Re: [qubes-users] Re: qvm-sync-appmenus problems
On 2020-07-02 18:04, anon wrote: sorry seems 1st posting body was empty , I move all items to the left in the template qubes settings, then hit 'refresh applications' ; shutdown template Qube, however in the Q menu still seeing every application , frustrating , I can trash the Template, but that's not going to fix the fact that the shortcuts still exist for the deleted AppVM I imagine? I may not be understanding your issue correctly, but I've found that at least one application needs to be selected, or else all applications available in a VM will be displayed. However, if you move a single application to the right, only that application will be shown. So, if there are VMs that I want to have as few applications displayed as possible, I just leave the "Start" or terminal application in the "Selected" column. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f9e822d5-a415-3379-d6e9-65be86fef3cb%4086.is.
Re: [qubes-users] New Qubes User here: Need guidance in safely & securely installing to DomUs/Fedora TemplateVM
On 2020-06-24 08:04, Set Emeraude wrote: Problem 1: Without inadvertently risking ANY potential breaches to Dom0, or compromising the TemplateVM, how do I install software via the terminal safely. I am aware I can simply enable networking to the templateVM but I am unsure if that is the wisest practice. Easy come, easy go > Problem 2: I need to run closed sourced apps on this templateVM, or at least the AppVM I've segregated to handle all schoolwork and emails. As a security precaution, I've switched all "trusted" appvm's to run the debianVM, including vaults, because my assumption is that if its closed source, its backdoored by default. For problem 1, I wouldn't edit the network settings of a TemplateVM. I'd suggest downloading any installers via an AppVM (or DisposableVM) that already has networking, and then use Qubes' built-in method for copying/moving files between VMs: https://www.qubes-os.org/doc/copying-files/ For problem 2, you have options. You could make a copy of one of the original TemplateVMs, install any proprietary software on the copied TemplateVM, and then create one or more AppVMs based on that template (I've done this for the proprietary software needed for my printer/scanner.) You could also create a StandaloneVM and install the software there. A template might be the way to go if you have multiple applications that you do not want running in the same space (and so you could create separate AppVMs for them). A standalone might make more sense if you don't mind these applications running together, but still want to keep them separated from the rest of your system. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b9048be-f5a2-e7ac-2d2e-d5aa2844b62d%4086.is.
Re: [qubes-users] better solution to configure firewall rules?
On 2020-06-22 16:37, Sven Semmler wrote: Is there a better way for me to import the ranges from https://api.github.com/meta or any other such configuration and import them into a qubes firewall rules? You can add firewall rules from Dom0. I've got a one-liner that will read IPs from a file and add them to the firewall of an AppVM. WARNING, once you edit the firewall rules "manually" from within Dom0, you can no longer edit them from within the GUI. So, I recommend making a copy of your AppVM to test with before running it for real. The script: cat ips.txt | while read line; do qvm-firewall appvm-name add --before 0 accept dsthost=$line; done Where: ips.txt is a text file containing a list of ip addresses, one per line. appvm-name is the name of the AppVM you want to add the rules to. Note that this script will add each IP "before 0" (meaning, at the top of the rule list). Also note that this is set to "accept" connections from all of the IPs. If either of these things is not what you want, you'll need to edit it accordingly. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03b0ec30-6418-0145-bfc8-e437bd4e5777%4086.is.