On 09/07/2018 12:48 AM, 'awokd' via qubes-users wrote: > On Thu, September 6, 2018 8:19 pm, John S.Recdep wrote: >> On 09/06/2018 02:45 AM, 'awokd' via qubes-users wrote: >> >>> On Wed, September 5, 2018 12:21 am, John S.Recdep wrote: >>> >>>> Hello, >>>> >>>> >>>> >>>> while upgrading to sys-whonix-14 many weeks ago, I was fighting to >>>> maintain my Fedora and Debian Template to keep using sys-net not >>>> sys-whonix-14 >>>> >>>> and sys-whonix-gw and -ws to use sys-whonix-14 , which are otherwise >>>> working fine and I hesitate to mess with >>>> /etc/qubes-rpc/policy/qubes.UpdatesProxy >>>> >>>> >>>> >>>> >>>> However, once in a while I am concerned that sys-whonix-14 is >>>> starting when I am NOT updating anything eg in dom0 today : >>>> >>>> qvm-run -a fooappVM fooapplication (for a fooappVM that wasn't >>>> open) and sys-whonix-14 was shutdown >>>> >>>> for some reason it started up >>> >>> This could happen if fooappVM's netvm is set to sys-whonix-14. >>> >>> >>>> my /etc/qubes-rpc/policy/qubes.UpdatesProxy ; looks like this : >>> >>>> $type:TemplateVM $default allow,target=sys-whonix-14 >>>> >>> >>> This line, since it is first, means all templates will be updated >>> through sys-whonix-14. Maybe when you started fooapplication, Qubes >>> checked the related template for any updates? >>> >>> >> >> Thanks for your reply, well I've checked only anon-whonix dispVM3400 and >> whonix-ws-dvm-14 are using sys-whonix-14 > > OK. > >> I'm pretty sure fedora-28 and Debian-9 are updating over sys-net > > They're not. :)
> >> 3)hmm, oh so, dom0 when it starts checks templates for any new versions >> say of firefox, and that requires the template to start and use the >> designated netvm even if the templates are set to "none" ..... >> .........maybe this only applies if the application is started from dom0 >> via qvm-run with its associated appvm also closed guess I needed to >> further test it .... > > Close- when dom0 checks for template updates it needs to start the VM > specified for template updates, which in your case is sys-whonix-14. a) Are you saying that booting an AppVM (maybe with or without qvm-run ) would cause dom0 to check if the template that AppVM is based on for updates? ....if dom0 is set to sys-net, doesn't seem to make sense, unless the template is being called , perhaps the /qubes.UpdatesProxy designated netvm is invoked even thought the template doesn't actually start ? > >> 4) if you are using sys-net for Deb/Fedora updates and sys-whonix-14 >> for -gw -ws update could you please post your /qubes.UpdatesProxy for >> me > > I'm not, but to do so you would change the FIRST occurrence to read > "$type:TemplateVM $default allow,target=sys-net". The existing > "$tag:whonix-updatevm $default allow,target=sys-whonix-14" line means your > whonix related templates will continue to be updated through > sys-whonix-14. > b) hmm, maybe there are good reason to leave it as sys-whonix-14 , since it seems fast enough d/l speed then -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/56668945-964c-ebc6-dabe-936dc6326103%40riseup.net. For more options, visit https://groups.google.com/d/optout.
