Re: [qubes-users] Frequent 3.2 crashes , How to troubleshoot?
On 01/06/2018 09:20 PM, yreb...@riseup.net wrote: > On 2018-01-06 08:23, awokd wrote: >> On Sat, January 6, 2018 5:32 pm, yreb...@riseup.net wrote: >> >>> >>> The "OOM" bug, as I read it on the URL, seems to indicate only that "X" >>> crashes, in my case more often the whole system has rebooted, but perhaps >>> the OOM could also cause that? >>> >>> Plus "grep" seems to find only 2 entries , and I've had many such >>> crashes :) >> >> Look through that journalctl log manually and try to find more crashes. >> Might be something else besides OOM causing them too. Also, look through >> /var/log/xen/console/hypervisor.log for crash messages. > > sadly, it being in dom0 complicates that, as journalctl is so huge ; > besides |more and |less any other suggestions on examining logs in > dom0? > > or particular terms to grep ? "crash" didn't seem to do much :) > Judging by the end result(crash) and the fact that my Qubes has worked well until recently I believe that I am hitting the same issue as you do. I don't have any "oom" logs in journalctl, but I had seen few crashes recently. The last lines before "-- Reboot --" in journalctl is, but that does not repeat earlier so I doubt it's the issue: Jan 06 20:15:03 dom0 block-cleaner-daemon.py[2759]: libxl: error: libxl_device.c:369:libxl__device_disk_set_backend: no suitable backend for disk xvdd Jan 06 20:15:03 dom0 block-cleaner-daemon.py[2759]: libxl_device_disk_remove failed. Jan 06 20:15:04 dom0 block-cleaner-daemon.py[2759]: libxl: error: libxl_device.c:369:libxl__device_disk_set_backend: no suitable backend for disk xvdc Jan 06 20:15:04 dom0 block-cleaner-daemon.py[2759]: libxl_device_disk_remove failed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e1178a2-d397-1c76-06b8-37c8787c3d15%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Audio in Linux HVM
Is it possible to have audio in Linux HVM the same way it is done for AppVM? What has to be set up in dom0/config etc. to make it work? It is my understanding that vchan communication is possible with HVM, isn't it? Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50ba9cce-1b25-1a94-d8d3-0f1b257dce60%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Resize dom0
On 02/18/17 11:23, Zbigniew Łukasiak wrote: > There are instructions how to resize a VM at > https://www.qubes-os.org/doc/resize-root-disk-image/ - but this cannot > apply to dom0 - because it requires stopping the VM and then running > commands in dom0. What would be the procedure for resizing dom0 root > partition? > It's just a linux, and by default dom0 root fs is ext4, which can be grown while mounted, so 'standard' resizing procedure should do. Please take into account that there is ext4 on LVM on LUKS and each have to be grown separately. All commands run as root from dom0(do backups and be carefull!!!). Thanks to LVM there are two alternative solutions. First one, if you have space after LUKS partition on your HDD/SSD: 0. grow physical partition using fdisk or gparted. 1. grow LUKS container using "cryptsetup resize". 2. grow (LVM) physical volume using "pvresize". 3. grow (LVM) logical volume(default name: root) using "lvextend". 4. grow ext4 filesystem using "resize2fs". Alternatively you can extend root by extending LVM, but this will require providing two(or more) passwords while booting(because each part of LVM will need to be decrypted before "merging" it into root partition). 0. Create new partition using fdisk/gparted. 1. Create new encrypted luks container using "cryptsetup luksFormat". 2. Mount newly created luks container. 3. Initialize (LVM) physical volume on newly created luks container using pvcreate. 4. Add newly created physical volume to LVM volume group (by default named: qubes_dom0) using "vgextend". 5. grow (LVM) logical volume using "lvextend". 6. grow ext4 filesystem using "resize2fs". 7. remember to recreate initramfs including both LUKS containers and new lvm settings As always with filesystem changing operations, backup everything before proceding and be extremly carefull. I'm also not providing full commands(it's hard to do from the top of my head), so RTFM to get better understanding of each of above-mentioned commands. To analyze current state of LVM useful commands are: pvdisplay, vgdisplay and lvdisplay. Additionally all used devices shall be visible in /dev/mapper. Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a246833-2a32-7c54-e523-e7afa48a11e0%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Query - Why unable to clone net-sys VM ?
On 01/13/17 05:26, Steve wrote: > On Friday, January 13, 2017 at 3:29:45 AM UTC+4, Ángel wrote: >> Steve wrote: >>> my default net-sys includes both Ethernet and Wifi. I wanted to split them >>> out into >>> net-sys-eth and >>> net-sys-wifi >>> >>> each with the appropriate PCI device. I tried to clone the net-sys but it >>> is greyed out and I was wondering why >>> >> >> Probably because it is running. Stop the VM before attempting to clone it. >> Also, you will need to remove one of the pci devices while it is >> stopped, as those cannot be edited while it is running (nor can you >> attach the same pci to two VMs). > > I had everything shutdown apart from Dom0 but still greyed out. Doesn't look > like its possible to clone sys-net > Have you tried using command line: qvm-clone sys-net new_vm_name Works for me :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b6bc1467-9ff4-1bf8-2343-abc37bacc558%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Installing using pacman command
On 01/12/17 15:14, joseph.yeng...@gmail.com wrote: > I forgot to add, but I've modified the pacman.conf as specified in the Qubes > documentation for the creation of an Archlinux Template VM. > Are you running it in TemplateVM or AppVM? Do you allow it to connect via update proxy? (Firewall Rules->Allow connection to Updates Proxy)? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/613d1e9e-0616-3e53-d41d-a21e33bca924%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Secure Fullscreen Mode in Qubes R3.2
On Thu, 1 Dec 2016 08:38:48 -0800 (PST) DJ Mischkonsum wrote: > Hey! > I installed Qubes R3.2 which has XFCE by default (at least my > installation does and I didn't see any possibility in the installer > to use KDE instead). I'm trying to watch videos in fullscreen mode, > which - as I found out here > (https://www.qubes-os.org/doc/full-screen-mode/) - is disabled by > default. Now the problems with fullscreen mode mentioned in the guide > seem relevant to take into account, which is why I'd like to use the > secure fullscreen mode also mentioned in the guide. Problem is, this > is only detailed for KDE and not XFCE... does anyone know if > something similar is possible in XFCE and how to do it? > > Best regards > Hey, You can enable fullscreen the same way as described in qubes-os doc. But the keyboard shortcut is different. By default it's Alt+F11. You can also check/verify keyboard shortucts in: System Menu(Qubes log on panel)->System Tools->Settings Manager, in section Other click Settings->Editor. In the right-hand panel there is xfce4-keyboard-shortcuts entry, which will show all(afaik) keyboard shortcuts set in XFCE. As a side note, enabling full-screen as described in docs(https://www.qubes-os.org/doc/full-screen-mode/), is used for allowing app running inside VM to request going fullscreen(ie. fullscreen button on youtube video). You can use fullscreen keyboard shortcut to fullscreen any app from any VM, even without this option set. Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161201181904.49f94c69%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes can not decrypt the root directory partition.
On Sat, 26 Nov 2016 15:35:06 -0800 (PST) Alexander Villalba wrote: > Regards!: > > Although it was today that for the first time that I join the group, > I have been using Qubes for years. But today when I wrote the disk > encryption password, the system displays a message saying it can not > boot. Try to load the encrypted disk with a bootable pendriver that > has the Tails operating system installed, from the file browser, > asked for the password, I wrote it, but could not load the partition > of the hard disk containing Qubes. The unencrypted partitions were > able to load and read them. Actually similar issue has happend to me. The partition was no longer accessible via Qubes boot process nor Qubes USB with properly set keymap. This happened after upgrade/reboot cycle, although I suspect some kind of HW issue. According to cryptsetup/luks man page, you should always have a backup of LUKS partition header as it may get corrupted. Due to some anti-forensic techniques in place such corruption is claimed to be irrecoverable. Hope that you had backups. Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161127010638.6fa91243%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VT-d support in hcl report
On Thu, 24 Nov 2016 09:33:23 +0100 Zrubi wrote: > > Well, as you noted the qubes-hcl-report tool relays on xl info, and xl > dmesg output. > If both states tat IOMMU is enabled: > > > virt_caps: hvm hvm_directio > > (XEN) I/O virtualisation enabled > > what else can it say? > > If you 100% sure that this is a false positive, then we should address > this issue for sure. > However I can't see how we can check if IOMMU is really working? Maybe > we can try DMA attack PoC script and try to break out from a netvm for > example? > (of course not as part of the hcl report :) Thanks for your reply. After reading it I realized that I should probably ask at Xen devel mailing list. I am not 100% sure, but the specs about my HW says so(and I am 100% sure about what HW I have). Anyway, I like the idea of DMA PoC attack. Sounds like a definitve measure of VT-d separation. Are there any PoCs publicly available? Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161127011328.2c7c0f51%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VT-d support in hcl report
Hi everyone, I was about to add my hcl report to wiki when I noticed that for some reson it reports IOMMU as enabled, while to my best knowledge it should not be supported on my system. As googling didn't help me understand what's going on I hope someone here can shed some light on this. I have Intel i5-2540,Sandy Bridge, with VT-d): http://ark.intel.com/products/50072/Intel-Core-i5-2540M-Processor-3M-Cache-up-to-3_30-GHz and Intel HM65 chipset: http://ark.intel.com/products/52808/Intel-BD82HM65-PCH) which does not support VT-d. According to every resource I was able to find, both(and BIOS) shall support it in order for VT-d to be enabled, but my hcl report(attached) states: IOMMU: "yes", which is confirmed(somehow) by: xl info | grep virt_caps virt_caps: hvm hvm_directio as well as: xl dmesg reporting: (XEN) Intel VT-d iommu 0 supported page sizes: 4kB. (XEN) Intel VT-d iommu 1 supported page sizes: 4kB. (XEN) Intel VT-d Snoop Control not enabled. (XEN) Intel VT-d Dom0 DMA Passthrough not enabled. (XEN) Intel VT-d Queued Invaldiation enabled (XEN) Intel VT-d Interrupt Remapping enabled. (XEN) Intel VT-d Shared EPT tables not enabled. (XEN) I/O virtualisation enabled ... (XEN) VMX: Supported advanced features: (XEN) - APIC MMIO access virtualisation (XEN) - APIC TPR shadow (XEN) - Extended Page Tables (EPT) (XEN) - Virtual-Processor Identifiers (VPID) (XEN) - Virtual NMI (XEN) - MSR direct-access bitmap (XEN) - Unrestricted Guest (XEN) HVM: VMX enabled It seems as if at least part of VT-d is enabled so shall I trust Intel specs or log outputs? Is hcl tool working correctly? Are the enabled VT-d features enough for running Qubes 4.x? Best Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161117200447.679b1ee9%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-SAMSUNG_ELECTRONICS_CO___LTD_-400B4B_400B5B_200B4B_200B5B-20161117-162307.yml Description: application/yaml
