Re: [qubes-users] Disposable VMs starting with a QubesIncoming folder
On Sat, May 01, 2021 at 01:35:55PM -0700, TheGardner wrote: > Thanks for the help, but a start of the template wouldn't help, cause the > /QubesIncoming folder wasn't build there. It was build in a dvm-VM. > But found a way now. You have to start the dvm-VM via Qubes Manager and > have to start a terminal via rightclick on the Q symbol in the info bar > > dvm-Qube > Run Terminal. > > David Hobach schrieb am Samstag, 1. Mai 2021 um 13:43:56 UTC+2: > > > > > Just start the template VM and remove the ~/QubesIncoming folder. > > > > > DisposableVMs effectively have **two** templates. There is the qube that is the template for the disposableVM - that is a qube that has the `template_for_dispvms` property set. This is called the DisposableVM Template. Then there is the "normal" Template that *that* qube uses. I think that David was suggesting you edit the qube that the disposableVM is based on this is what you did. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210502022348.GA10288%40thirdeyesecurity.org.
Re: [qubes-users] Disposable VMs starting with a QubesIncoming folder
Thanks for the help, but a start of the template wouldn't help, cause the /QubesIncoming folder wasn't build there. It was build in a dvm-VM. But found a way now. You have to start the dvm-VM via Qubes Manager and have to start a terminal via rightclick on the Q symbol in the info bar > dvm-Qube > Run Terminal. David Hobach schrieb am Samstag, 1. Mai 2021 um 13:43:56 UTC+2: > > Just start the template VM and remove the ~/QubesIncoming folder. > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e80d336d-5729-4e35-8ada-82cb44cbaf50n%40googlegroups.com.
Re: [qubes-users] Disposable VMs starting with a QubesIncoming folder
On 5/1/21 11:13 AM, TheGardner wrote: Since several days all my disposable VMs starting with a QubesIncoming folder (w/a personal folder and three files inside). Guess I accidentially moved these files to whonix- ws-15-dvm during a previous Move-to-vm command. Question now is: how can someone remove these files and clear the -dvm VM again? Is this somethings to be done in dom0? Just start the template VM and remove the ~/QubesIncoming folder. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/78f9849a-4d61-7758-1543-8fc8a46a4f98%40hobach.de. smime.p7s Description: S/MIME Cryptographic Signature
[qubes-users] Disposable VMs starting with a QubesIncoming folder
Since several days all my disposable VMs starting with a QubesIncoming folder (w/a personal folder and three files inside). Guess I accidentially moved these files to whonix- ws-15-dvm during a previous Move-to-vm command. Question now is: how can someone remove these files and clear the -dvm VM again? Is this somethings to be done in dom0? Cheers & Thanks for any ideas Steffen -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dbbf7668-10da-4a48-94ea-cc194f595a93n%40googlegroups.com.
Re: [qubes-users] disposable VMs: several different ones, and preconfigured
On Mon, Feb 06, 2017 at 06:07:03AM -0800, Andrew David Wong wrote: > > please excuse me if these are FAQs, RTFM pointers welcome! :) > https://groups.google.com/d/msg/qubes-users/2uN9ybLTqHQ/XMy6d5UkDwAJ > https://www.qubes-os.org/doc/dispvm-customization/ thanks, Andrew! (I the meantime I had seen this URLs floating by on the users list myself, but it's still nice!) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170206142341.GA3314%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] disposable VMs: several different ones, and preconfigured
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-02-03 06:29, Holger Levsen wrote: > Hi, > > please excuse me if these are FAQs, RTFM pointers welcome! :) > > - (how) can I have several different disposable VMs? (eg Debian 8+9 and Fedora > based ones) https://groups.google.com/d/msg/qubes-users/2uN9ybLTqHQ/XMy6d5UkDwAJ > - (how) can I preconfigure disposable VMs? AIUI the home directory is always > created freshly, how can I put stuff in there? (eg always re-configuring > Firefox is annoying…) https://www.qubes-os.org/doc/dispvm-customization/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYmIMAAAoJENtN07w5UDAwLHoQAKkBiWIp7epjCoSgPFhcYcvm Cq3nXlYFYfIZwJH9jKzt2LAdu1Aa0hQZE0j57gdXy242h94+XGUxWqWnNFKUSt96 A4zGwxCA+BM3wdhCLWJV25xNUzNkmI/PPQngttqA7retzud08W3NAwa6U11rrSzw yJCqVsuGJ5RSWyL6KPeX9fUeJbChfcHSmc9kVIWBnIa4ftQo9+Ts4KcsCA0k/zPx RxGK8jKTMvWLQpqfmz25wSRTp0nBFwXXSzCw4hRXDdlGoo4N8nDX3alarBLeBybo bGZCkh7cl2UE9YW27ry4s9vj7knpV2zFB1tyjb3Y+8abRxSOTHPQHq5aTckej9Mc MyLxvKiLfMYE/0u/OLptPdG80dFrAgUMupyFlbiYPVnGDmywV7INvsTXR4Sho9KF lj38faBWMeLrO2vt0c0ON6L9DB5AySdwY5Ekzc74gZl4/w/T0+GQlfWYahVE0inx fZCHS7B7jufBSC/ah+A3qzaac71Tb2Zjj4l3Eic6F1eAYItNvx0HFjdyYRqXWRRn 7reapEVWZG/DxXbAGHK+al/PjEqcp/BVVLDWewzwPXnTEEI2sbzWVwaPZZqTa434 ijEF4d3J23N/wnd0PcmnsTp8X22yB5Oc8ORk6XVY7Ly02+QkuehviXEIe8GvmzwY wPpTpqvLXDYbSOti1EuW =i8cq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04d90b0f-09dd-e5bb-d78a-3003e5cdd190%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] disposable VMs: several different ones, and preconfigured
Hi, please excuse me if these are FAQs, RTFM pointers welcome! :) - (how) can I have several different disposable VMs? (eg Debian 8+9 and Fedora based ones) - (how) can I preconfigure disposable VMs? AIUI the home directory is always created freshly, how can I put stuff in there? (eg always re-configuring Firefox is annoying…) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170203142936.GA10496%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
Re: [qubes-users] Disposable VMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-02-05 14:23, Unman wrote: > On Sun, Feb 05, 2017 at 04:38:09AM -0800, Andrew David Wong wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 >> >> On 2017-02-04 12:59, Unman wrote: >>> On Sat, Feb 04, 2017 at 07:02:57PM +0100, john.david.r.smith >>> wrote: On 04/02/17 18:42, Loren Rogers wrote: > Hi all, > > I'm confused about running disposable VMs - if I open a > browser or file viewer, then want to open a terminal for > the same VM, how could I do this? (E.g. I want to view an > untrusted file, then make some edits.) right click the dispvm in the qubes manager. select run command. enter xterm or whatever you want to run or user (in dom0) qvm-run DISPVM_NAME xterm > > Is there a way to configure the default disposable VM in > the Qubes menu? I see that disposable VMs can be configured > for individual domains, but I can't find where the generic > one is. > >> >> Yes, you can customize the default DispVM by following these >> instructions: >> >> https://www.qubes-os.org/doc/dispvm-customization/ >> > Also, is it possible to specify a different template for > disposable machines? Say I'm running something based on > the default fedora-23, and I want to open a document from > my work VM, which uses that template. But I want to open it > with my fedora-23-custom template as a disposable VM. (E.g. > running a video in VLC that has untrustworthy components.) > Is this doable? currently you can only have one dispvm. if you want, you can set the template as default for dispvms (qvm-create-default-dvm) -john >>> >>> Loren, >>> >>> You can't configure disposable VMs for individual qubes - what >>> you can do is change the netVM which will apply if you start a >>> disposableVM from that qube. The dispVM that will be started >>> is determined by the default dvm, and this is set by >>> qvm-create-default-dvm. >>> >>> As John said, you can only have one default dvm, but it's >>> trivial to work around this with a small script. >> >> Care to share that script, unman? >> >>> It's possible to do this because qvm-create-default-dvm does >>> NOT remove the files for old dvms. You can see this if you >>> generate a new default-dvm, and then look in >>> /var/lib/qubes/appvms. So if you generate a number of different >>> dvms based on different templates, it's simple to switch >>> between them before launching a new dispVM. The launch time >>> isn't noticeably different from starting up a new dispVM, and >>> voila - multiple template disposable VMs on the cheap. >>> >> >> How do you easily switch between the different DVM templates? >> >>> I do this without any apparent ill effects, but it certainly >>> isn't part of the canon. >>> >>> unman >>> >> > > I've attached the script. It's trivial. > > First generate assorted dvms using qvm-create-default-dvm and > customize them as wou will. (Strictly this isnt necessary but you > may as well get your dvm just the way you want it.) > > Then just run the script: "./switch_dvm debian-8 xterm" will load a > dvm based on the debian-8 template and run xterm in a new dispVM > derived from that dvm. The debian-8-dvm will be the default from > then on, but you can easily switch to another: "./switch_dvm > xenial-desktop " If you havent generated a dvm already, then the > script calls 'qvm-create -default-dvm' for you. > > Because you can set dvms with different netvms, and alternate Qubes > networking paths, it's possible to trigger dispVMs using different > torVMs/ VPNs through different NICs, in the same time it takes to > load a dispVM ordinarily. I have a number of keyboard shortcuts to > call it with different parameters, to do exactly this. > > It should be obvious that because you are using the saved dvm, you > wont see any changes you make in the template until you trigger an > updated saved dvm. > > There's all sorts of stuff wrong with it, but it's a quick hack and > it works fine (for me). Try it at your own risk. > > unman > Very interesting! Thanks, unman! - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYmBraAAoJENtN07w5UDAwqw4P/3wIKcdPhh2hXWj2L5/7A7T/ UOPdKA9pChMYNjooULpResPgOJCjWOxhBMqBUmHom5u6F9ACITWg7KaFTZj7EKM3 qS5Y6TI91MENQjVcwNd3Dhp4wX7VOxvBdJNIin1rf/NXuqrSCmiQUtGNMxugqtdD katbdW17w7euG9F+4z2yx84wlIkU0bDMJpHC7LYc3m+RbM2D0F8kQi7QyEe+9Ow1 Zp5wO2Xl0wGunpE5O/6yghSDVtqzlzZ5VA+vjy3F6kyOWVFqH0blbZYeQSL1yvNH O7RW6FvFksDaLBbLmxu00JU9Cicel5hf+2gKra91h4hGNu7iPQm8JmmeQrcyUBfA jlmZtL2qomHGe6CKaNHfPtC7JxgUmSnVdVDhDTT8wknXMb69Ne/KxKe/sh+G80sM ceiq0m4oWdmcX/rFOAaZa3ah/pirsExcYmF2FbZ7spiLgg/+0teFIlCW2rQ3Rvv3 cwdFFWGD3LrWHj30G8qtt+poUwzVok5YL+d0L0wtQfpnHhB9nc6gS7G67y7PmLzI ld4gKccZU3FN2Hshr/AZiezoyPAB4ODwBTcHIR/fUMcrL8bpmy91/PbAPOULchKH
Re: [qubes-users] Disposable VMs
On Sun, Feb 05, 2017 at 04:38:09AM -0800, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2017-02-04 12:59, Unman wrote: > > On Sat, Feb 04, 2017 at 07:02:57PM +0100, john.david.r.smith > > wrote: > >> On 04/02/17 18:42, Loren Rogers wrote: > >>> Hi all, > >>> > >>> I'm confused about running disposable VMs - if I open a browser > >>> or file viewer, then want to open a terminal for the same VM, > >>> how could I do this? (E.g. I want to view an untrusted file, > >>> then make some edits.) > >> right click the dispvm in the qubes manager. select run command. > >> enter xterm or whatever you want to run > >> > >> or user (in dom0) qvm-run DISPVM_NAME xterm > >>> > >>> Is there a way to configure the default disposable VM in the > >>> Qubes menu? I see that disposable VMs can be configured for > >>> individual domains, but I can't find where the generic one is. > >>> > > Yes, you can customize the default DispVM by following > these instructions: > > https://www.qubes-os.org/doc/dispvm-customization/ > > >>> Also, is it possible to specify a different template for > >>> disposable machines? Say I'm running something based on the > >>> default fedora-23, and I want to open a document from my work > >>> VM, which uses that template. But I want to open it with my > >>> fedora-23-custom template as a disposable VM. (E.g. running a > >>> video in VLC that has untrustworthy components.) Is this > >>> doable? > >> > >> currently you can only have one dispvm. if you want, you can set > >> the template as default for dispvms (qvm-create-default-dvm) > >> > >> -john > > > > Loren, > > > > You can't configure disposable VMs for individual qubes - what you > > can do is change the netVM which will apply if you start a > > disposableVM from that qube. The dispVM that will be started is > > determined by the default dvm, and this is set by > > qvm-create-default-dvm. > > > > As John said, you can only have one default dvm, but it's trivial > > to work around this with a small script. > > Care to share that script, unman? > > > It's possible to do this because qvm-create-default-dvm does NOT > > remove the files for old dvms. You can see this if you generate a > > new default-dvm, and then look in /var/lib/qubes/appvms. So if you > > generate a number of different dvms based on different templates, > > it's simple to switch between them before launching a new dispVM. > > The launch time isn't noticeably different from starting up a new > > dispVM, and voila - multiple template disposable VMs on the cheap. > > > > How do you easily switch between the different DVM templates? > > > I do this without any apparent ill effects, but it certainly isn't > > part of the canon. > > > > unman > > > I've attached the script. It's trivial. First generate assorted dvms using qvm-create-default-dvm and customize them as wou will. (Strictly this isnt necessary but you may as well get your dvm just the way you want it.) Then just run the script: "./switch_dvm debian-8 xterm" will load a dvm based on the debian-8 template and run xterm in a new dispVM derived from that dvm. The debian-8-dvm will be the default from then on, but you can easily switch to another: "./switch_dvm xenial-desktop " If you havent generated a dvm already, then the script calls 'qvm-create -default-dvm' for you. Because you can set dvms with different netvms, and alternate Qubes networking paths, it's possible to trigger dispVMs using different torVMs/ VPNs through different NICs, in the same time it takes to load a dispVM ordinarily. I have a number of keyboard shortcuts to call it with different parameters, to do exactly this. It should be obvious that because you are using the saved dvm, you wont see any changes you make in the template until you trigger an updated saved dvm. There's all sorts of stuff wrong with it, but it's a quick hack and it works fine (for me). Try it at your own risk. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170205222339.GA6028%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout. #!/bin/sh if [ $# -eq 0 -o $# -gt 2 ] ; then echo 'Usage: switch_dvm templatename [command]' exit 1 fi TEMPLATENAME=$1 DVMTMPL="$TEMPLATENAME"-dvm DVMTMPLDIR="/var/lib/qubes/appvms/$DVMTMPL" ROOT=/var/lib/qubes/dvmdata/savefile-root DEFAULT=/var/lib/qubes/dvmdata/default-savefile CURRENT=/var/run/qubes/current-savefile SHMDIR=/dev/shm/qubes SHMCOPY=$SHMDIR/current-savefile if [ -d $DVMTMPLDIR ] ; then rm -f $ROOT $DEFAULT $CURRENT ln -s "$DVMTMPLDIR/dvm-savefile" $DEFAULT ln -s
Re: [qubes-users] Disposable VMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-02-04 12:59, Unman wrote: > On Sat, Feb 04, 2017 at 07:02:57PM +0100, john.david.r.smith > wrote: >> On 04/02/17 18:42, Loren Rogers wrote: >>> Hi all, >>> >>> I'm confused about running disposable VMs - if I open a browser >>> or file viewer, then want to open a terminal for the same VM, >>> how could I do this? (E.g. I want to view an untrusted file, >>> then make some edits.) >> right click the dispvm in the qubes manager. select run command. >> enter xterm or whatever you want to run >> >> or user (in dom0) qvm-run DISPVM_NAME xterm >>> >>> Is there a way to configure the default disposable VM in the >>> Qubes menu? I see that disposable VMs can be configured for >>> individual domains, but I can't find where the generic one is. >>> Yes, you can customize the default DispVM by following these instructions: https://www.qubes-os.org/doc/dispvm-customization/ >>> Also, is it possible to specify a different template for >>> disposable machines? Say I'm running something based on the >>> default fedora-23, and I want to open a document from my work >>> VM, which uses that template. But I want to open it with my >>> fedora-23-custom template as a disposable VM. (E.g. running a >>> video in VLC that has untrustworthy components.) Is this >>> doable? >> >> currently you can only have one dispvm. if you want, you can set >> the template as default for dispvms (qvm-create-default-dvm) >> >> -john > > Loren, > > You can't configure disposable VMs for individual qubes - what you > can do is change the netVM which will apply if you start a > disposableVM from that qube. The dispVM that will be started is > determined by the default dvm, and this is set by > qvm-create-default-dvm. > > As John said, you can only have one default dvm, but it's trivial > to work around this with a small script. Care to share that script, unman? > It's possible to do this because qvm-create-default-dvm does NOT > remove the files for old dvms. You can see this if you generate a > new default-dvm, and then look in /var/lib/qubes/appvms. So if you > generate a number of different dvms based on different templates, > it's simple to switch between them before launching a new dispVM. > The launch time isn't noticeably different from starting up a new > dispVM, and voila - multiple template disposable VMs on the cheap. > How do you easily switch between the different DVM templates? > I do this without any apparent ill effects, but it certainly isn't > part of the canon. > > unman > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYlxywAAoJENtN07w5UDAwL6sQAKsIaVtoIYt9bZJswcalKALa U2CN68p1snmVCNmI4BAAULK1T33GbKcDUMgIAwIQdtLD5GVm3MC/t80LTEq3GQ3o Px5+Tx0Ho32RpLIG4hAauGTPY+afHrR8SU4fNbR+hbENzWpiQ5JSitADlB5aOaMN IgQ72QUZPKvgHFX05HqJeDKQlwaiM+EgnhqOaw7UxO3dTwFnE8Rwu/GZFhez3NAC Z8xVwrBgyTWiyGw/f2iQW5oDIgbfisRaAhHHh0il6sPG5LGheyjbf0n5kD85PFrk mbMGXNRqt7NtMLHBjKQLjZTRHE7h4Y+kxC5J8RH/dohdcMY4K8lQWeL4j4XMv1ln v+BypyOJ5cOyBGLGoxuYwJeZxwrleJb2TVo6PxpvNog7F0UsokxUHwS/P63uT+VF VOMHfvjX5tL83gPAd+uEMXbhWkqX3rSXcwlb5W5NFJaxhj/7e5C5TJaNB74uxN9C wvkgE8zM87UxvyIPB75NcF9SzXD8ma66zilooaMnAO8+ljYGuGHj2StrM5Qe54Ys jyb/FjzLiy/gTdwK+ZvsmHQSCaF27d3/ekvsT9NdWyoLqxjkOjXCqXFR2QxIGFaz wxJGx9chxan1JXAdmxAek0PHcdNdVnF2+9ql4NvpvkVv7KpMGhiOqcsZxZUzP3nd tNGvf5phasOxfyK3A7Dp =GkEc -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/796372d9-a85b-9fa4-7692-bff4b541331e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disposable VMs
Sent with [ProtonMail](https://protonmail.com) Secure Email. Original Message Subject: Re: [qubes-users] Disposable VMs Local Time: February 4, 2017 3:59 PM UTC Time: February 4, 2017 8:59 PM From: un...@thirdeyesecurity.org To: john.david.r.smith <john.david.r.sm...@openmailbox.org> Loren Rogers <lo...@lorentrogers.com>, qubes-users <qubes-users@googlegroups.com> On Sat, Feb 04, 2017 at 07:02:57PM +0100, john.david.r.smith wrote: > On 04/02/17 18:42, Loren Rogers wrote: > >Hi all, > > > >I'm confused about running disposable VMs - if I open a browser or file > >viewer, then want to open a terminal for the same VM, how could I do this? > >(E.g. I want to view an untrusted file, then make some edits.) > right click the dispvm in the qubes manager. > select run command. > enter xterm or whatever you want to run > > or user (in dom0) qvm-run DISPVM_NAME xterm > > > >Is there a way to configure the default disposable VM in the Qubes menu? I > >see that disposable VMs can be configured for individual domains, but I > >can't find where the generic one is. > > > >Also, is it possible to specify a different template for disposable > >machines? Say I'm running something based on the default fedora-23, and I > >want to open a document from my work VM, which uses that template. But I > >want to open it with my fedora-23-custom template as a disposable VM. (E.g. > >running a video in VLC that has untrustworthy components.) Is this doable? > > currently you can only have one dispvm. > if you want, you can set the template as default for dispvms > (qvm-create-default-dvm) > > -john Loren, You can't configure disposable VMs for individual qubes - what you can do is change the netVM which will apply if you start a disposableVM from that qube. The dispVM that will be started is determined by the default dvm, and this is set by qvm-create-default-dvm. As John said, you can only have one default dvm, but it's trivial to work around this with a small script. It's possible to do this because qvm-create-default-dvm does NOT remove the files for old dvms. You can see this if you generate a new default-dvm, and then look in /var/lib/qubes/appvms. So if you generate a number of different dvms based on different templates, it's simple to switch between them before launching a new dispVM. The launch time isn't noticeably different from starting up a new dispVM, and voila - multiple template disposable VMs on the cheap. I do this without any apparent ill effects, but it certainly isn't part of the canon. unman Very interesting - thanks for the info on how it's done. I'm glad I wasn't just missing something obvious! Loren -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/PE01ztr699RYXdxOtwdrLN4jQl2wLYLIi6qhTWY6CL3T-tvftTcAvHcNM5uiGAdatewIsatqoy8Mz8RFqaAa7AyxgWcjaty2Er2liDo99Gw%3D%40lorentrogers.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disposable VMs
On Sat, Feb 04, 2017 at 07:02:57PM +0100, john.david.r.smith wrote: > On 04/02/17 18:42, Loren Rogers wrote: > >Hi all, > > > >I'm confused about running disposable VMs - if I open a browser or file > >viewer, then want to open a terminal for the same VM, how could I do this? > >(E.g. I want to view an untrusted file, then make some edits.) > right click the dispvm in the qubes manager. > select run command. > enter xterm or whatever you want to run > > or user (in dom0) qvm-run DISPVM_NAME xterm > > > >Is there a way to configure the default disposable VM in the Qubes menu? I > >see that disposable VMs can be configured for individual domains, but I > >can't find where the generic one is. > > > >Also, is it possible to specify a different template for disposable > >machines? Say I'm running something based on the default fedora-23, and I > >want to open a document from my work VM, which uses that template. But I > >want to open it with my fedora-23-custom template as a disposable VM. (E.g. > >running a video in VLC that has untrustworthy components.) Is this doable? > > currently you can only have one dispvm. > if you want, you can set the template as default for dispvms > (qvm-create-default-dvm) > > -john Loren, You can't configure disposable VMs for individual qubes - what you can do is change the netVM which will apply if you start a disposableVM from that qube. The dispVM that will be started is determined by the default dvm, and this is set by qvm-create-default-dvm. As John said, you can only have one default dvm, but it's trivial to work around this with a small script. It's possible to do this because qvm-create-default-dvm does NOT remove the files for old dvms. You can see this if you generate a new default-dvm, and then look in /var/lib/qubes/appvms. So if you generate a number of different dvms based on different templates, it's simple to switch between them before launching a new dispVM. The launch time isn't noticeably different from starting up a new dispVM, and voila - multiple template disposable VMs on the cheap. I do this without any apparent ill effects, but it certainly isn't part of the canon. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170204205904.GB32031%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disposable VMs
On 04/02/17 18:42, Loren Rogers wrote: Hi all, I'm confused about running disposable VMs - if I open a browser or file viewer, then want to open a terminal for the same VM, how could I do this? (E.g. I want to view an untrusted file, then make some edits.) right click the dispvm in the qubes manager. select run command. enter xterm or whatever you want to run or user (in dom0) qvm-run DISPVM_NAME xterm Is there a way to configure the default disposable VM in the Qubes menu? I see that disposable VMs can be configured for individual domains, but I can't find where the generic one is. Also, is it possible to specify a different template for disposable machines? Say I'm running something based on the default fedora-23, and I want to open a document from my work VM, which uses that template. But I want to open it with my fedora-23-custom template as a disposable VM. (E.g. running a video in VLC that has untrustworthy components.) Is this doable? currently you can only have one dispvm. if you want, you can set the template as default for dispvms (qvm-create-default-dvm) -john -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a56fa765-2503-8f2a-2f05-6ba87e5cbb72%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Disposable VMs
Hi all, I'm confused about running disposable VMs - if I open a browser or file viewer, then want to open a terminal for the same VM, how could I do this? (E.g. I want to view an untrusted file, then make some edits.) Is there a way to configure the default disposable VM in the Qubes menu? I see that disposable VMs can be configured for individual domains, but I can't find where the generic one is. Also, is it possible to specify a different template for disposable machines? Say I'm running something based on the default fedora-23, and I want to open a document from my work VM, which uses that template. But I want to open it with my fedora-23-custom template as a disposable VM. (E.g. running a video in VLC that has untrustworthy components.) Is this doable? Sent with [ProtonMail](https://protonmail.com) Secure Email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/P0V-3mPvSqFlHvDpDxAfjb-iBk5r3G38iXa8YcOPYHSBcYpo1MLvlgr5lOjsTSzA7C7u5gYM-fFnf-xlrNNGSabnhsq9xZgBvrbnn0jDE-o%3D%40lorentrogers.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disposable VMs are not disposed of
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 15, 2016 at 02:37:14PM +, IX4 Svs wrote: > On Tue, Nov 15, 2016 at 1:14 AM, Marek Marczykowski-Górecki < > marma...@invisiblethingslab.com> wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Tue, Nov 15, 2016 at 12:34:19AM +, Alex wrote: > > > This is the second time I encounter this freaky issue on R3.1: > > > > > > Start a DispVM Firefox, login to a website, close Firefox, observe the > > disposable VM is gone from the VM manager. Fine so far. > > > > > > Launch a new disposable Firefox which creates a new VM with a different > > name (dispN) - notice with horror that you are already logged on to the > > website you had logged on to from the terminated VM. > > > > > > Surely this is not supposed to happen. How to troubleshoot? > > > > I believe you've hit this issue: > > https://github.com/QubesOS/qubes-issues/issues/2200 > > > > The issue is fixed in R3.2, but it hasn't been yet backported to R3.1... > > For now, make sure that files in /var/lib/qubes/appvms/fedora-23-dvm (or > > other - depending on what template you use for DispVM) are owned by your > > user. Then recreate DispVM savefile with qvm-create-default-dvm. > > > > > All files in /var/lib/qubes/appvms/fedora-23-dvm are owned by my user, > group qubes - but volatile.img is -rw-r--r-- while all other files are > -rw-rw-r-- (so, group can't write to it). I changed this with chmod 664 > volatile.img but on running qvm-create-default-vm the permissions are reset > to their earlier state - and volatile.img is not group-writeable. > > Should people on R3.1 just chmod 664 volatile.img right after recreating > the DVM? Above permissions looks ok - if the file is owned by your user, being group writable does not matter. Maybe it was owned by root during previous qvm-create-default-dvm call, but now is ok? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYK5IvAAoJENuP0xzK19csYscH/RskSBghAdBbvwZm/UMc69RP Raz6H3WRRRGCytN0Jfri+QiGWhQdugclWH2tyn9uUlzKFeNA4AE3GD7oT/bUc5Zf 8XJYV4JTWOEQN4TnfprDwksRQGyuPyfLAUUuiOyRqE2e2AaexXg7ZDTKNrQGG8qq X0+pV3nE1U7Fw4WclGIohFb6PCtUR8ILvJ4fzODnH97V2K65qP3+/LqmryeEMTMu 2rr1VsI+y2CDjp3b6vOQQdyeWbaMa/OrkK7rXG+TS2SCV2g6C8UhCWBCMZ8OSWZZ GEVrSH8yI0LgWSahbkN0biai68N+GDoGEFfKH/WkNhXBAUGr18Su6/R4FcIy0Ec= =yyJR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161115225439.GL17458%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Disposable VMs are not disposed of
On Tue, Nov 15, 2016 at 1:14 AM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Tue, Nov 15, 2016 at 12:34:19AM +, Alex wrote: > > This is the second time I encounter this freaky issue on R3.1: > > > > Start a DispVM Firefox, login to a website, close Firefox, observe the > disposable VM is gone from the VM manager. Fine so far. > > > > Launch a new disposable Firefox which creates a new VM with a different > name (dispN) - notice with horror that you are already logged on to the > website you had logged on to from the terminated VM. > > > > Surely this is not supposed to happen. How to troubleshoot? > > I believe you've hit this issue: > https://github.com/QubesOS/qubes-issues/issues/2200 > > The issue is fixed in R3.2, but it hasn't been yet backported to R3.1... > For now, make sure that files in /var/lib/qubes/appvms/fedora-23-dvm (or > other - depending on what template you use for DispVM) are owned by your > user. Then recreate DispVM savefile with qvm-create-default-dvm. > > All files in /var/lib/qubes/appvms/fedora-23-dvm are owned by my user, group qubes - but volatile.img is -rw-r--r-- while all other files are -rw-rw-r-- (so, group can't write to it). I changed this with chmod 664 volatile.img but on running qvm-create-default-vm the permissions are reset to their earlier state - and volatile.img is not group-writeable. Should people on R3.1 just chmod 664 volatile.img right after recreating the DVM? Thanks Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAEe-%3DTcfU6%2B4L5KZOjCpaB5UQfo%2BjhoD-%2Bu5SgPoWHVqA-caiQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
