Re: [qubes-users] Re: Qubes 4.1 qrexec issue?

2022-03-21 Thread Demi Marie Obenour
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Mar 16, 2022 at 10:02:41AM +, 'taran1s' via qubes-users wrote:
> 
> 
> unman:
> > On Wed, Mar 09, 2022 at 11:20:53AM +, 'taran1s' via qubes-users wrote:
> > > 
> > > 
> > > taran1s:
> > > > I have an issue with Split GPG as well as with opening files in the
> > > > disposable VMs and with the qrexec in the guide How to use Monero
> > > > CLI/daemon with Qubes + Whonix too.
> > > > 
> > > > https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html
> > > > 
> > > > 
> > > > Split GPG
> > > > 
> > > > Opening Thunderbird, I get following errors in the notification popup:
> > > > 
> > > > Denied: whonix.NewStatus
> > > > Denied whonix.NewStatus+status from work-email to sys-whonix
> > > > 
> > > > I have to as well make every gpg action confirm in the Dom0 Operation
> > > > Execution with Target GPG backend.
> > > > 
> > > > Using dispVMs from within AppVM
> > > > 
> > > > When trying to convert file or open it in the disposable VM from within
> > > > the normal AppVM, I get an error popuplike :
> > > > 
> > > > Denied: qubes.PdfConvert
> > > > Denied qubes.pdfConvert from work-email to @dispvm
> > > > 
> > > > Any advice appreciated!
> > > 
> > > Is this mailing list still active or one needs to better go to a different
> > > place?
> > > 
> > 
> > Still active, but the Forum has more traffic, although it's often low
> > grade and noisy.
> > 
> > On your questions,  the first looks like a Whonix issue - Patrick has
> > asked that Qubes-Whonix questions be put in the Whonix forums, where
> > they will get better oversight.
> > The second looks like permissions - look in the policy file at
> > /etc/qubes-rpc/policy/qubes.PdfConvert
> 
> The /etc/qubes-rpc/policy/qubes.PdfConvert has allowed anyvm to run
> PdfConvert
> $anyvm $dispvm allow

What do the files under “/etc/qubes/policy.d” contain?  R4.1 has a new
policy syntax and the files are located in a different directory.  That
could easily cause denials.

- -- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmI4jTgACgkQsoi1X/+c
IsGQwBAA0qZzYydofkEOcKdahuyyRzlYAr+n/V07TQEtfURAsbdpJvdu8d7/G1je
U5kcwLbjPyr+auHGZ1xqytwxyT+sRVD9YIXYoBscKyirf0uQzUuNxJI2IywxhOV4
Z8NDt6xsithbHL4ia3VWMNRv6MhDxmFOEI3Qrx4QcLwiBFp3WHm/G+1LYTSBSGjI
VEHmeeyT3ZEDg16sNeAHQCLa+lgEawTvcf3i55B8W39wn/48zaQ22L/aCqRJ9Yc/
kUgV86LE1BanLX8w7fQN6qXth0++taG1tsoCyzeIL1iHCB2vax+x03Km6Q8lKxAT
DJYxVC7qbmHsHsAIaU7JgOrEeIfj6xvjO2+1yCb124wx2eO1AmcyylbVApZXGzkV
zOcWly1zQ04QjMiBaB8cOxnm18djomVoQpS+WQDtrcQ38VniDTI6d6tCfjknIbym
Hfxot70Q6IE8Bz8GcfsGASFFVCM68FSMtXTTbV/UUp+FJN1csXTlJ2PNGbTFMjuW
W7V3ucIdH4eyTBJo3VKYvO4JgPKACvS+zjzRxNQLN+r+SXQl7bV0rvl5LQHvQwxo
uqmc7rff0iA1pXHv1Iv7ivC3HJG+oo+JcX25zY8m7U2UB+6txFuoxPOJbBrTf/+Z
df3fXrLqHB23IeE99Yx8Y9B/Ccr8zsOcr50pQKw/bsPAKC11tg4=
=GFsR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/YjiNN9MjLND2gGNG%40itl-email.


Re: [qubes-users] Re: Qubes 4.1 qrexec issue?

2022-03-21 Thread 'taran1s' via qubes-users




Demi Marie Obenour:

On Wed, Mar 16, 2022 at 10:02:41AM +, 'taran1s' via qubes-users wrote:



unman:

On Wed, Mar 09, 2022 at 11:20:53AM +, 'taran1s' via qubes-users wrote:



taran1s:

I have an issue with Split GPG as well as with opening files in the
disposable VMs and with the qrexec in the guide How to use Monero
CLI/daemon with Qubes + Whonix too.

https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html


Split GPG

Opening Thunderbird, I get following errors in the notification popup:

Denied: whonix.NewStatus
Denied whonix.NewStatus+status from work-email to sys-whonix

I have to as well make every gpg action confirm in the Dom0 Operation
Execution with Target GPG backend.

Using dispVMs from within AppVM

When trying to convert file or open it in the disposable VM from within
the normal AppVM, I get an error popuplike :

Denied: qubes.PdfConvert
Denied qubes.pdfConvert from work-email to @dispvm

Any advice appreciated!


Is this mailing list still active or one needs to better go to a different
place?



Still active, but the Forum has more traffic, although it's often low
grade and noisy.

On your questions,  the first looks like a Whonix issue - Patrick has
asked that Qubes-Whonix questions be put in the Whonix forums, where
they will get better oversight.
The second looks like permissions - look in the policy file at
/etc/qubes-rpc/policy/qubes.PdfConvert



The /etc/qubes-rpc/policy/qubes.PdfConvert has allowed anyvm to run
PdfConvert
$anyvm $dispvm allow


What do the files under “/etc/qubes/policy.d” contain?  R4.1 has a new
policy syntax and the files are located in a different directory.  That
could easily cause denials.



Dear Demi-Marie, thank you for your reaction. Patrick on whonix forum 
mentioned that this is an issue (the communication in between qubes) 
with the Qubes qrexec rules, not whonix specific.


To your question regarding, the files under /etc/qubes/policy.d. The 
Qubes 4.1 is a fresh installation and I didn't make any changes except 
the Split Gpg and the Monero guide here 
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Monero_Wallet_Isolation


I believe that there are no changes whatsoever in the files under 
/etc/qubes/policy.d and should be in default vanilla state.


Thank you in advance for your support!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53be1d3a-d510-ab04-8a58-11b4167cf70d%40mailbox.org.


Re: [qubes-users] Re: Qubes 4.1 qrexec issue?

2022-03-16 Thread 'taran1s' via qubes-users




unman:

On Wed, Mar 09, 2022 at 11:20:53AM +, 'taran1s' via qubes-users wrote:



taran1s:

I have an issue with Split GPG as well as with opening files in the
disposable VMs and with the qrexec in the guide How to use Monero
CLI/daemon with Qubes + Whonix too.

https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html


Split GPG

Opening Thunderbird, I get following errors in the notification popup:

Denied: whonix.NewStatus
Denied whonix.NewStatus+status from work-email to sys-whonix

I have to as well make every gpg action confirm in the Dom0 Operation
Execution with Target GPG backend.

Using dispVMs from within AppVM

When trying to convert file or open it in the disposable VM from within
the normal AppVM, I get an error popuplike :

Denied: qubes.PdfConvert
Denied qubes.pdfConvert from work-email to @dispvm

Any advice appreciated!


Is this mailing list still active or one needs to better go to a different
place?



Still active, but the Forum has more traffic, although it's often low
grade and noisy.

On your questions,  the first looks like a Whonix issue - Patrick has
asked that Qubes-Whonix questions be put in the Whonix forums, where
they will get better oversight.
The second looks like permissions - look in the policy file at
/etc/qubes-rpc/policy/qubes.PdfConvert


The /etc/qubes-rpc/policy/qubes.PdfConvert has allowed anyvm to run 
PdfConvert

$anyvm $dispvm allow

I already asked on the whonix forum and followed the improved version of 
the guide for Split Monero on Whonix website, but got another error that 
seems like the monero-wallet-ws AppVM doesnt see the monerod-ws AppVM. 
Monero GUI cannot connect and monero-wallet-cli returns this error:


Error: wallet failed to connect to daemon: http://localhost:18081. 
Daemon either is not started or wrong port was passed. Please make sure 
daemon is running or change the daemon address using the ‘set_daemon’ 
command.

Background refresh thread started

The monerod-ws is syncing albeit it gets quite a lot Socks errors here 
and there and sometimes freezes


Also in connection with the error related to the PdfConvert, I am not 
sure if the issue wiht the Split Monero is whonix specific or it is 
linked to the general qubes qrexcec setup and permissions of my Qubes.


Qubes 4.1 I use is vanilla and whonix-ws-16 is full vanilla too.

It would be really helpful if someone more experienced could have a look 
into it and provide help. I am cut off from the monero usage now if I 
don't want to use the remote node which I would like to avoid. Tried to 
find an answer on the net but didn't succeed.


Thanks in advance to anyone that can help us solve the issue!

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a0b67fc-a975-cd5b-5410-fd5c32492ce3%40mailbox.org.


Re: [qubes-users] Re: Qubes 4.1 qrexec issue?

2022-03-09 Thread 'awokd' via qubes-users

'taran1s' via qubes-users:



taran1s:
I have an issue with Split GPG as well as with opening files in the 
disposable VMs and with the qrexec in the guide How to use Monero 
CLI/daemon with Qubes + Whonix too.




Is this mailing list still active or one needs to better go to a 
different place?


Think many users are over on the forum (https://forum.qubes-os.org/). 
Your question is a bit niche, though, so possibly not many in general 
have experienced a similar issue or know how to fix it?


--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/874f90ca-48d5-d5ab-9ef1-06de7f518519%40danwin1210.de.


Re: [qubes-users] Re: Qubes 4.1 qrexec issue?

2022-03-09 Thread unman
On Wed, Mar 09, 2022 at 11:20:53AM +, 'taran1s' via qubes-users wrote:
> 
> 
> taran1s:
> > I have an issue with Split GPG as well as with opening files in the
> > disposable VMs and with the qrexec in the guide How to use Monero
> > CLI/daemon with Qubes + Whonix too.
> > 
> > https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html
> > 
> > 
> > Split GPG
> > 
> > Opening Thunderbird, I get following errors in the notification popup:
> > 
> > Denied: whonix.NewStatus
> > Denied whonix.NewStatus+status from work-email to sys-whonix
> > 
> > I have to as well make every gpg action confirm in the Dom0 Operation
> > Execution with Target GPG backend.
> > 
> > Using dispVMs from within AppVM
> > 
> > When trying to convert file or open it in the disposable VM from within
> > the normal AppVM, I get an error popuplike :
> > 
> > Denied: qubes.PdfConvert
> > Denied qubes.pdfConvert from work-email to @dispvm
> > 
> > Any advice appreciated!
> 
> Is this mailing list still active or one needs to better go to a different
> place?
> 

Still active, but the Forum has more traffic, although it's often low
grade and noisy.

On your questions,  the first looks like a Whonix issue - Patrick has
asked that Qubes-Whonix questions be put in the Whonix forums, where
they will get better oversight.
The second looks like permissions - look in the policy file at
/etc/qubes-rpc/policy/qubes.PdfConvert

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/YiittlokWGpOaiKk%40thirdeyesecurity.org.