, so if you're certain that something
> is a
> bug and you don't mind using GitHub to report it, please feel free to open
> an
> issue on GitHub. However, if you're not sure that something is a bug or if
> you
> don't want to use GitHub for any reason, then it's perfectly fine to write
> to
> the mailing list instead. (Not a big deal either way.)
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJXnm50AAoJENtN07w5UDAwGqIP/3HOrxxmEUJyWyB6kvqxh4yc
> TqwwdQ2uliiDJXplMJSJ40NzSajsKpZxfQMBIOMs5brdi0qDWRWBk3aZW8LHWxNY
> B/RTd4fU879UUv6/QVgg+RGfyRwN1Fm8qJOEH7ISzcjHrXTKbMptC2uVv9KS1+bB
> fq6XqeySieRjDI/jrMTpbz9SfyzVEgj5U3xNZJOcLpRCOfJpINHzp1I1JjLT5lOo
> 35GvlyMuYNbJzTJCMH07Tp2ZyYMkoIKdX87qsVEabfs47JxkhvFrRdTDKlb+aMXS
> SgfUbLKvVb2aS+j99ceDbIJTIaHd69F0rgkUK+qvG8dvJUIOK1vO9epN59IaYUtB
> xRAe7/fi2Q0EKniH/uAZkfuhs6ld5ooUp35aLnIv0dAXS0AGcQ1nrMcyLfB+RCui
> ZlvKrLYaY3U16SNWvjKXnkckDHWgC+8sCn2a4p7JFMOCpETS0A9See3+Dl3WQDdf
> V+FmajnrrGrQwOJ/7vYnethdFZFQKpNk8LYBG4gUi3UdKgf63n2lsmRsVMT/Urxk
> zFC5CPynPcDxRvmL9drB9hxHORTMADc/ehDQCTuqchSFn5Q8GzZ3VAPwXNoStSGP
> IOWwnXh0Fi/XNnCPod+HxkV+aKIndrpfVxdiEFv6OwvQ1IKpmQpLWdJkakQyfIp7
> dxgoMFDLsnMk5/jpCY6G
> =mzPm
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRgb1LEYy_YUzApewQmaWxWbKyYj5e0LcVWorTGgKe-ujfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 3.2 rc2 has been released!

[arthur . summers]

Two questions:
1) Do you have a list of specific things that you would like users to check 
based on changes/fixes you made from RC1 to RC2? I've got RC2 installed and 
would gladly provide feedback.
2) As a new user to the community, where is the preferred place to post bugs? 
So far, I've just been dumping them in the qubes-users section (I reported my 
snd_hda_intel issue), but I'm not sure if that's where you want them to go.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf760eba-7d23-4834-b24c-71d0a673f6b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2 RC2 - laptop screen lock bug

[arthur . summers]

Ah, right you are - it DOES have to do with the sound card. My system was 
failing to go to sleep when I closed my laptop lid (I actually hate that 
setting). This was because my sound card wasn't configured properly. I couldn't 
launch any of the audio mixer programs, and dmesg was giving the error:
snd_hda_intel :03:00.1: Cannot lock devices!

I "fixed" it with the hack of adding the following to a modprobe.d conf file:
options snd-hda-intel enable=0,1,0

Now, the system goes to sleep properly when I close the lid. However, since my 
sound card worked in 3.1, this means that there is an issue with the 
snd_hda_intel module in 3.2 RC2. Do you need more info about my system?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94591309-4296-4f3d-b021-59ab3c5c4166%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Change HandleLidSwitch value in the installer?

[arthur . summers]

I figured it was an oversight. Nothing major (and kinda picky), but man, it's 
caught me more than once like a little splinter . . .

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a75a892-29a2-48c5-8aff-b7f49946fa7b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Change HandleLidSwitch value in the installer?

[arthur . summers]

Actually, neither of those situations - the way post-install is set up is 
perfect. This is what I'm referring to Right now, if I fire up the installer, 
click "Begin Installation," and decide to close my laptop lid while the 
installation runs, the system goes to standby. :[ Boo!!! Usually, the USB fails 
to reconnect, and the installer breaks. That make more sense?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b186eb46-7a8b-4819-9d06-4f58f67413d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Change HandleLidSwitch value in the installer?

[arthur . summers]

So, I'm glad that HandleLidSwitch is set properly after an install to keep 
laptop systems from going to sleep when closed. I always forget about that on 
new installs of different OSs, and then I have to remember how that flavor of 
whatever system lets you disable the setting.

HOWEVER, could that be disabled in the installer? It's happened at least three 
times that I've closed the lid without thinking, the system goes into standby, 
and on resume, the USB hasn't reattached properly, so I have to start over 
again. Not a HUGE deal, but it is certainly a bit frustrating . . .

Much appreciated!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e485ea4d-63f5-4407-8cc8-3aa5fcdc8d17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: What do you think about the idea of a FileVM?

[arthur . summers]

I agree with the idea of having an option for a storage VM, but my agreement 
goes a little deeper (and forks a bit). I know that the primary goal of Qubes 
is security, but there are a lot of different use cases for it. I use it 
because I like the compartmentalization provided by VMs. Security is almost a 
secondary for me - I wanted a bare-metal client hypervisor. Since XenClient no 
longer exists and no other offerings are well maintained, I landed on Qubes. 
For my purposes, sharing storage would be great, but baking it in DOES defeat 
the primary goals of the project.

Personally, I'm a huge fan of Turnkey Linux (http://turnkeylinux.org), and I 
use their stuff regularly to stand up infrastructure components or for testing. 
They have a fileserver VM, and it's pretty beautiful. Actually, all of their 
stuff is pretty beautiful. However, unless I missed something, I don't see an 
easy way to import an OVA/VMDK into Qubes. If that existed, I'd be happier than 
a dog with eight legs (yes, I said that). This would solve a lot of use cases, 
simplify the creation of third party HVMs, and still maintain the goals of the 
project.

Thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9e16762-09b3-4f05-82a8-d65fdedbe2f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] 3.2 RC2 - laptop screen lock bug

[arthur . summers]

I'm happy to report that the issue I experienced below is gone, so I was able 
to install RC2. The AMDGPU drivers in the 4.4 kernel make a HUGE difference for 
dual monitors, so I'm excited!
https://groups.google.com/forum/#!msg/qubes-users/uUwBy6RIUHQ/KESMemrcBQAJ

However, I'm having an issue when I close my laptop lid, reopen it, and then 
try to unlock the screen. The screen freezes for a good 60 seconds before 
letting me use the mouse or keyboard. This isn't after a standby, and it 
doesn't occur every time the screen locks - ONLY after I close the laptop lid 
and reopen it. Here is the pertinent dmesg:

[  553.366878] audit: type=1130 audit(1469827523.468:173): pid=1 uid=0 
auid=4294967295 ses=4294967295 msg='unit=qubes-suspend comm="systemd" 
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
[  553.388154] PM: Syncing filesystems ... done.
[  553.394865] PM: Preparing system for sleep (mem)
[  553.395089] Freezing user space processes ... 
[  573.397815] Freezing of tasks failed after 20.002 seconds (2 tasks refusing 
to freeze, wq_busy=0):
[  573.397876] alsactl D 8800c326fb98 0  1382  1 0x0084
[  573.397886]  8800c326fb98  88012f871d00 
8800c3435700
[  573.397893]  8800c327 8800c326fbd0 880134b8e040 
880134b8e040
[  573.397899]  88012fabc000 8800c326fbb0 81752685 
000100047254
[  573.397906] Call Trace:
[  573.397926]  [] schedule+0x35/0x80
[  573.397935]  [] schedule_timeout+0x129/0x270
[  573.397945]  [] ? 
trace_event_raw_event_tick_stop+0x120/0x120
[  573.397953]  [] ? _raw_spin_unlock_irqrestore+0x1a/0x20
[  573.397970]  [] snd_power_wait+0xb5/0x110 [snd]
[  573.397976]  [] ? wake_up_q+0x70/0x70
[  573.397987]  [] snd_ctl_elem_info_user+0x61/0xf0 [snd]
[  573.397999]  [] snd_ctl_ioctl+0x5ec/0x6c0 [snd]
[  573.398010]  [] ? 
__raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[  573.398019]  [] do_vfs_ioctl+0x298/0x480
[  573.398028]  [] ? __audit_syscall_entry+0xab/0xf0
[  573.398036]  [] ? do_audit_syscall_entry+0x4b/0x70
[  573.398042]  [] ? syscall_trace_enter_phase1+0x13c/0x160
[  573.398047]  [] SyS_ioctl+0x79/0x90
[  573.398053]  [] entry_SYSCALL_64_fastpath+0x12/0x71
[  573.398105] pulseaudio  D 88012060fcd8 0  2732   2731 0x0084
[  573.398112]  88012060fcd8  88012f851d00 
880086d25700
[  573.398118]  88012061 88012060fd10 880134a8e040 
880134a8e040
[  573.398124]  88012fabc000 88012060fcf0 81752685 
00010004043f
[  573.398131] Call Trace:
[  573.398138]  [] schedule+0x35/0x80
[  573.398145]  [] schedule_timeout+0x129/0x270
[  573.398151]  [] ? 
trace_event_raw_event_tick_stop+0x120/0x120
[  573.398158]  [] ? _raw_spin_unlock_irqrestore+0x1a/0x20
[  573.398169]  [] snd_power_wait+0xb5/0x110 [snd]
[  573.398173]  [] ? wake_up_q+0x70/0x70
[  573.398183]  [] snd_ctl_ioctl+0xc5/0x6c0 [snd]
[  573.398189]  [] do_vfs_ioctl+0x298/0x480
[  573.398195]  [] ? __audit_syscall_entry+0xab/0xf0
[  573.398201]  [] ? do_audit_syscall_entry+0x4b/0x70
[  573.398206]  [] ? syscall_trace_enter_phase1+0x13c/0x160
[  573.398212]  [] SyS_ioctl+0x79/0x90
[  573.398217]  [] entry_SYSCALL_64_fastpath+0x12/0x71

[  573.398233] Restarting tasks ... done.
[  573.423849] PM: Syncing filesystems ... done.
[  573.429320] PM: Preparing system for sleep (freeze)
[  573.429475] Freezing user space processes ... 
[  593.432916] Freezing of tasks failed after 20.002 seconds (2 tasks refusing 
to freeze, wq_busy=0):
[  593.433028] alsactl D 8800c326fb98 0  1382  1 0x0084
[  593.433038]  8800c326fb98  88012f871d00 
8800c3435700
[  593.433046]  8800c327 8800c326fbd0 880134b8e040 
880134b8e040
[  593.433052]  88012fabc000 8800c326fbb0 81752685 
000100047254
[  593.433058] Call Trace:
[  593.433076]  [] schedule+0x35/0x80
[  593.433084]  [] schedule_timeout+0x129/0x270
[  593.433094]  [] ? 
trace_event_raw_event_tick_stop+0x120/0x120
[  593.433102]  [] ? _raw_spin_unlock_irqrestore+0x1a/0x20
[  593.433117]  [] snd_power_wait+0xb5/0x110 [snd]
[  593.433123]  [] ? wake_up_q+0x70/0x70
[  593.433134]  [] snd_ctl_elem_info_user+0x61/0xf0 [snd]
[  593.433146]  [] snd_ctl_ioctl+0x5ec/0x6c0 [snd]
[  593.433155]  [] ? 
__raw_callee_save___pv_queued_spin_unlock+0x11/0x20
[  593.433164]  [] do_vfs_ioctl+0x298/0x480
[  593.433172]  [] ? __audit_syscall_entry+0xab/0xf0
[  593.433180]  [] ? do_audit_syscall_entry+0x4b/0x70
[  593.433186]  [] ? syscall_trace_enter_phase1+0x13c/0x160
[  593.433191]  [] SyS_ioctl+0x79/0x90
[  593.433197]  [] entry_SYSCALL_64_fastpath+0x12/0x71
[  593.433253] pulseaudio  D 88012060fcd8 0  2732   2731 0x0084
[  593.433260]  88012060fcd8  88012f851d00 
880086d25700
[  593.433266]  88012061 88012060fd10 880134a8e040 
880134a8e040
[  593.433272]  88012fabc000 ff

Re: [qubes-users] Debian VM isn't persistent for me

[Andrew "Arthur" Summers]

Yes, I did. I got impatient and did a fresh install, and it's working, now.
That was odd...

On Sat, Jul 23, 2016 at 7:30 PM Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-07-23 13:32, arthur.summ...@gmail.com wrote:
> > I created an AppVM based on the Debian 8 template. I DID modify the
> > template to add the Google Chrome repository and GPG key, but otherwise,
> I
> > did nothing. Now, whenever I shut down my AppVM, changes seem to be lost
> -
> > Chrome starts up fresh with all settings reset, and the keyring pops up
> to
> > ask me for a password. Since I just did a fresh install of Qubes
> yesterday,
> > I'm considering just reinstalling, but this is a little odd...
> >
>
> Did you make sure to fully shut down the Debian 8 TemplateVM after making
> your
> changes to Google Chrome but before starting the AppVM based on it?
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJXk/30AAoJENtN07w5UDAwEgoP/0gIFOsYey1d/oiw4sLZIWPs
> 6psI8DE5/TYe6PX1+byKbIQmiQ9g9pT1+OUMvjzBbtSCdW/W3X0Bnx9I96nikPFJ
> v1ysTHSOINYXXK3cW+bjxdGLY6AZWw4NXl6Gml6f8aLKvR20MMZRRlRblV8r5BOZ
> aCk2W7rjWLk6gR2OfQueAumZ9y8LU9nnW/tE6l1qkFHHhwj5zZ5JyUqIV1HyndeH
> lKRyZUiEO257/WRCVjFmHHXvbIJC7EmvTBkgMro1sokpplmUHfEykIW7zCdvbIAu
> 7fQv4JiWCk4g3Zj+tpz4WNX84fWlew7S09SAvXfkk7vajYwjy3SXbVadNBKajTnA
> 2oTlQPGG4LH98ZV+7vNMrN+eR2W7G2tRoSu7Iw2aaPr9Bv2tpDy57MfaoZ6OQpTV
> o7qx+w+spd5txAQ7wocUWQ3CavpWoUMRAIfQYvMna07wiYKoMJwN28ev2o2ik2UV
> R9zOKSSOKcF7TYmyKwPWEhs3sSAXefTzjtbLD6l8//sYHulS1iXsFWia2+8GLBrk
> Ef1+ggahPALiJpXlFaY/isWw/li3t0PjciSRaGVuZV9UV0HjGSDeK1E/qzGTdQN9
> XqAg4pJdiTbD8qkM9dm5WAUcHYF3svlAacMs0lBWgZWMn+bO+Fu8ERukDyI5XlKm
> doUjkpZNkzniR/zJ8R+V
> =BgTJ
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRga%3D%2B10iYrQMHzkFQHPEKsor6jTF2R%2BvMdsFD%2Bg%2BtYKbmQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Debian VM isn't persistent for me

[arthur . summers]

I created an AppVM based on the Debian 8 template. I DID modify the template to 
add the Google Chrome repository and GPG key, but otherwise, I did nothing. 
Now, whenever I shut down my AppVM, changes seem to be lost - Chrome starts up 
fresh with all settings reset, and the keyring pops up to ask me for a 
password. Since I just did a fresh install of Qubes yesterday, I'm considering 
just reinstalling, but this is a little odd...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7e5133b-e660-4069-8db9-c361c5924aed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Trouble installing 3.2 RC1 - rdsosreport.txt below

[Andrew "Arthur" Summers]

Sounds good. I just hoped to give a little feedback on RC1 for your team. I
also wanted to see if 3.2 handled my graphics card a little better with
dual monitors - I get some choppy redrawing artifacts with 3.1. Regardless,
making sure that the installer doesn't have issues is a far bigger
consideration for release. Let me know if you'd like me to try something
else or provide further information!

On Sun, Jul 10, 2016 at 2:28 PM Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Sun, Jul 10, 2016 at 06:45:13PM +0000, Andrew "Arthur" Summers wrote:
> > Nope - rd.driver.blacklist=scsi_dh_alua didn't work. Funny thing is that
> I
> > installed 3.1 using the exact same USB drive by dd'ing the ISO to the
> drive.
>
> I guess the bug was introduced in newer kernel (Qubes 3.1 has kernel
> 4.1, but Qubes 3.2 has 4.4). This is already patched in newer kernel -
> will pull it to our package. It will land in 3.2-rc2 - somehow in two
> weeks:
> https://www.qubes-os.org/doc/releases/3.2/schedule/
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXgqHtAAoJENuP0xzK19csQbEH/3PC5sg3nXSn5Vr4HFKmUZtQ
> peY20zkjn2d17+m5v9cz4bK4UjE+AwYbR6RNJYGZx20miQzZ9k1TzrxfiaHdGQEm
> NRA/g0dk8NlFNgTWe6p8foz7GKKVnkstEI7E65ZXs4jJDWIB8VHTai3uGmY0VCCX
> GFM7LZNVgqrm/z0ojZEUShZkG8MzCWK54KwdjVUjC8yNK5j5WmVqbA5hAH/vq/G0
> RxgabbqHsHMTV9LUDoPCrGlwrCnZ5xebL1u+D8jUIUTaHH2zbDLNdxipTPNmLCDo
> V0yjVZWFXz6GD6H4vzC6T0eYhL6EZyrkxyde9N1k/+5x8ICyHiqoe2FuLnX6ADw=
> =9t1e
> -END PGP SIGNATURE-
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRgbR2Z-40D90TjCYcyB7MJvGb9AoZ0yXSQDs292n3uH4Fw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Trouble installing 3.2 RC1 - rdsosreport.txt below

[Andrew "Arthur" Summers]

Nope - rd.driver.blacklist=scsi_dh_alua didn't work. Funny thing is that I
installed 3.1 using the exact same USB drive by dd'ing the ISO to the drive.

On Sun, Jul 10, 2016, 1:33 PM Marek Marczykowski-Górecki <
marma...@invisiblethingslab.com> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Sun, Jul 10, 2016 at 11:24:56AM -0700, arthur.summ...@gmail.com wrote:
> > The installer for 3.2 RC1 doesn't load and drops me to a prompt. 3.1
> loaded and installed just fine. I'm not a Fedora guy, so I'm not really
> sure why anaconda fails to load.
> >
> > Sorry for plopping the log inline - I don't see an attachment button
> when starting a new topic.
> >
> > Thanks for any help you can give!
>
> (...)
>
> > [   24.693097] localhost kernel: scsi 0:0:0:0: Direct-Access
>  JetFlash Transcend 64GB   1100 PQ: 0 ANSI: 6
> > [   24.694143] localhost kernel: sd 0:0:0:0: alua: supports implicit and
> explicit TPGS
> > [   24.696410] localhost kernel: sd 0:0:0:0: [sda] 123404288 512-byte
> logical blocks: (63.2 GB/58.8 GiB)
> > [   24.697012] localhost kernel: sd 0:0:0:0: alua: No target port
> descriptors found
> > [   24.697014] localhost kernel: sd 0:0:0:0: alua: Attach failed (-22)
> > [   24.697015] localhost kernel: sd 0:0:0:0: failed to add device
> handler: -22
>
> Looks like this issue:
> https://github.com/QubesOS/qubes-issues/issues/2115
>
> Take a look at linked thread:
>
> https://groups.google.com/d/msgid/qubes-users/857c13c6-f335-5e02-0758-e2b6c4904d9a%40openmailbox.org
>
> There are some ideas, but correct fix probably requires kernel patch.
>
> - --
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXgpT/AAoJENuP0xzK19cslA4H/iQ7djsVyZfb+gkrVB745PX5
> NUbIpkEGeLp+TGeUuNfsBKAvjGfLXB9rbEFa+1xVvfUO456X6FbozmfhEzr9AkrH
> 8S5D5mDoRFmE6h/MdjEtL0xBkh7te/DNkV5HxZ/28DwAKAhUlZ0EANHQQVdTBrYN
> WPD2oHJx/cIVHoVtc50n+Ak2Jd1r/2wbpSHJLfmqAkT8ai0iVvoLYHKTPErKaaK9
> AbwztQJ+tsE4eBUA3VpO4n5v8skOR3RB+N2D68+Q7NJpsdxMgGi1YIS1B3iyYyiW
> 3OOpIlmG3bkL5rMsNexHtcXwzvhOw09toSKSZaalWGrcS85dDy/b5APfXEhXf+0=
> =Jttb
> -END PGP SIGNATURE-
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP0YRga_iZ0ju2diUM-2JGOV2SpVNPXGmjEjQgwUpL%2Bhjk%3DvEw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Trouble installing 3.2 RC1 - rdsosreport.txt below

[arthur . summers]

The installer for 3.2 RC1 doesn't load and drops me to a prompt. 3.1 loaded and 
installed just fine. I'm not a Fedora guy, so I'm not really sure why anaconda 
fails to load.

Sorry for plopping the log inline - I don't see an attachment button when 
starting a new topic.

Thanks for any help you can give!

+ cat /lib/dracut/dracut-043-63.git20151211.fc23
dracut-043-63.git20151211.fc23
+ cat /proc/cmdline
inst.stage2=hd:LABEL=Qubes-R3.2-rc1-x86_64 i915.preliminary_hw_support=1
+ '[' -f /etc/cmdline ']'
+ for _i in '/etc/cmdline.d/*.conf'
+ '[' -f /etc/cmdline.d/99-anaconda-disable-disk-activation.conf ']'
+ echo /etc/cmdline.d/99-anaconda-disable-disk-activation.conf
/etc/cmdline.d/99-anaconda-disable-disk-activation.conf
+ cat /etc/cmdline.d/99-anaconda-disable-disk-activation.conf
rd.dm=0
rd.md=0
rd.lvm=0
rd.luks=0
+ cat /proc/self/mountinfo
1 1 0:2 / / rw shared:1 - rootfs rootfs rw,size=7944876k,nr_inodes=1986219
15 1 0:15 / /sys rw,nosuid,nodev,noexec,relatime shared:2 - sysfs sysfs rw
16 1 0:5 / /proc rw,nosuid,nodev,noexec,relatime shared:8 - proc proc rw
17 1 0:6 / /dev rw,nosuid shared:9 - devtmpfs devtmpfs 
rw,size=7944892k,nr_inodes=1986223,mode=755
18 15 0:16 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:3 - 
securityfs securityfs rw
19 17 0:17 / /dev/shm rw,nosuid,nodev shared:10 - tmpfs tmpfs rw
20 17 0:13 / /dev/pts rw,nosuid,noexec,relatime shared:11 - devpts devpts 
rw,gid=5,mode=620,ptmxmode=000
21 1 0:18 / /run rw,nosuid,nodev shared:12 - tmpfs tmpfs rw,mode=755
22 15 0:19 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:4 - tmpfs tmpfs 
ro,mode=755
23 22 0:20 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:5 - 
cgroup cgroup 
rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
24 15 0:21 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:6 - pstore 
pstore rw
25 15 0:22 / /sys/firmware/efi/efivars rw,nosuid,nodev,noexec,relatime shared:7 
- efivarfs efivarfs rw
26 22 0:23 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime 
shared:13 - cgroup cgroup rw,perf_event
27 22 0:24 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:14 - 
cgroup cgroup rw,pids
28 22 0:25 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime 
shared:15 - cgroup cgroup rw,cpu,cpuacct
29 22 0:26 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:16 - 
cgroup cgroup rw,hugetlb
30 22 0:27 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:17 - 
cgroup cgroup rw,cpuset
31 22 0:28 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:18 - 
cgroup cgroup rw,devices
32 22 0:29 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:19 - 
cgroup cgroup rw,memory
33 22 0:30 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:20 - 
cgroup cgroup rw,freezer
34 22 0:31 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime 
shared:21 - cgroup cgroup rw,net_cls,net_prio
35 22 0:32 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:22 - 
cgroup cgroup rw,blkio
58 15 0:33 / /sys/kernel/config rw,relatime shared:23 - configfs configfs rw
+ cat /proc/mounts
rootfs / rootfs rw,size=7944876k,nr_inodes=1986219 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
devtmpfs /dev devtmpfs rw,nosuid,size=7944892k,nr_inodes=1986223,mode=755 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,nodev,mode=755 0 0
tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/systemd cgroup 
rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
efivarfs /sys/firmware/efi/efivars efivarfs rw,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/perf_event cgroup 
rw,nosuid,nodev,noexec,relatime,perf_event 0 0
cgroup /sys/fs/cgroup/pids cgroup rw,nosuid,nodev,noexec,relatime,pids 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup 
rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0
cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0
cgroup /sys/fs/cgroup/net_cls,net_prio cgroup 
rw,nosuid,nodev,noexec,relatime,net_cls,net_prio 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0
configfs /sys/kernel/config configfs rw,relatime 0 0
+ blkid
+ blkid -o udev
+ ls -l '/dev/disk/by*'
ls: cannot access /dev/disk/by*: No such file or directory
+ for _i in '/etc/con

Re: [qubes-users] Add options for making performance tweaks/enhancements with disclaimers?

[arthur . summers]

Wow, that was fast . . .

First, I was just using the full screen thing as an easy example because it's 
something that I /know/ can be modified. I didn't want to suggest something 
that isn't an option since I'm a Xen noob.

With that said, I'll pose some options as a Xen/Qubes noob. Doesn't Qubes 
isolate memory and vCPUs between VMs instead of allowing for shared resources 
(which I believe is something that Xen does)? Things like that is what I'm 
after, I suppose.

I'm sure you're sick of hearing it, but man, I really wish my FirePro card had 
support under Qubes or that I could "sneaker-net" the appropriate drivers into 
dom0. ;)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de836f37-7614-496b-81ee-c4f5c74ba4b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Add options for making performance tweaks/enhancements with disclaimers?

[arthur . summers]

So, I've been following Qubes since version 1.0. At that time, I used it as a 
lab demo for interns at work to show them just how far you can go with 
visualization. It was clunky back then, but I kept my eye on the project. 

I've toyed with using 3.x as a daily driver, lately. From a non-security 
perspective, it works great at helping me compartmentalize my life, and that's 
the main reason that I like it. From a security perspective . . . I mean, it 
goes without saying. I'm way more of a Debian and VMware person, and I'm 
definitely cutting my teeth on Fedora and Xen, so please excuse my ignorance of 
them.

The thing that's keeping me from using Qubes regularly is that it is so 
resource-hungry. I understand why and that many of these reasons are security 
considerations. I have a M6800 laptop with 16GB of RAM, so I've got plenty of 
power. However, it pains me to see an AppVM running a single instance of 
Firefox eating up just under 4GB of RAM. Yes, much of that is the fault of the 
application developer, but some of it is also overhead needed to provide the 
high degree of isolation and security that exists in Qubes.

I've searched around for "performance tuning" guides for Qubes, but I haven't 
been able to find any. Does one exist, or is it possible to start to put 
something together? By "performance tuning," I even mean potentially changing 
settings that may include the sacrifice of some security for added performance 
and resource handling. I know, I know - that goes against everything that the 
project stands for. I used to work on the pen testing team at a Fortune 10 
company, I understand why Qubes works the way it does, so hear me out. Some 
people (like myself) have different use cases, understand the risks, and are 
willing to give a little to gain a little. Much like rooting a phone, enabling 
"unknown sources"/USB debugging on Android, or even typing "sudo" at the 
command prompt, many power users are willing to take the risk because they know 
what they are doing.

Beyond just making a list, it would be nice to eventually make such settings 
available in the GUI. Add a checkbox somewhere to allow full-screen playback, 
but give a disclaimer to the user (again, just like enabling unknown sources on 
Android gives a warning). Have options to tune Xen's resource management, but 
make the user aware of what they are wishing to do. I'm not saying give 
checkboxes to do things like connecting dom0 to the network, but having options 
to decrease resource isolation from VM to VM would be great for those who 
prefer a little more performance over absolute security.

Thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dd0e39e0-e25b-4e7e-a386-2667962517f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.