On Saturday, October 15, 2016 at 7:23:12 AM UTC-4, raah...@gmail.com wrote: > On Friday, October 14, 2016 at 11:06:48 PM UTC-4, Andrew David Wong wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > On 2016-10-14 15:18, raahe...@gmail.com wrote: > > > On Friday, October 14, 2016 at 6:16:16 PM UTC-4, raah...@gmail.com wrote: > > >> On Thursday, October 13, 2016 at 2:36:30 PM UTC-4, Andrew David Wong > > >> wrote: > > > On 2016-10-13 03:45, Robert Mittendorf wrote: > > >>>>> Am 10/13/2016 um 04:50 AM schrieb raahe...@gmail.com: > > >>>>>> > > >>>>>> feature. I use to make menu shortcuts to launch programs in dispvms > > >>>>>> inheriting firewall rules. But xfce only lets you edit already > > >>>>>> existing rules, not create new ones :( editing a config file is a > > >>>>>> little too much effort for me lol. > > >>>>>> > > >>>>> You can edit the rules in Xfce-Dom0 via the Qubes VM Manager?! > > >>>>> > > >>>>> How can this "feature" be disabled? I want to start a normal DispVM, > > >>>>> not a "special" DispVM..... > > >>>>> > > >>>>> Use Case: Mail VM is only allowed to access Mail-Server. I want to > > >>>>> start a Browser in DispVM for urls in Mails. > > >>>>> This works fine, but those "special" DispVMs have the same > > >>>>> limitations. I want just a normal DispVM like the one started via > > >>>>> Dom0. The only way to achieve this afaik is to let the special DispVM > > >>>>> connect to NetVM, so no ProxyVM is used. But this means that the > > >>>>> DispVM has access to the intranet..... > > >>>>> > > > > > > This is precisely the use case I described in issue #1296, which I linked > > > in my previous message: > > > > > > https://github.com/QubesOS/qubes-issues/issues/1296 > > > > > >> > > >> couldn't you just use a normal dispvm then? meaning why even launch > > >> anything from within an appvm? Just run it from dom0, like the default > > >> firefox dispvm menu item. > > > > > > only reason i'd launch a program in a dispvm from within an appvm, is to > > > inherit its firewall rules. > > > > > > > Starting a new DispVM from dom0 and setting its NetVM is a lot more > > labor-intensive than simply clicking a link in an email and having the rest > > work automatically. > > > > - -- > > Andrew David Wong (Axon) > > Community Manager, Qubes OS > > https://www.qubes-os.org > > -----BEGIN PGP SIGNATURE----- > > > > iQIcBAEBCgAGBQJYAZ06AAoJENtN07w5UDAwJJoQAIvVrJe8k7MWk2PxHc3sXvv/ > > C4MGgOLJ31WiZAfk1EAz/3MmVgZzG5nNII3ViDEXqGBppk7jxlF3p9UhpmMJNBju > > xZB3z1MgVzSm5hXkHQ+enU/hv6RoO5iE+MdBSUnE9QGZiSf1Vg3xkCWzabGgjmuV > > jGBXaRJXt1ioeBpvpke+NGwmtcd52/KJbGJLo9HRDZhBSz7us0T6e2Kh7Z9snDNe > > mXTYpUvwriFbxnB4VEkfa52V4druYN3DWx39+nBsKZAzHSMpGfqAI7g0ZKdrLpHw > > J8MQ4YxM1qaMZKOBQX2BOgTQs0V92255u5RiX1atVJmctYFZ4GQEdeJ/nln0I7VT > > 86+mhkemBhzHVxvZkyPalZLi6+5INyjR8noJZpqkIsUUV50HmX0ZjG4yYPv88yTa > > EQvglEY+/wjed9mE+M9dB73E7DLFMJr858ime5AYtDai8Baotf1bIRW5XjsxNPdf > > h5zDU1ciEpoTYsX5O4bx4Fj+nF7+RMH5g0wC/o0/9A/3ougqEQ+9/sn7CWWBnPgA > > Ucv4c7sd9A3zU80PYy1RSZiW2MxdTkKNMD+rCL97JaeKgUxHWLE2M6wPQbkMRl9d > > XmbVBZpsj97ifpasDRRmA/zIeDqZT+Fg7F6GhuIyRUV2ym0UT8VvqOznp3Znvaj6 > > 9RV4PZn2lL6pywgVQfY2 > > =BVEY > > -----END PGP SIGNATURE----- > > oh yes absolutely, especially for email links for sure thats awesome. But I > thought the OP was asking how *not to inherit firewall rules in general. So > i was just suggesting why even bother opening it in specific appvms anyways > then.
xfce is a little frustrating cause you need a 3rd party tool to easily create menu entries like in kde to launch diff programs with while inheriting firewall rules. but i'm leary to install one to dom0 so I just gave up and type it out. rather do that then edit the cfg file lol. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e1a92e5e-799c-4f54-b9b3-ef23b44f2872%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.