On Mon, Nov 14, 2016 at 4:16 PM, Marek Marczykowski-Górecki
wrote:
> You can temporarily set sys-firewall netvm to none. This will allow you
> to shutdown/restart sys-net without consequences. Remember to change
> sys-firewall netvm back to sys-net afterwards.
Alternatively, if you just want to see if things will work at all,
IIRC you should also be able to un-check a "use sys-usb" (or similar)
checkbox in the installer somewhere, and IIRC rd.qubes.hide_all_usb is
only set if this box is checked.
--
You received this message because you are subscribed
On Tue, Nov 15, 2016 at 12:17 AM, dumbcyber wrote:
> On Tuesday, 15 November 2016 10:28:52 UTC+11, Marek Marczykowski-Górecki
> wrote:
>> you need to remove 'rd.qubes.hide_all_usb' from kernel parameters.
>
> Thanks for the info. For me a noob, how do I remove that
On Tuesday, 15 November 2016 10:28:52 UTC+11, Marek Marczykowski-Górecki wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Mon, Nov 14, 2016 at 02:33:50PM -0800, dumbcyber wrote:
> > On Tuesday, 15 November 2016 09:02:56 UTC+11, dumbcyber wrote:
> > > On Tuesday, 15 November
On Monday, November 14, 2016 at 11:55:09 PM UTC, tai...@gmx.com wrote:
> On 11/14/2016 04:50 PM, entr0py wrote:
>
> > taii...@gmx.com:
> >> On 11/14/2016 03:12 PM, Eric wrote:
> >>> On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote:
> Eric:
> > On Sunday, November 13, 2016
Hi,
I was wondering what the status is for allowing for EFI / UEFI guest VM (ie an
appvm or HVM being able to use EFI rather than bios).
This feature seems to have been implemented in Xen 4.4, "but not build in by
default" whatever that means. Here is the reference:
On 11/14/2016 05:20 PM, pixel fairy wrote:
On Monday, November 14, 2016 at 5:09:41 PM UTC-5, Chris Laprise wrote:
Using btrfs as the dom0 filesystem (or a btrfs volume added to a dom0
pool) could enable the advantages being sought here. Using either
snapshots or reflinks, you can create an
On Mon, Nov 14, 2016 at 05:02:35PM -0800, Sec Tester wrote:
> A thought on security through obfuscation.
>
> Right now in terminal is you type: "uname -r" we get the kernel version,
> which has "qubes" in the name.
>
> Straight away the attacker, knows he's dealing with a qubes VM. Could we not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Nov 14, 2016 at 05:02:35PM -0800, Sec Tester wrote:
> A thought on security through obfuscation.
>
> Right now in terminal is you type: "uname -r" we get the kernel version,
> which has "qubes" in the name.
>
> Straight away the attacker,
A thought on security through obfuscation.
Right now in terminal is you type: "uname -r" we get the kernel version, which
has "qubes" in the name.
Straight away the attacker, knows he's dealing with a qubes VM. Could we not
name the kernels to match their original OS?
And following that same
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Nov 14, 2016 at 11:14:19PM +, Gaijin wrote:
> systemctl doesn't show anything abnormal
> systemctl --all shows several not found inactive dead listings
> ex.
> livesys.service
> ntpd.service
> qubes-core.service
> qubes-dvm.service
>
On 11/14/2016 04:50 PM, entr0py wrote:
taii...@gmx.com:
On 11/14/2016 03:12 PM, Eric wrote:
On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote:
Eric:
On Sunday, November 13, 2016 at 10:44:33 PM UTC-8,
tai...@gmx.com wrote:
Forgot to say: Purism is just an overpriced
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Nov 14, 2016 at 02:33:50PM -0800, dumbcyber wrote:
> On Tuesday, 15 November 2016 09:02:56 UTC+11, dumbcyber wrote:
> > On Tuesday, 15 November 2016 08:47:30 UTC+11, dumbcyber wrote:
> > > From the beginning I have to ask for forgiveness -
Well, I have considered something similar in the past. My objective was
slightly different (backwoods vs. vulnerable code), but the reasoning why ít is
not as useful idea as it might look will be similar:
1. It cannot prevent some kind of attacks because of covert channels.
2. It can actually
On 2016-11-14 06:42, Gaijin wrote:
On 2016-11-13 23:33, Marek Marczykowski-Górecki wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, Nov 13, 2016 at 11:12:34PM +, Gaijin wrote:
I have several templates based on Fedora 23 where I've installed
various
software. When I follow
On Tuesday, 15 November 2016 09:02:56 UTC+11, dumbcyber wrote:
> On Tuesday, 15 November 2016 08:47:30 UTC+11, dumbcyber wrote:
> > From the beginning I have to ask for forgiveness - I am new to Qubes and
> > have no knowledge of changing boot managers beyond trial and error.
> >
> > My
On Monday, November 14, 2016 at 5:09:41 PM UTC-5, Chris Laprise wrote:
> Using btrfs as the dom0 filesystem (or a btrfs volume added to a dom0
> pool) could enable the advantages being sought here. Using either
> snapshots or reflinks, you can create an offline copy of the VM's
> private.img,
Using btrfs as the dom0 filesystem (or a btrfs volume added to a dom0
pool) could enable the advantages being sought here. Using either
snapshots or reflinks, you can create an offline copy of the VM's
private.img, and then attach that to the backup vm. This eliminates the
first rsync step.
On Tuesday, 15 November 2016 08:47:30 UTC+11, dumbcyber wrote:
> From the beginning I have to ask for forgiveness - I am new to Qubes and have
> no knowledge of changing boot managers beyond trial and error.
>
> My hardware is a Macbook 11,1. In fact I don't have any other machines at
> home.
Thanks!
I'll stop trying to get DispVMs working for now then.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post
On Mon, Nov 14, 2016 at 09:55:36PM +, Unman wrote:
> On Mon, Nov 14, 2016 at 09:39:38PM +, Fred wrote:
> > On 14/11/2016 21:32, Unman wrote:
> > > Is there anything in /var/log/libvirt/libxl logs?
> >
> > The following;
> >
> > 2016-11-14 20:38:15 GMT libxl: error:
> >
entr0py:
> taii...@gmx.com:
>> On 11/14/2016 03:12 PM, Eric wrote:
>>> On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote:
Eric:
> On Sunday, November 13, 2016 at 10:44:33 PM UTC-8,
> tai...@gmx.com wrote:
>> Forgot to say: Purism is just an overpriced quanta/oem
On Mon, Nov 14, 2016 at 09:39:38PM +, Fred wrote:
> On 14/11/2016 21:32, Unman wrote:
> > Is there anything in /var/log/libvirt/libxl logs?
>
> The following;
>
> 2016-11-14 20:38:15 GMT libxl: error:
> libxl_pci.c:1041:libxl__device_pci_reset: The kernel doesn't support reset
> from
On 11/14/2016 04:47 PM, dumbcyber wrote:
>From the beginning I have to ask for forgiveness - I am new to Qubes and have
no knowledge of changing boot managers beyond trial and error.
My hardware is a Macbook 11,1. In fact I don't have any other machines at home.
I want to create a bootable
taii...@gmx.com:
> On 11/14/2016 03:12 PM, Eric wrote:
>> On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote:
>>> Eric:
On Sunday, November 13, 2016 at 10:44:33 PM UTC-8,
tai...@gmx.com wrote:
> Forgot to say: Purism is just an overpriced quanta/oem
> whitebox
>From the beginning I have to ask for forgiveness - I am new to Qubes and have
>no knowledge of changing boot managers beyond trial and error.
My hardware is a Macbook 11,1. In fact I don't have any other machines at home.
I want to create a bootable USB drive with Qubes R3.2. I had the usual
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Nov 14, 2016 at 01:31:28PM +, Fred wrote:
> On 12/11/2016 08:27, Alex wrote:
> > Try editing /var/lib/qubes/qubes.xml and set "autostart" to False
> > instead of True for the sys-net vm
>
> I had actually found this file and tried
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Nov 14, 2016 at 08:42:41AM -0800, Francesco Rmp wrote:
> Hello everyone,
> thanks in advance for your support.
>
> I'm new tu qubes but not to linux un general and i'm having a bad issue with
> my qubes installation.
>
> I have a qubes
On 14/11/2016 21:32, Unman wrote:
> Is there anything in /var/log/libvirt/libxl logs?
The following;
2016-11-14 20:38:15 GMT libxl: error: libxl_pci.c:1041:libxl__device_pci_reset:
The kernel doesn't support reset from sysfs for PCI device :01:00.1
2016-11-14 20:40:12 GMT xc: error:
On Mon, Nov 14, 2016 at 09:12:08PM +, Fred wrote:
> On 14/11/2016 17:56, Unman wrote:
>
> > I'm not aware of any particular issues, although there have been some
> > reports of issues with customisation.
>
> Here is what I get after removing and recreating. No errors and the save
> file says
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, Nov 13, 2016 at 11:12:36PM -0800, Drew White wrote:
> On Monday, 14 November 2016 17:19:43 UTC+11, Drew White wrote:
> > Hi folks,
> >
> >
> > I'm trying to restore a guest.
> > I have / which has 2.1 GB free. (The root drive where things
On Mon, Nov 14, 2016 at 12:33:17PM -0800, Connor Page wrote:
> On Monday, 14 November 2016 19:24:06 UTC, Unman wrote:
> > qvm-block -A allows you to attach an image file to a qube.
>
> BTW, what's the correct way to detach one image file? it's not mentioned in
> the man page :(
>
qvm-block -A
On 14/11/2016 17:56, Unman wrote:
> I'm not aware of any particular issues, although there have been some
> reports of issues with customisation.
Here is what I get after removing and recreating. No errors and the save
file says it was created OK. I found an xterm command to run in dom0 to
try
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Nov 14, 2016 at 01:21:29AM -0500, Jean-Philippe Ouellet wrote:
> Does anyone know of a convenient place to grab the complete archives
> of this list? (and qubes-devel too?)
>
> With the (lets hope indeed temporary) death of gmane and its
On Monday, 14 November 2016 19:24:06 UTC, Unman wrote:
> qvm-block -A allows you to attach an image file to a qube.
BTW, what's the correct way to detach one image file? it's not mentioned in the
man page :(
--
You received this message because you are subscribed to the Google Groups
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Nov 14, 2016 at 02:44:40AM -0800, Sec Tester wrote:
> >
> > Why not grsecurity/PaX? especially with Qubes 4 switching to HVM (or PVHv2
> > or whatever it's called now), it will apparently work fine.
>
> Nice suggestion. I would certainly
On Mon, Nov 14, 2016 at 2:42 PM, Jean-Philippe Ouellet wrote:
> On Mon, Nov 14, 2016 at 5:49 AM, Sec Tester wrote:
>> Could open up a vulnerability if not done carefully.
>>
>> VM could use it to query and identify other VMs in existence on the system.
>
>
On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote:
> Eric:
> > On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, tai...@gmx.com
> > wrote:
> >> Forgot to say: Purism is just an overpriced quanta/oem whitebox
> >> laptop, it takes 5mil+ of startup funds to do a small run of *just
>
On Monday, November 14, 2016 at 11:58:32 AM UTC-8, entr0py wrote:
> Eric:
> > On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, tai...@gmx.com
> > wrote:
> >> Forgot to say: Purism is just an overpriced quanta/oem whitebox
> >> laptop, it takes 5mil+ of startup funds to do a small run of *just
>
Eric:
> On Sunday, November 13, 2016 at 10:44:33 PM UTC-8, tai...@gmx.com
> wrote:
>> Forgot to say: Purism is just an overpriced quanta/oem whitebox
>> laptop, it takes 5mil+ of startup funds to do a small run of *just
>> a motherboard* let alone an entire laptop computer including the
>> fab for
entr0py:
> taii...@gmx.com:
>> On 11/13/2016 07:39 PM, entr0py wrote:
>>> taii...@gmx.com:
You can use a VMM with a pfsense VM and separate driver domains
for the network interfaces, qubes isn't a router operating
system...
>>>
>>> Is there an inherent reason that Qubes should not
On Mon, Nov 14, 2016 at 5:49 AM, Sec Tester wrote:
> Could open up a vulnerability if not done carefully.
>
> VM could use it to query and identify other VMs in existence on the system.
There are already several timing side-channel ways to do that.
Example:
AppVM$
just what the subject line says. there is an error message, but it flashes by
too fast to read. all four choices have the same result.
hardware is late 2013 15" retina, 11,3
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from
On Mon, Nov 14, 2016 at 10:52:27AM -0800, pixel fairy wrote:
> how do you attach an image file to an appvm?
>
> what would you recommend for for resizable, or ideally, automatically
> resizing volume for this?
>
> the idea is to attach an image an appvm, rsync the data you want to backup.
>
Yes - that's it! Thanks so much. I'm installing now. I posted your
answer to the Github issue for reference.
Loren
On Mon, Nov 14, 2016 at 10:40:10AM -0800, pixel fairy wrote:
> On Monday, November 14, 2016 at 1:02:42 PM UTC-5, lo...@lorentrogers.com
> wrote:
> > Hi everyone,
> >
> > This is my
On Monday, November 14, 2016 at 1:02:42 PM UTC-5, lo...@lorentrogers.com wrote:
> Hi everyone,
>
> This is my first message on this list, so I hope I'm not spamming folks
> with this!
>
> I'm trying to test out an install of Qubes on my Thinkpad X201t, and the
> installer seems to have issues
On Mon, Nov 14, 2016 at 01:37:40PM +, Fred wrote:
>
> Are there any known issues with the DispVM in Qubes 3.2 that I should be
> aware of?
>
> I cannot get it to work. I have also tried recreating it two ways based
> on the default template *and* choosing a different non-default one.
>
>
On 14/11/2016 13:46, Unman wrote:
> For future reference, I think the sys-net started because there were
> OTHER qubes downstream set to autostart, e.g sys-firewall. If they are
> still starting they will trigger the sys-net. So you need to either set
> the netvm to none for them or stop them
Am 14.11.2016 um 14:46 schrieb Robert Mittendorf:
> One basic principle of usability is to make it hard to make mistakes
> (including destroying work/files).
Imagine a guy dressed in an elaborate tin can standing behind you,
kicking you down some cliff shouting "THIS... IS... UINX...". Really,
Hello everyone,
thanks in advance for your support.
I'm new tu qubes but not to linux un general and i'm having a bad issue with my
qubes installation.
I have a qubes 3.2 installation on an external USB drive (because $reasons) and
it's not willing to boot, my system doesn't even detect it as
Am 11/14/2016 um 04:31 PM schrieb xxthatnavygu...@gmail.com:
> On Monday, December 21, 2015 at 10:30:49 PM UTC-6, Alex Guzman wrote:
>> Installed Qubes with no (noticable) issues.
>>
>> Attempted EFI boot fails -- I disabled the quiet flags and it seems to hang
>> after loading Linux (the last
On Monday, December 21, 2015 at 10:30:49 PM UTC-6, Alex Guzman wrote:
> Installed Qubes with no (noticable) issues.
>
> Attempted EFI boot fails -- I disabled the quiet flags and it seems to hang
> after loading Linux (the last line displayed is something relating to EFI
> variables, iirc)
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Vít,
> When trying to implement a backup script (for a different mechanism
> than the builtin one), I need to start a DVM with an attached (RO)
> image. How can I do it?
If you're running R3.2:
set -e
On Mon, Nov 14, 2016 at 01:31:28PM +, Fred wrote:
> On 12/11/2016 08:27, Alex wrote:
> > Try editing /var/lib/qubes/qubes.xml and set "autostart" to False
> > instead of True for the sys-net vm
>
> I had actually found this file and tried setting the autostart attribute
> but the VM still
Are there any known issues with the DispVM in Qubes 3.2 that I should be
aware of?
I cannot get it to work. I have also tried recreating it two ways based
on the default template *and* choosing a different non-default one.
i.e
qvm-create-default-dvm fedora-23 and qvm-create-default-dvm
On Mon, Nov 14, 2016 at 04:16:37AM -0800, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-11-14 04:03, Salmiakki wrote:
> > On Monday, November 14, 2016 at 10:31:25 AM UTC+1, Robert Mittendorf wrote:
> >> On 2016-11-11 14:58, Marek Marczykowski-Górecki
When trying to implement a backup script (for a different mechanism than the
builtin one), I need to start a DVM with an attached (RO) image. How can I do
it?
a. There is a script for starting some app in DVM. The problem is, I cannot get
the DVM name in a reliable (non-forgeable) and easy
On 12/11/2016 08:27, Alex wrote:
> Try editing /var/lib/qubes/qubes.xml and set "autostart" to False
> instead of True for the sys-net vm
I had actually found this file and tried setting the autostart attribute
but the VM still auto-started.
I also tried editing the sys-net XML file directly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-11-14 04:03, Salmiakki wrote:
> On Monday, November 14, 2016 at 10:31:25 AM UTC+1, Robert Mittendorf wrote:
>> On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote:
>>>
> Actually I don't think it is a good idea. File copy protocol is
On Monday, November 14, 2016 at 10:31:25 AM UTC+1, Robert Mittendorf wrote:
> On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote:
> >
> > >> Actually I don't think it is a good idea. File copy protocol is
> > >> intentionally very simple, including being unidirectional. We don't
> > want
> > >>
Could open up a vulnerability if not done carefully.
VM could use it to query and identify other VMs in existence on the system.
But if it required a dom0 authorization before checking & transferring, should
be ok.
--
You received this message because you are subscribed to the Google Groups
>
> Why not grsecurity/PaX? especially with Qubes 4 switching to HVM (or PVHv2 or
> whatever it's called now), it will apparently work fine.
Nice suggestion. I would certainly welcome its implementation.
Actually looks like there were successful efforts to implement this back in
2013.
On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote:
>
> >> Actually I don't think it is a good idea. File copy protocol is
> >> intentionally very simple, including being unidirectional. We don't
> want
> >> to add any non-essential features there, to keep it as simple as
> >> possible.
>
> >
63 matches
Mail list logo