Re: [qubes-users] can I use paranoid mode from a 3.2 backup?
On Saturday, December 23, 2017 at 8:40:08 PM UTC-5, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Wed, Dec 20, 2017 at 10:35:26AM -0800, cooloutac wrote: > > Thinking of upgrading to 4.0. > > if I want to restore vms from 3.2, possibly compromised, system. Can I use > > the paranoid restore mode in 4.0, or would that only work from 4.0 backup. > > This isn't properly documented yet. The general idea is to restore the > backup using some dedicated VM (maybe even disposable VM), instead of > dom0. See here: > https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/#sandboxed-paranoid-backup-restores > In the section "Simple management VM demo", you can find required steps > to setup qrexec policy to allow such operation. > > Our previous tests weren't very successful: > https://github.com/QubesOS/qubes-issues/issues/2986 > > But things have improved since then and hopefully(*) it works now. > > (*) which reminds me to add automated test for this case of backup > too... > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > > iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlo/BXEACgkQ24/THMrX > 1yzWLAf+M3aaE2f654BE0K1GKeMQvKn9Aj2ZeWeGQJGyWSY2Or2yP56mqQ83sb71 > Pl/fdV0f+PX2PkZbvezHawni+kuTLJ7I7B6njrfbOZvjNNozP/P8e9AuRRa4G9Jw > RgNY88BF5UmOU/ZK6RnDeLi9DSiQZI1olNmsNn3emrvu6Y2gilt0vmxCAa7mfKYd > 7sk/Xt0oyH/q260kZwdNysu66gULnq1x3lwtGrhpWD0Zui/StKZ56yHicX5liau+ > foap465e1gwhtuIkO50KAqAZHYrWWmh1yMUeoqfouUDBe0wYZ1MPyzSTEILkKsYx > 3NasV/1rPOhGNnPMkFKRy+FNyK2RQQ== > =ty+y > -END PGP SIGNATURE- tks when I get a chance I'll give it a shot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9cae2caa-2385-4c3e-80a9-6adbaff45154%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] can I use paranoid mode from a 3.2 backup?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Dec 20, 2017 at 10:35:26AM -0800, cooloutac wrote: > Thinking of upgrading to 4.0. > if I want to restore vms from 3.2, possibly compromised, system. Can I use > the paranoid restore mode in 4.0, or would that only work from 4.0 backup. This isn't properly documented yet. The general idea is to restore the backup using some dedicated VM (maybe even disposable VM), instead of dom0. See here: https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/#sandboxed-paranoid-backup-restores In the section "Simple management VM demo", you can find required steps to setup qrexec policy to allow such operation. Our previous tests weren't very successful: https://github.com/QubesOS/qubes-issues/issues/2986 But things have improved since then and hopefully(*) it works now. (*) which reminds me to add automated test for this case of backup too... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlo/BXEACgkQ24/THMrX 1yzWLAf+M3aaE2f654BE0K1GKeMQvKn9Aj2ZeWeGQJGyWSY2Or2yP56mqQ83sb71 Pl/fdV0f+PX2PkZbvezHawni+kuTLJ7I7B6njrfbOZvjNNozP/P8e9AuRRa4G9Jw RgNY88BF5UmOU/ZK6RnDeLi9DSiQZI1olNmsNn3emrvu6Y2gilt0vmxCAa7mfKYd 7sk/Xt0oyH/q260kZwdNysu66gULnq1x3lwtGrhpWD0Zui/StKZ56yHicX5liau+ foap465e1gwhtuIkO50KAqAZHYrWWmh1yMUeoqfouUDBe0wYZ1MPyzSTEILkKsYx 3NasV/1rPOhGNnPMkFKRy+FNyK2RQQ== =ty+y -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171224013958.GC3743%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] can I use paranoid mode from a 3.2 backup?
Thinking of upgrading to 4.0. if I want to restore vms from 3.2, possibly compromised, system. Can I use the paranoid restore mode in 4.0, or would that only work from 4.0 backup. Tks in advance. rich. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d30253a-cc66-44b5-b513-ee72cd681b67%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.