-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, Nov 17, 2021 at 05:05:01PM +0000, Zrubi wrote: > Hi, > > I just upgraded to 4.1 which is went fine using the backup and restore > procedure. > > I have found out that the 'sys-net' as a default netvm is hardcoded in some > places. > > Why it is an issue? > becuse I using another netvm (separate WiFi, and Ethernet VMs) by default. > > > I have already changed the default netvm, not any single VM are using the > 'factory defaulf' sys-net any more, but still the template upgrade process > pull this in somehow... > Ending up without net access because of this. > > I have found two reference so far: > > user@dom0 ~]$ sudo grep sys-net /etc/libvirt/libxl/sys-firewall.xml > <backenddomain name='sys-net'/> > > This seems like a hidden property, as not show on the GUI, but not even > using qvm-prefs.
It is in qvm-prefs very explicitly: a netvm property of sys-firewall. > user@dom0 ~]$ grep sys-net /etc/qubes/policy.d/90-default.policy > # Default rule for all TemplateVMs - direct the connection to sys-net > qubes.UpdatesProxy * @type:TemplateVM @default allow > target=sys-net > > ^^ Maybe this is triggering it? This is what templates will use to download updates from, see https://www.qubes-os.org/doc/how-to-install-software/#updates-proxy So, yes, if you want to use something else, you do need to change it (but I recommend creating a new file with lower number and putting your rule there - it will take precedence over later rules). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmGVR6MACgkQ24/THMrX 1yzFWgf9F7u73O1UjzaeQOcB3if85slbkJg/VI4C3te19wx6Ou+IJKp1XgjyN8rZ 23voRMqSjgMcN2+FFuD9jS7QbvnzkKPZcmYoMlhOXDJDDqcETMxWhP+uTH/F28UH uM1VValvTSJToCdckbrltgdMkv2Miux+1+1ZhfRxGYP+ZH5HEgM0LoKag7wltfrO yysB/TsP9NHUwQPzSw4O/KejmfLeZefbNGmv/RZLcs3rkYeYakRGs1o4DgCGGttT JZG43LqWr0X3LrUeFCLmbfVoiSFr2v7NTY7wamGVvEn9o7WpeJkGgRHdyKk6cbGy RSt6WoI6B+XLjvxi6QDEoUwZ/yjxQA== =ukvE -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/YZVHpHYhaNck5nNs%40mail-itl.