Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)

On Mon, Nov 14, 2016 at 4:16 PM, Marek Marczykowski-Górecki wrote: > You can temporarily set sys-firewall netvm to none. This will allow you > to shutdown/restart sys-net without consequences. Remember to change > sys-firewall netvm back to sys-net afterwards.

Re: [qubes-users] Re: One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

Alternatively, if you just want to see if things will work at all, IIRC you should also be able to un-check a "use sys-usb" (or similar) checkbox in the installer somewhere, and IIRC rd.qubes.hide_all_usb is only set if this box is checked. -- You received this message because you are subscribed

Re: [qubes-users] Re: One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

On Tue, Nov 15, 2016 at 12:17 AM, dumbcyber wrote: > On Tuesday, 15 November 2016 10:28:52 UTC+11, Marek Marczykowski-Górecki > wrote: >> you need to remove 'rd.qubes.hide_all_usb' from kernel parameters. > > Thanks for the info. For me a noob, how do I remove that

Re: [qubes-users] Re: One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

On Tuesday, 15 November 2016 10:28:52 UTC+11, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Mon, Nov 14, 2016 at 02:33:50PM -0800, dumbcyber wrote: > > On Tuesday, 15 November 2016 09:02:56 UTC+11, dumbcyber wrote: > > > On Tuesday, 15 November

Re: [qubes-users] Re: Intel TXT advice

On Monday, November 14, 2016 at 11:55:09 PM UTC, tai...@gmx.com wrote: > On 11/14/2016 04:50 PM, entr0py wrote: > > > taii...@gmx.com: > >> On 11/14/2016 03:12 PM, Eric wrote: > >>> On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote: > Eric: > > On Sunday, November 13, 2016

[qubes-users] EFI / UEFI guest

Hi, I was wondering what the status is for allowing for EFI / UEFI guest VM (ie an appvm or HVM being able to use EFI rather than bios). This feature seems to have been implemented in Xen 4.4, "but not build in by default" whatever that means. Here is the reference:

Re: [qubes-users] Re: mounting a disk image or volume in app-vm, fast backups

On 11/14/2016 05:20 PM, pixel fairy wrote: On Monday, November 14, 2016 at 5:09:41 PM UTC-5, Chris Laprise wrote: Using btrfs as the dom0 filesystem (or a btrfs volume added to a dom0 pool) could enable the advantages being sought here. Using either snapshots or reflinks, you can create an

Re: [qubes-users] Disguising Qubes VMs

On Mon, Nov 14, 2016 at 05:02:35PM -0800, Sec Tester wrote: > A thought on security through obfuscation. > > Right now in terminal is you type: "uname -r" we get the kernel version, > which has "qubes" in the name. > > Straight away the attacker, knows he's dealing with a qubes VM. Could we not

Re: [qubes-users] Disguising Qubes VMs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 05:02:35PM -0800, Sec Tester wrote: > A thought on security through obfuscation. > > Right now in terminal is you type: "uname -r" we get the kernel version, > which has "qubes" in the name. > > Straight away the attacker,

[qubes-users] Disguising Qubes VMs

A thought on security through obfuscation. Right now in terminal is you type: "uname -r" we get the kernel version, which has "qubes" in the name. Straight away the attacker, knows he's dealing with a qubes VM. Could we not name the kernels to match their original OS? And following that same

Re: [qubes-users] Fedora 24 template available for Qubes 3.2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 11:14:19PM +, Gaijin wrote: > systemctl doesn't show anything abnormal > systemctl --all shows several not found inactive dead listings > ex. > livesys.service > ntpd.service > qubes-core.service > qubes-dvm.service >

Re: [qubes-users] Re: Intel TXT advice

On 11/14/2016 04:50 PM, entr0py wrote: taii...@gmx.com: On 11/14/2016 03:12 PM, Eric wrote: On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote: Eric: On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, tai...@gmx.com wrote: Forgot to say: Purism is just an overpriced

Re: [qubes-users] Re: One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 02:33:50PM -0800, dumbcyber wrote: > On Tuesday, 15 November 2016 09:02:56 UTC+11, dumbcyber wrote: > > On Tuesday, 15 November 2016 08:47:30 UTC+11, dumbcyber wrote: > > > From the beginning I have to ask for forgiveness -

[qubes-users] selfsecure systems - redunancy?

Well, I have considered something similar in the past. My objective was slightly different (backwoods vs. vulnerable code), but the reasoning why ít is not as useful idea as it might look will be similar: 1. It cannot prevent some kind of attacks because of covert channels. 2. It can actually

Re: [qubes-users] Fedora 24 template available for Qubes 3.2

On 2016-11-14 06:42, Gaijin wrote: On 2016-11-13 23:33, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 13, 2016 at 11:12:34PM +, Gaijin wrote: I have several templates based on Fedora 23 where I've installed various software. When I follow

[qubes-users] Re: One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

On Tuesday, 15 November 2016 09:02:56 UTC+11, dumbcyber wrote: > On Tuesday, 15 November 2016 08:47:30 UTC+11, dumbcyber wrote: > > From the beginning I have to ask for forgiveness - I am new to Qubes and > > have no knowledge of changing boot managers beyond trial and error. > > > > My

Re: [qubes-users] Re: mounting a disk image or volume in app-vm, fast backups

On Monday, November 14, 2016 at 5:09:41 PM UTC-5, Chris Laprise wrote: > Using btrfs as the dom0 filesystem (or a btrfs volume added to a dom0 > pool) could enable the advantages being sought here. Using either > snapshots or reflinks, you can create an offline copy of the VM's > private.img,

Re: [qubes-users] Re: mounting a disk image or volume in app-vm, fast backups

Using btrfs as the dom0 filesystem (or a btrfs volume added to a dom0 pool) could enable the advantages being sought here. Using either snapshots or reflinks, you can create an offline copy of the VM's private.img, and then attach that to the backup vm. This eliminates the first rsync step.

[qubes-users] Re: One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

On Tuesday, 15 November 2016 08:47:30 UTC+11, dumbcyber wrote: > From the beginning I have to ask for forgiveness - I am new to Qubes and have > no knowledge of changing boot managers beyond trial and error. > > My hardware is a Macbook 11,1. In fact I don't have any other machines at > home.

Re: [qubes-users] DispVM

Thanks! I'll stop trying to get DispVMs working for now then. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post

Re: [qubes-users] DispVM

On Mon, Nov 14, 2016 at 09:55:36PM +, Unman wrote: > On Mon, Nov 14, 2016 at 09:39:38PM +, Fred wrote: > > On 14/11/2016 21:32, Unman wrote: > > > Is there anything in /var/log/libvirt/libxl logs? > > > > The following; > > > > 2016-11-14 20:38:15 GMT libxl: error: > >

Re: [qubes-users] Re: Intel TXT advice

entr0py: > taii...@gmx.com: >> On 11/14/2016 03:12 PM, Eric wrote: >>> On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote: Eric: > On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, > tai...@gmx.com wrote: >> Forgot to say: Purism is just an overpriced quanta/oem

Re: [qubes-users] DispVM

On Mon, Nov 14, 2016 at 09:39:38PM +, Fred wrote: > On 14/11/2016 21:32, Unman wrote: > > Is there anything in /var/log/libvirt/libxl logs? > > The following; > > 2016-11-14 20:38:15 GMT libxl: error: > libxl_pci.c:1041:libxl__device_pci_reset: The kernel doesn't support reset > from

Re: [qubes-users] One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

On 11/14/2016 04:47 PM, dumbcyber wrote: >From the beginning I have to ask for forgiveness - I am new to Qubes and have no knowledge of changing boot managers beyond trial and error. My hardware is a Macbook 11,1. In fact I don't have any other machines at home. I want to create a bootable

Re: [qubes-users] Re: Intel TXT advice

taii...@gmx.com: > On 11/14/2016 03:12 PM, Eric wrote: >> On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote: >>> Eric: On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, tai...@gmx.com wrote: > Forgot to say: Purism is just an overpriced quanta/oem > whitebox

[qubes-users] One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

>From the beginning I have to ask for forgiveness - I am new to Qubes and have >no knowledge of changing boot managers beyond trial and error. My hardware is a Macbook 11,1. In fact I don't have any other machines at home. I want to create a bootable USB drive with Qubes R3.2. I had the usual

Re: [qubes-users] Re: Please help, can't get into Qubes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 01:31:28PM +, Fred wrote: > On 12/11/2016 08:27, Alex wrote: > > Try editing /var/lib/qubes/qubes.xml and set "autostart" to False > > instead of True for the sys-net vm > > I had actually found this file and tried

Re: [qubes-users] cannot boot into qubes: drive not detected as boot device (EFI)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 08:42:41AM -0800, Francesco Rmp wrote: > Hello everyone, > thanks in advance for your support. > > I'm new tu qubes but not to linux un general and i'm having a bad issue with > my qubes installation. > > I have a qubes

Re: [qubes-users] DispVM

On 14/11/2016 21:32, Unman wrote: > Is there anything in /var/log/libvirt/libxl logs? The following; 2016-11-14 20:38:15 GMT libxl: error: libxl_pci.c:1041:libxl__device_pci_reset: The kernel doesn't support reset from sysfs for PCI device :01:00.1 2016-11-14 20:40:12 GMT xc: error:

Re: [qubes-users] DispVM

On Mon, Nov 14, 2016 at 09:12:08PM +, Fred wrote: > On 14/11/2016 17:56, Unman wrote: > > > I'm not aware of any particular issues, although there have been some > > reports of issues with customisation. > > Here is what I get after removing and recreating. No errors and the save > file says

Re: [qubes-users] Re: Restoring VM causes drive to fill but it isn't full..

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 13, 2016 at 11:12:36PM -0800, Drew White wrote: > On Monday, 14 November 2016 17:19:43 UTC+11, Drew White wrote: > > Hi folks, > > > > > > I'm trying to restore a guest. > > I have / which has 2.1 GB free. (The root drive where things

Re: [qubes-users] mounting a disk image or volume in app-vm, fast backups

On Mon, Nov 14, 2016 at 12:33:17PM -0800, Connor Page wrote: > On Monday, 14 November 2016 19:24:06 UTC, Unman wrote: > > qvm-block -A allows you to attach an image file to a qube. > > BTW, what's the correct way to detach one image file? it's not mentioned in > the man page :( > qvm-block -A

Re: [qubes-users] DispVM

On 14/11/2016 17:56, Unman wrote: > I'm not aware of any particular issues, although there have been some > reports of issues with customisation. Here is what I get after removing and recreating. No errors and the save file says it was created OK. I found an xterm command to run in dom0 to try

Re: [qubes-users] Where to bulk-download mailing list archives?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 01:21:29AM -0500, Jean-Philippe Ouellet wrote: > Does anyone know of a convenient place to grab the complete archives > of this list? (and qubes-devel too?) > > With the (lets hope indeed temporary) death of gmane and its

Re: [qubes-users] mounting a disk image or volume in app-vm, fast backups

On Monday, 14 November 2016 19:24:06 UTC, Unman wrote: > qvm-block -A allows you to attach an image file to a qube. BTW, what's the correct way to detach one image file? it's not mentioned in the man page :( -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 02:44:40AM -0800, Sec Tester wrote: > > > > Why not grsecurity/PaX? especially with Qubes 4 switching to HVM (or PVHv2 > > or whatever it's called now), it will apparently work fine. > > Nice suggestion. I would certainly

Re: [qubes-users] Re: Improvement: check disk space before copy to VM

On Mon, Nov 14, 2016 at 2:42 PM, Jean-Philippe Ouellet wrote: > On Mon, Nov 14, 2016 at 5:49 AM, Sec Tester wrote: >> Could open up a vulnerability if not done carefully. >> >> VM could use it to query and identify other VMs in existence on the system. > >

Re: [qubes-users] Re: Intel TXT advice

On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote: > Eric: > > On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, tai...@gmx.com > > wrote: > >> Forgot to say: Purism is just an overpriced quanta/oem whitebox > >> laptop, it takes 5mil+ of startup funds to do a small run of *just >

Re: [qubes-users] Re: Intel TXT advice

On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote: > Eric: > > On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, tai...@gmx.com > > wrote: > >> Forgot to say: Purism is just an overpriced quanta/oem whitebox > >> laptop, it takes 5mil+ of startup funds to do a small run of *just >

Re: [qubes-users] Re: Intel TXT advice

Eric: > On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, tai...@gmx.com > wrote: >> Forgot to say: Purism is just an overpriced quanta/oem whitebox >> laptop, it takes 5mil+ of startup funds to do a small run of *just >> a motherboard* let alone an entire laptop computer including the >> fab for

Re: [qubes-users] Installing VPN in Qubes Versus VPN on a Router

entr0py: > taii...@gmx.com: >> On 11/13/2016 07:39 PM, entr0py wrote: >>> taii...@gmx.com: You can use a VMM with a pfsense VM and separate driver domains for the network interfaces, qubes isn't a router operating system... >>> >>> Is there an inherent reason that Qubes should not

Re: [qubes-users] Re: Improvement: check disk space before copy to VM

On Mon, Nov 14, 2016 at 5:49 AM, Sec Tester wrote: > Could open up a vulnerability if not done carefully. > > VM could use it to query and identify other VMs in existence on the system. There are already several timing side-channel ways to do that. Example: AppVM$

[qubes-users] macbookpro 11,3 installer keeps returning to grub menu

just what the subject line says. there is an error message, but it flashes by too fast to read. all four choices have the same result. hardware is late 2013 15" retina, 11,3 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

Re: [qubes-users] mounting a disk image or volume in app-vm, fast backups

On Mon, Nov 14, 2016 at 10:52:27AM -0800, pixel fairy wrote: > how do you attach an image file to an appvm? > > what would you recommend for for resizable, or ideally, automatically > resizing volume for this? > > the idea is to attach an image an appvm, rsync the data you want to backup. >

Re: [qubes-users] Re: Thinkpad X201t

Yes - that's it! Thanks so much. I'm installing now. I posted your answer to the Github issue for reference. Loren On Mon, Nov 14, 2016 at 10:40:10AM -0800, pixel fairy wrote: > On Monday, November 14, 2016 at 1:02:42 PM UTC-5, lo...@lorentrogers.com > wrote: > > Hi everyone, > > > > This is my

[qubes-users] Re: Thinkpad X201t

On Monday, November 14, 2016 at 1:02:42 PM UTC-5, lo...@lorentrogers.com wrote: > Hi everyone, > > This is my first message on this list, so I hope I'm not spamming folks > with this! > > I'm trying to test out an install of Qubes on my Thinkpad X201t, and the > installer seems to have issues

Re: [qubes-users] DispVM

On Mon, Nov 14, 2016 at 01:37:40PM +, Fred wrote: > > Are there any known issues with the DispVM in Qubes 3.2 that I should be > aware of? > > I cannot get it to work. I have also tried recreating it two ways based > on the default template *and* choosing a different non-default one. > >

Re: [qubes-users] Re: Please help, can't get into Qubes

On 14/11/2016 13:46, Unman wrote: > For future reference, I think the sys-net started because there were > OTHER qubes downstream set to autostart, e.g sys-firewall. If they are > still starting they will trigger the sys-net. So you need to either set > the netvm to none for them or stop them

Re: [qubes-users] Improvement: check disk space before copy to VM

Am 14.11.2016 um 14:46 schrieb Robert Mittendorf: > One basic principle of usability is to make it hard to make mistakes > (including destroying work/files). Imagine a guy dressed in an elaborate tin can standing behind you, kicking you down some cliff shouting "THIS... IS... UINX...". Really,

[qubes-users] cannot boot into qubes: drive not detected as boot device (EFI)

Hello everyone, thanks in advance for your support. I'm new tu qubes but not to linux un general and i'm having a bad issue with my qubes installation. I have a qubes 3.2 installation on an external USB drive (because $reasons) and it's not willing to boot, my system doesn't even detect it as

Re: [qubes-users] Re: HCL - Lenovo T450s

Am 11/14/2016 um 04:31 PM schrieb xxthatnavygu...@gmail.com: > On Monday, December 21, 2015 at 10:30:49 PM UTC-6, Alex Guzman wrote: >> Installed Qubes with no (noticable) issues. >> >> Attempted EFI boot fails -- I disabled the quiet flags and it seems to hang >> after loading Linux (the last

[qubes-users] Re: HCL - Lenovo T450s

On Monday, December 21, 2015 at 10:30:49 PM UTC-6, Alex Guzman wrote: > Installed Qubes with no (noticable) issues. > > Attempted EFI boot fails -- I disabled the quiet flags and it seems to hang > after loading Linux (the last line displayed is something relating to EFI > variables, iirc) > >

Re: [qubes-users] Attaching a block to a DVM in dom0 script

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Vít, > When trying to implement a backup script (for a different mechanism > than the builtin one), I need to start a DVM with an attached (RO) > image. How can I do it? If you're running R3.2: set -e

Re: [qubes-users] Re: Please help, can't get into Qubes

On Mon, Nov 14, 2016 at 01:31:28PM +, Fred wrote: > On 12/11/2016 08:27, Alex wrote: > > Try editing /var/lib/qubes/qubes.xml and set "autostart" to False > > instead of True for the sys-net vm > > I had actually found this file and tried setting the autostart attribute > but the VM still

[qubes-users] DispVM

Are there any known issues with the DispVM in Qubes 3.2 that I should be aware of? I cannot get it to work. I have also tried recreating it two ways based on the default template *and* choosing a different non-default one. i.e qvm-create-default-dvm fedora-23 and qvm-create-default-dvm

Re: [qubes-users] Improvement: check disk space before copy to VM

On Mon, Nov 14, 2016 at 04:16:37AM -0800, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-11-14 04:03, Salmiakki wrote: > > On Monday, November 14, 2016 at 10:31:25 AM UTC+1, Robert Mittendorf wrote: > >> On 2016-11-11 14:58, Marek Marczykowski-Górecki

[qubes-users] Attaching a block to a DVM in dom0 script

When trying to implement a backup script (for a different mechanism than the builtin one), I need to start a DVM with an attached (RO) image. How can I do it? a. There is a script for starting some app in DVM. The problem is, I cannot get the DVM name in a reliable (non-forgeable) and easy

Re: [qubes-users] Re: Please help, can't get into Qubes

On 12/11/2016 08:27, Alex wrote: > Try editing /var/lib/qubes/qubes.xml and set "autostart" to False > instead of True for the sys-net vm I had actually found this file and tried setting the autostart attribute but the VM still auto-started. I also tried editing the sys-net XML file directly

Re: [qubes-users] Improvement: check disk space before copy to VM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-14 04:03, Salmiakki wrote: > On Monday, November 14, 2016 at 10:31:25 AM UTC+1, Robert Mittendorf wrote: >> On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote: >>> > Actually I don't think it is a good idea. File copy protocol is

Re: [qubes-users] Improvement: check disk space before copy to VM

On Monday, November 14, 2016 at 10:31:25 AM UTC+1, Robert Mittendorf wrote: > On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote: > > > > >> Actually I don't think it is a good idea. File copy protocol is > > >> intentionally very simple, including being unidirectional. We don't > > want > > >>

[qubes-users] Re: Improvement: check disk space before copy to VM

Could open up a vulnerability if not done carefully. VM could use it to query and identify other VMs in existence on the system. But if it required a dom0 authorization before checking & transferring, should be ok. -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

> > Why not grsecurity/PaX? especially with Qubes 4 switching to HVM (or PVHv2 or > whatever it's called now), it will apparently work fine. Nice suggestion. I would certainly welcome its implementation. Actually looks like there were successful efforts to implement this back in 2013.

Re: [qubes-users] Improvement: check disk space before copy to VM

On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote: > > >> Actually I don't think it is a good idea. File copy protocol is > >> intentionally very simple, including being unidirectional. We don't > want > >> to add any non-essential features there, to keep it as simple as > >> possible. > > >