On Sat, Nov 03, 2018 at 03:14:00PM -0700, Otto Kratik wrote: > On Thursday, November 1, 2018 at 10:13:36 AM UTC-4, unman wrote: > > On Wed, Oct 31, 2018 at 12:27:06PM -0700, Otto Kratik wrote: > > > On Wednesday, October 31, 2018 at 7:49:43 AM UTC-4, awokd wrote: > > > > Otto Kratik wrote on 10/31/18 2:28 AM: > > > > > Qubes 4.0 > > > > > > > > > > > > > > > Whenever attempting to launch an app in a DVM, the result is always > > > > > the same. The popup message comes up saying "Disp1234 has started", > > > > > and then nothing happens. Then about two minutes later, another popup > > > > > says "Disp1234 has halted". No app ever launches. > > > > > > > > > > It doesn't matter what app I try.. xterm, konsole, firefox, dolphin, > > > > > thunar, tor browser, gedit, kwrite etc. Always the same behavior. > > > > > Also doesn't matter if I try from Q Menu shortcuts, command line in > > > > > dom0, command line in another AppVM.. no difference. Just the same > > > > > type of message in the terminal, says it's launching, then shuts down > > > > > two minutes later with no output. > > > > > > > > > > Doesn't make a difference either if I try to open a file in a DVM or > > > > > just straight launching an app. Nothing ever opens. Launching apps > > > > > regularly from normal AppVM's works perfectly all the time, just not > > > > > DVM's. > > > > > > > > > > Slight correction: About 1 in 10 times, launching Firefox from a > > > > > Fedora-template-based DVM succeeds. The other 9 times it fails. All > > > > > other apps fail 10 out of 10 times. And launching any app (including > > > > > Firefox) from a Whonix-ws-14-template-based DVM also fails 100% of > > > > > the time as described above. > > > > > > > > > > How is this issue best investigated and resolved? > > > > > > > > > > > > > Have you upgraded to Whonix 14 or customized the DVM? Try removing it > > > > completely (you might have to temporarily change DVM defaults to a > > > > different template), then recreating it with `sudo qubesctl state.sls > > > > qvm.whonix-ws-14-dvm`. If that doesn't work, see > > > > https://www.whonix.org/wiki/Qubes/Uninstall and > > > > https://www.whonix.org/wiki/Qubes/Install to completely uninstall and > > > > reinstall the workstation template and DVM. You can skip the gateway > > > > steps if you've already upgraded it to 14 since it sounds like that's > > > > still working. > > > > > > It's a fresh install of Qubes 4 with freshly downloaded/installed Whonix > > > 14/DVM templates using the salt/qubesctl command mentioned above and in > > > the documentation. No customisations. So I doubt reinstalling would have > > > any effect. > > > > > > Whonix-ws-14 template works perfectly fine for running apps the normal > > > way, from AppVMs based upon it. No issue whatsoever. Only running them > > > from whonix-ws-14-dvm causes trouble. > > > > > > However as I said, even trying to run apps from Fedora-26-dvm also fails > > > the majority of the time, so I'm not even convinced it's a whonix > > > specific issue. Rather a DVM one in general. > > > > > > Any other things to try? > > > > > > > I would try this: > > Install all updates in dom0 and qubes. > > Create a new Fedora based qube. > > Confirm you can run programs as expected. > > Make it a template for dispvms, using qvm-prefs. > > Close all unnecessary qubes. > > Then , at command line, start to test running programs in dispvms based > > on the qube. > > > > Generally , the command should be: > > qvm-run --dispvm <qube> <command> > > > > That's the most basic form. > > Anything you can run using qvm-run <qube> <command> should work in > > disposableVM based on qube (except gnome-terminal) > > > > That will test the basic infrastructure. > > > > If all is good, start testing a more complex form: > > qvm-run -a --service --dispvm=<qube> --qubes.StartApp+<command> > > > > <command> here should have an associated desktop file. > > Again, anything you can run using qvm-run --service <qube> <command> should > > work in > > disposableVM based on the qube (except gnome-terminal) > > > > That will test the more complex infrastructure. > > > > If all's good, you can start testing different template based qubes, > > including Whonix. If it's not good there's something fundamentally > > broken. > > > > qvm-run *does* have -v option, but it doesn't generate verbose output. > > > > Check back when you have some results from testing. > > > > unman > > > Hi, thanks for your detailed reply and suggestions. Here is what I have found: > > I created a new qube/AppVM based on the fedora26 template, and called it > 'fedoratest'. I also enabled it as a DVM template using qvm=prefs. Running > all of the following commands from dom0 worked perfectly: > > qvm-run fedoratest firefox > qvm-run fedoratest nautilus > qvm-run fedoratest gedit > qvm-run --dispvm fedoratest firefox > qvm-run --dispvm fedoratest nautilus > qvm-run --dispvm fedoratest gedit > > However, as soon as I introduced the '--service' argument into the picture, > everything stopped working. All of the following commands fail silently: > > qvm-run -a --service fedoratest firefox > qvm-run -a --service fedoratest nautilus > qvm-run -a --service fedoratest gedit > qvm-run -a --dispvm --service fedoratest firefox > qvm-run -a --dispvm --service fedoratest nautilus > qvm-run -a --dispvm --service fedoratest gedit > qvm-run -a --service -- fedoratest qubes.StartApp+firefox > qvm-run -a --service -- fedoratest qubes.StartApp+nautilus > qvm-run -a --service -- fedoratest qubes.StartApp+gedit > qvm-run -a --service -- fedoratest qubes.StartApp+firefox > qvm-run -a --dispvm=fedoratest --service qubes.StartApp+firefox > > In all cases above, the relevant AppVM (or dispvm) starts running if it > wasn't already, but nothing EVER launches. The situation is exactly the same > with Debian and Whonix based AppVM/DVM/templates. Any command that doesn't > involve using '--service' works fine. Any that do use it fail silently, > without exception. > > What is likely causing this issue and how is it fixed? >
Thanks for the extensive troubleshooting. It looks as if there's a problem *either* with the service *or* with the desktop files on fedoratest. Can you check the contents of /etc/qubes/rpc/policy/qubes.StartApp to make sure that you dont have a "deny" statement at the top of that file? You could temporarily insert a line at the top: dom0 $anyvm allow $anyvm $anyvm allow Just concentrate on using: qvm-run -a --service --dispvm=fedoratest -- qubes.StartApp+firefox (or gedit) Check the log file in /var/log/qubes : you should see a log created for whatever dispVM is atrted and qubes.log updated. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181104132229.s7jcwu5lzvtapmp3%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
