Re: [qubes-users] Firewall question: DNS queries not working
On 04/15/2017 11:15 PM, Unman wrote: On Sat, Apr 15, 2017 at 07:16:15PM +0300, Eva Star wrote: On 04/15/2017 05:13 PM, Unman wrote: I trying to get IP addresses of github.com with "ping" or "getent hosts github.com", or "dig +short github.com", but it does not resolve IP addresses of github at VM. Why? Thanks. What is the AppVM connected to and are you using Tor upstream? Connected to ProxyVM with VPN on it. The problem with setup of VPN? When all access allowed, then all works fine at problemVM. I'd suggest examining the iptables tables for filter and nat using -L -nv options and see what's happening. Do this on the ProxyVM and you should be able to see what's blocking DNS. Did you set up the proxy by hand, or use Network Manager? There is an assumption in the Qubes firewall that DNS will be forwarded to the same address as the gateway; It doesn't add ACCEPTs in the forward chain for the DNS addresses in PR-QBS. I believe this is the related issue: https://github.com/QubesOS/qubes-issues/issues/1183 A workaround is to add an entry in the firewall dialog such as: Address: * (or DNS server) Service: 53 Protocol: UDP Another can be added for TCP as well. A more automated workaround would be to use `iptables-save | sed` as in the issue comments (seems like this could be done from the vpn-handler script). -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ccb398c2-e5f0-9794-342e-a3b5aefb2cc1%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall question: DNS queries not working
On Sat, Apr 15, 2017 at 07:16:15PM +0300, Eva Star wrote: > On 04/15/2017 05:13 PM, Unman wrote: > > > >>I trying to get IP addresses of github.com with "ping" or "getent hosts > >>github.com", or "dig +short github.com", but it does not resolve IP > >>addresses of github at VM. > >> > >>Why? Thanks. > > > > > >What is the AppVM connected to and are you using Tor upstream? > > > > Connected to ProxyVM with VPN on it. The problem with setup of VPN? When all > access allowed, then all works fine at problemVM. > I'd suggest examining the iptables tables for filter and nat using -L -nv options and see what's happening. Do this on the ProxyVM and you should be able to see what's blocking DNS. Did you set up the proxy by hand, or use Network Manager? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170416031548.GA4784%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too
On Saturday, April 15, 2017 at 3:06:52 PM UTC-4, qubenix wrote: > peter...@hushmail.com: > > > > Is there a script to randomize hostname on each boot? > > > I think blank hostname is better than randomized. How would it be > randomized: dictionary words, rng, cycling popular hostnames, etc.? Your > randomization method may make you more identifiable than blank. > > -- > qubenix > GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500 I was looking to use the Windows 10 naming patern for new computer: DESKTOP-XXX (7 random alphanumeric character) That would be Good :) Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20e07325-7a60-44b3-a91f-844eb900d527%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too
Reg Tiangha: > On 04/15/2017 01:06 PM, qubenix wrote: >> peter...@hushmail.com: >>> Is there a script to randomize hostname on each boot? >>> >> I think blank hostname is better than randomized. How would it be >> randomized: dictionary words, rng, cycling popular hostnames, etc.? Your >> randomization method may make you more identifiable than blank. >> > > Dumb question here, but what's the difference between commenting the > line out of the .conf file vs explicitly setting it with a blank > hostname? Does it not result in the same thing? Or does simply > commenting it out still risk sending out a hostname of some kind in some > circumstances? > > I've got it commented out and it has always been blank on my tests. -- qubenix GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd0a1ea0-6cfe-c28a-fc9a-728b2c800f4f%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Missing icons after migrating Qubes between two physical machines
I followed the procedure to migrating between two physical machines described at https://www.qubes-os.org/doc/backup-restore/. I installed Qubes from Qubes-R3.2-x86_64.iso on the new machine. I chose the custom option to install no VMs, just dom0. I then restored backups of dom0 and all my other VMs from my backup of another machine running an up-to-date version of Qubes-3.2. Then I updated dom0 on the new machine. At the end of this process many Xfce icons are missing (or, at least, not displayed). For example, in the Qubes manager I don't see any of the coloured lock icons. Here is a screen shot of the new installation https://drive.google.com/open?id=0Bz9FNvZ3SmmdRFBOTUVRX1pEdWc In the screen shot you can see that the following: - The coloured lock icons are missing from the second column of the Qubes Manager - Xfce System Tools icon is wrong - Setting Manager icon is missing, as are many others in the System Tool sub-menu - The "Q" icon that should appear in the Xfce Notification Area is missing (it should be displayed in the upper right of the Xfce panel between the red network icon and the green battery status icon). - The "About Myself" menu item is missing (ie, userinfo from usermode-gtk rpm) I noticed many rpms which are present in dom0 on my old installation are absent from the new installation. My old installation started out as Qubes-3.1 using KDE and was upgraded to Qubes-3.2 using Xfce, so that is probably the cause of the different set of rpms. Could it be absent rpms that are causing my icon problems? Here are links to two text files listing the rpms I have on each system in dom0 - old rpms: https://drive.google.com/open?id=0Bz9FNvZ3SmmdcEZCX1NvNExEZTg - new rpms: https://drive.google.com/open?id=0Bz9FNvZ3SmmdVkZGVmhTNWo4SFU There are 1260 rpms on the old system but only 945 on the new system. Another observation I made was that the keyboard settings (repeat rate and delay) were not restored from the backup. And, finally, it may be unrelated, but when I start qubes-manager from a console I see the error libpng warning: iCCP: known incorrect sRGB profile. which you can see in the bottom right terminal of the screen shot. I thank you in advance for any help and advice you can offer on these issues. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0001369-2a93-4db8-8ee3-8c0ff2db5d21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too
On 04/15/2017 01:06 PM, qubenix wrote: > peter...@hushmail.com: >> Is there a script to randomize hostname on each boot? >> > I think blank hostname is better than randomized. How would it be > randomized: dictionary words, rng, cycling popular hostnames, etc.? Your > randomization method may make you more identifiable than blank. > Dumb question here, but what's the difference between commenting the line out of the .conf file vs explicitly setting it with a blank hostname? Does it not result in the same thing? Or does simply commenting it out still risk sending out a hostname of some kind in some circumstances? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ocu518%24iok%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too
peter...@hushmail.com: > > Is there a script to randomize hostname on each boot? > I think blank hostname is better than randomized. How would it be randomized: dictionary words, rng, cycling popular hostnames, etc.? Your randomization method may make you more identifiable than blank. -- qubenix GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f15d3d7e-cf63-f094-6a9e-dd5872dedb04%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Anbox?
On 2017-04-15 10:59 AM, Vít Šesták wrote: I've tried the Xenial HVM way. Maybe I should perform a clean installation of Xenial, because the VM is partially broken from previous experiments. (I have to boot to recovery mode, remount / as rw and continue booting.) Nevertheless, I got to a similar point: The Android is accessible from adb and anbox commands, but I cannot always access its GUI. More importantly, I can give you a hint to try: AnBox generates normal *.destop files, just in slightly unusual location ~/snap/anbox/common/app-data/applications/anbox. These files seem to be generated on boot, you might need a while to see them. When you cat those files, you get a command to run. I have tried to do so, with varying results: a. Timeout or similar error message. b. Gallery app is runnung, but just a black window. (Nevertheless, it has shown timeout before showing the window.) c. Segmentation fault (core dumped) Maybe it is caused by my partially broken Xenial installation, maybe it is some Anbox bug (which cannot be surprising in such early stage) and maybe Anbox is not satisfied with llvmpipe (which would be unfortunate for Qubes users in general). Regards, Vít Šesták 'v6ak' Thanks for the hint! I can now launch things on the command line. I haven't tried all of the programs, but I was able to launch the program I installed (Obenkyo, a Japanese learning app that still works with Gingerbread so I know it will usual work with most non-standard Android environments too) and the Calendar app. I launched the Gallery3D app and got a black screen too. I wonder if the '3D' part implies that it needs OpenGL and thus, may have an issue under Qubes? Or maybe a missing dependency will fix things. The Chromium webview app just crashes. And I'm still not sure where to find the Application Manager command that launches the program you see on their YouTube video. It's too bad their website has no documentation on how to actually use this program (at least, that I could find); I guess they assume that it should be obvious if you can access the Unity dashboard (which it probably is). I don't know if this helps or if you tried it (I think you might have though, which means this is for anyone else who wants to try this), but I couldn't get adb or anything else to work until I ran 'anbox session-manager' on the command line and had it running in the background. If I didn't, adb (which I had to install separately; apt-get install adb) would say it couldn't find a device to connect to. ...and the Anbox session-manager just segmentation faulted on me. Well, at least there's some more progress. It sounds like that I'm having a similar experience to you on my regular PV TemplateVM as you are on your HVM, though. So at least the behaviour seems to be consistent, and fixing things on one will probably fix things on the other too. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/octmec%245k9%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: M.2 SSD Not recognized as a bootable device
On Wednesday, April 12, 2017 at 6:30:51 PM UTC-4, mystre...@gmail.com wrote: > Hello, i hope you can help me. > After I install Qubes to the SSD and reboot, it does not recognize the SSD as > a bootable device. Using the same install procedures on another SSD (SATA), > everything works fine. When using Qubes from the SSD (SATA) to access the M.2 > SSD, the BOOT file is empty, so there are no files to rename as you've > directed in the UEFI troubleshooting. Also, I cannot access the /BOOT/EFI/ > file on my SSD (SATA), it says I don't have the required permissions. > I have also compared the Partitions from my M.2 SSD and the other SSD and > they are the same. > M.2 SSD PARTITIONS: http://imgur.com/a/GPCYh > SSD PARTITIONS: http://imgur.com/a/QIzph check bios options. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b905325d-5a16-43ee-9d0f-f3ca338ad198%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Big problem?
On Saturday, April 15, 2017 at 12:10:12 PM UTC-4, rubb...@gmail.com wrote: > Okey, I will try to do it how you explain to me. So I need to get first a USB > with windows on it, that i can download online? But when I insert the USB > there wont popup a window or something how can I go back to windows from that > USB? If you can give me a detailed guide on how to do it I might be able to > do it. > > Sorry for my lack of knowledge, I really appreciate your help! how did you boot the Qubes USB? Just do the same thing and this time make a diff password. But maybe yes if you have no computer experience windows might be easier for you. Maybe call up Microsoft help line. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e69676a2-0864-40c8-8b54-1eda9b79a92e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Anbox?
I've tried the Xenial HVM way. Maybe I should perform a clean installation of Xenial, because the VM is partially broken from previous experiments. (I have to boot to recovery mode, remount / as rw and continue booting.) Nevertheless, I got to a similar point: The Android is accessible from adb and anbox commands, but I cannot always access its GUI. More importantly, I can give you a hint to try: AnBox generates normal *.destop files, just in slightly unusual location ~/snap/anbox/common/app-data/applications/anbox. These files seem to be generated on boot, you might need a while to see them. When you cat those files, you get a command to run. I have tried to do so, with varying results: a. Timeout or similar error message. b. Gallery app is runnung, but just a black window. (Nevertheless, it has shown timeout before showing the window.) c. Segmentation fault (core dumped) Maybe it is caused by my partially broken Xenial installation, maybe it is some Anbox bug (which cannot be surprising in such early stage) and maybe Anbox is not satisfied with llvmpipe (which would be unfortunate for Qubes users in general). Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9fd647fa-b75a-4d71-a575-decf7e37f378%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall question: DNS queries not working
On 04/15/2017 05:13 PM, Unman wrote: I trying to get IP addresses of github.com with "ping" or "getent hosts github.com", or "dig +short github.com", but it does not resolve IP addresses of github at VM. Why? Thanks. What is the AppVM connected to and are you using Tor upstream? Connected to ProxyVM with VPN on it. The problem with setup of VPN? When all access allowed, then all works fine at problemVM. -- Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41f82d80-8cf7-ee50-8617-0e79bad4a406%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Big problem?
Okey, I will try to do it how you explain to me. So I need to get first a USB with windows on it, that i can download online? But when I insert the USB there wont popup a window or something how can I go back to windows from that USB? If you can give me a detailed guide on how to do it I might be able to do it. Sorry for my lack of knowledge, I really appreciate your help! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/52ba2f2a-7884-49bc-ab00-e44e89122726%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HOWTO: Compiling Kernels for dom0
On 04/15/2017 04:44 AM, Foppe de Haan wrote: > also needed: rpm-sign, sparse, openssl-devel > > and creating a signing key, see e.g. here: http://fedoranews.org/tchung/gpg/ > Thanks for all of that. The signing part isn't that important though, unless you were planning on distributing the package. The rpms still get generated and stored in the rpms directory even though it throws out that error at the end about being unable to sign them. But it's good to know how to fix that for those who want to know. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/octg65%24qrk%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall question: DNS queries not working
On Sat, Apr 15, 2017 at 04:14:32PM +0300, Eva Star wrote: > At the AppVM firewall settings set to "allow DNS queries" and ICMP traffic > as well. (other network access set to deny) > > I trying to get IP addresses of github.com with "ping" or "getent hosts > github.com", or "dig +short github.com", but it does not resolve IP > addresses of github at VM. > > Why? Thanks. > > -- > Regards > What is the AppVM connected to and are you using Tor upstream? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170415141315.GB1770%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Big problem?
On Sat, Apr 15, 2017 at 12:06:34AM -0700, rubboe...@gmail.com wrote: > I think I can't get the passwors right... But what do you mean with that > there would be no other alternative to reinstall? Can I do it from the disk > password screen, could you explain me how to do that. Or is it just better to > go a computer specialist and that he could solve the problem for me? > >From what you've said you deletd Windows and installed Qubes encrypted. You now cant decrypt the disk. So you have no alternative but to reinstall something - whether Qubes or Windows, or something else, becuase that disk may as well be blank. If you cant get the password right there is no way round this. A computer specialist wont do anything different. He wont be able to "recover" Windows, and he wont be able to break the encryption. I'd save your money. Since you were able to install from a USB this sugegsts you will be able to reinstall "something" from a USB drive. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170415141054.GA1770%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Firewall question: DNS queries not working
At the AppVM firewall settings set to "allow DNS queries" and ICMP traffic as well. (other network access set to deny) I trying to get IP addresses of github.com with "ping" or "getent hosts github.com", or "dig +short github.com", but it does not resolve IP addresses of github at VM. Why? Thanks. -- Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a9f6eb90-049c-6b60-b6ff-b1c7149c8dd6%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Anbox?
On 04/15/2017 12:38 AM, Reg Tiangha wrote: > I guess I was wrong. The Anbox installer tries to install a 4.4 kernel > and then fails compiling the Anbox dkms module due to the lack of kernel > sources (I'm running a Qubes dom0 vm kernel). > > So I guess eventually, figuring out how to get a valid Grub > configuration working on this thing to boot a local Ubuntu kernel needs > to be done. It's weird that it doesn't work the same way as on my Debian > templates, though. My last resort is copying a valid grub.cfg from one > of my Debian templates over and manually editing it to point to use the > xenial kernel and initramfs, but I don't want to have to do that unless > absolutely necessary. But it's getting late in my part of the world, so > I'm calling it for now. If anyone else manages to figure this stuff out > in the meantime, please do share. > > Well, I couldn't sleep while I still had one more thing to try. So I copied over a working grub.cfg from one of my Debian 8 coldkernel VMs and edited it to use the Xeial kernel and initramfs (I installed the linux-generic-hwe-16.04 version which is 4.8). The VM then booted. I was following the instructions at the bottom here: https://www.qubes-os.org/doc/managing-vm-kernel/ which is essentially what you need to do to boot a coldkernel in a Debian template, but for some reason, it doesn't seem to work in Xenial because running update-grub2 does not create a proper grub.cfg file. So if someone else can figure out how to get grub on Xenial to produce a proper grub.cfg file, then that'll make life much easier for everyone. That should be Step 1 in figuring out how to get this stuff to work in a Xenial Template VM. Anyway, I had to regenerate all the dkms modules including Anbox's (easiest way was to just force reinstall qubes-kernel-vm-support) and then re-run the Anbox installer and then it installed successfully. That said, I don't know exactly how to use this. The YouTube video shows that you can access the manager by clicking on the icon in the Unity dash, but obviously, we don't have access to that. I was able to install an apk by starting the session-manager by typing in: anbox session-manager and then in a different window, installing an apk by running: adb install But I don't know how to access it. So I'm stuck again, but progress has been made and the program does run in the VM. What we need to figure out is: - How to get pvgrub working properly without having to do my kludge of copying over a grub.cfg file and manually editing it to work with a Xenial kernel. That'll make Anbox installation much easier later on. - How to actually use this program without being able to access the Unity dashboard. The other easy answer is to use a Xenial HVM, but I can't see why this can't work in a normal TemplateVM. Anyway, I think I've taken this as far as I can on my own. I now hand it off to others to figure out. Hopefully someone can by the time I wake up in the morning. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ocsiqt%24pqd%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Big problem?
I think I can't get the passwors right... But what do you mean with that there would be no other alternative to reinstall? Can I do it from the disk password screen, could you explain me how to do that. Or is it just better to go a computer specialist and that he could solve the problem for me? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ee0aefaf-85c1-4e17-a0c6-17ab09464bc1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Anbox?
On 04/15/2017 12:12 AM, Vít Šesták wrote:
> IIUC, for pvgrub, you need to choose it as kernel for the particular AppVM.
> Have you done so?
>
I did; I boot coldkernel on Debian templates, so I know how to work with
pvgrub. The problem is that it just isn't generating a grub.cfg file.
This is the output of grub-mkconfig:
user@xenial-snaps:~$ sudo grub-mkconfig
Generating grub configuration file ...
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function recordfail {
set recordfail=1
grub-probe: error: cannot find a GRUB drive for /dev/mapper/dmroot.
Check your device.map.
and what gets stored in /boot/grub.cfg.new. It doesn't even make a
regular grub.cfg file.
HOWEVER, I think this whole native kernel thing was a red herring. The
problem with the Anbox installer was that apparmor wasn't running, even
though the dom0 qubes-vm-kernel I'm running supports it. Easily fixed with:
qvm-prefs -s XenialVM kernelopts "nopat apparmor=1 security=apparmor"
And right now the installation is going. We'll see what happens when it
finishes.
If I get this running, I might try again without installing
qubes-kernel-vm-support. That might be unnecessary after all and it
might have been apparmor not running that was the real problem.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ocseis%24f8f%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Anbox?
IIUC, for pvgrub, you need to choose it as kernel for the particular AppVM. Have you done so? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c53e7e40-fb08-4332-a754-01ad7d5461ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
