On Friday, October 14, 2016 at 11:06:48 PM UTC-4, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 2016-10-14 15:18, raahe...@gmail.com wrote:
> > On Friday, October 14, 2016 at 6:16:16 PM UTC-4, raah...@gmail.com wrote:
> >> On Thursday, October 13, 2016 at 2:36:30 PM UTC-4, Andrew David Wong wrote:
> > On 2016-10-13 03:45, Robert Mittendorf wrote:
> >>>>> Am 10/13/2016 um 04:50 AM schrieb raahe...@gmail.com:
> >>>>>>
> >>>>>> feature.  I use to make menu shortcuts to launch programs in dispvms 
> >>>>>> inheriting firewall rules.  But xfce only lets you edit already 
> >>>>>> existing rules,  not create new ones :(   editing a config file is a 
> >>>>>> little too much effort for me lol.
> >>>>>>
> >>>>> You can edit the rules in Xfce-Dom0 via the Qubes VM Manager?!
> >>>>>
> >>>>> How can this "feature" be disabled? I want to start a normal DispVM, 
> >>>>> not a "special" DispVM.....
> >>>>>
> >>>>> Use Case: Mail VM is only allowed to access Mail-Server. I want to 
> >>>>> start a Browser in DispVM for urls in Mails.
> >>>>> This works fine, but those "special" DispVMs have the same limitations. 
> >>>>> I want just a normal DispVM like the one started via Dom0. The only way 
> >>>>> to achieve this afaik is to let the special DispVM connect to NetVM, so 
> >>>>> no ProxyVM is used. But this means that the DispVM has access to the 
> >>>>> intranet.....
> >>>>>
> > 
> > This is precisely the use case I described in issue #1296, which I linked 
> > in my previous message:
> > 
> > https://github.com/QubesOS/qubes-issues/issues/1296
> > 
> >>
> >> couldn't you just use a normal dispvm then?  meaning why even launch 
> >> anything from within an appvm?  Just run it from dom0, like the default 
> >> firefox dispvm menu item.
> > 
> > only reason i'd launch a program in a dispvm from within an appvm,  is to 
> > inherit its firewall rules. 
> > 
> 
> Starting a new DispVM from dom0 and setting its NetVM is a lot more 
> labor-intensive than simply clicking a link in an email and having the rest 
> work automatically.
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -----BEGIN PGP SIGNATURE-----
> 
> iQIcBAEBCgAGBQJYAZ06AAoJENtN07w5UDAwJJoQAIvVrJe8k7MWk2PxHc3sXvv/
> C4MGgOLJ31WiZAfk1EAz/3MmVgZzG5nNII3ViDEXqGBppk7jxlF3p9UhpmMJNBju
> xZB3z1MgVzSm5hXkHQ+enU/hv6RoO5iE+MdBSUnE9QGZiSf1Vg3xkCWzabGgjmuV
> jGBXaRJXt1ioeBpvpke+NGwmtcd52/KJbGJLo9HRDZhBSz7us0T6e2Kh7Z9snDNe
> mXTYpUvwriFbxnB4VEkfa52V4druYN3DWx39+nBsKZAzHSMpGfqAI7g0ZKdrLpHw
> J8MQ4YxM1qaMZKOBQX2BOgTQs0V92255u5RiX1atVJmctYFZ4GQEdeJ/nln0I7VT
> 86+mhkemBhzHVxvZkyPalZLi6+5INyjR8noJZpqkIsUUV50HmX0ZjG4yYPv88yTa
> EQvglEY+/wjed9mE+M9dB73E7DLFMJr858ime5AYtDai8Baotf1bIRW5XjsxNPdf
> h5zDU1ciEpoTYsX5O4bx4Fj+nF7+RMH5g0wC/o0/9A/3ougqEQ+9/sn7CWWBnPgA
> Ucv4c7sd9A3zU80PYy1RSZiW2MxdTkKNMD+rCL97JaeKgUxHWLE2M6wPQbkMRl9d
> XmbVBZpsj97ifpasDRRmA/zIeDqZT+Fg7F6GhuIyRUV2ym0UT8VvqOznp3Znvaj6
> 9RV4PZn2lL6pywgVQfY2
> =BVEY
> -----END PGP SIGNATURE-----

oh yes absolutely, especially for email links for sure thats awesome.  But I 
thought the OP was asking how *not to inherit firewall rules in general.  So i 
was just suggesting why even bother opening it in specific appvms anyways then. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad541753-69e1-431c-aedb-99c609bc787a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to