[qubes-users] Re: Motherboard recommendations
Please refer to the Hardware Compatibility List if you're in no situation to go blind or full YOLO on some hardware. https://www.qubes-os.org/hcl/ Anything in the list that has all green(yes) on columns from HVM column to Kernel column should be good. Disregard "unknown" of TPM Column as it likely means the submitter of the HCL report file didn't bother checking the status of the TPM nor bothered configuring/trying to make it work. Note that the TPM only matters with high regard if you want to make Anti-evil maid work. For more information check: https://www.qubes-os.org/doc/anti-evil-maid/ Once you have picked a hardware candidate, be sure to thoroughly read the remarks as it is your key to getting things to work should some extra pre-configuration was needed for installation to finish properly. Mind you that on my first time of getting Qubes to work properly, I had to do tons of research and understanding to finally get it going nicely. If you're really determined for this then it's time to steel that determination some more and it also depends on your luck. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e3c5751e-7b04-4f50-ba03-5c12ba899594%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Boot failure after update / boot loop
Do you dual boot with Windows? If you do, the reason is that by default the Windows 10 installer will set the /boot/efi partition to 100mb which... is really not enough space. So keep that in mind. I made the changes and now it's happy. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83361ecf-bf20-416a-a11c-00be6e55afa4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] About X.Org vulnerability and Qubes
https://threatpost.com/x-org-flaw-allows-privilege-escalation-in-linux-systems/138624/ It is said that leveraging the vulnerability is possible from a remote SSH session. Say an attacker was able to successfully gain a remote SSH session in an untrusted VM, do you think it would be possible to gain full control through qubes' implementation of X.org? I checked around and if I understand it right, qubes utilizes X.org in order to integrate the display of PVH VM applications to what the user can/must see. Because of this, what's in my mind right now is that it's possible to leverage this vulnerability to gain full control but since I don't have an idea of the codes or how exactly qubes' implementation of X.org works, I would like to kindly ask for your thoughts about this matter. Earlier I was about to remove setuid of Xorg but I thought it has a good chance of breaking my desktop environment altogether and that would be alot of trouble for me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/848dfc38-040c-422a-958a-c20b68db1b87%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: My farewell to Qubes OS!
I've only been a minor part of the Qubes community and I am truly grateful that this kind of Operating System became a reality and am proud to say that I am using it as my daily driver. Thank you for all your contributions to the Qubes OS and I hope you well on your new journey :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/14ecb571-9e13-4f1c-ac9f-44a8b2a008c0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Ubuntu templates
On Saturday, October 27, 2018 at 9:51:56 PM UTC-5, unman wrote: > On Fri, Oct 26, 2018 at 03:23:34PM -0700, Patrick wrote: > > On Monday, October 8, 2018 at 9:28:26 AM UTC-5, unman wrote: > > > It's now straight forward to build templates for bionic as well as xenial, > > > using qubes-builder. > > > > > > If you want to try them out before building, I've uploaded freshly built > > > templates for 4.0, including a fairly hefty xenial-desktop template. > > > You can find details at https://qubes.3isec.org > > > > > > Updated packages are available from the repositories there, if you > > > already have a working template. > > > > > > unman > > > > Hi, I came to find this answer too, what is the best way to install an > > ubuntu vm? > > > > Also, just fyi, I want to run the VMware-Horizon-Client in order to run > > VDI. Documentation says it's tested on ubuntu and Red Hat. > > > > Thanks, > > Patrick > > > You can build your own template using qubes-builder. > Instructions for that are in the docs: > https://www.qubes-os.org/doc/qubes-builder > > Use ./setup to select the ubuntu version you want, then make qubes-vm and > make template will produce a new template. > Actually, the build is broken at the moment while I figure out how best > to deal with incorporating apt-transport-https in to the build, and mix > in security updates. > > In the meantime you can download some prebuilt Ubuntu templates from > https://qubes.3isec.org/ > > Whatever route you take, transfer the template to dom0 and install it > using dnf install > > unman Thanks Unman, Only, what's the difference between bionic and xenial? Sorry. Anyway I'm using 64 bit, qubes 4.0 on an Acer Aspire 5 - AS15 Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f493958-8126-4ffe-a0e0-0e5f4a834f43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installation Problem
On 10/29/2018 03:32 PM, Andy Powell wrote: Well that clears it up! Thanks!!! Very surprising...guess I’ll go to another distro. Bye Qubes! Its not surprising at all. Qubes is a bare-metal OS, and one of its core features is to isolate risk at the hardware level. This means on a Mac it _replaces_ OS X -- it doesn't run on it. A more logical arrangement would be to run OS X on Qubes which is the reverse of what you seek. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9840f411-1cd4-2fe9-c7b4-0a4675db90ca%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to connect Tenmplate VM to the internet
On Mon, Oct 29, 2018 at 09:32:40PM +0100, 799 wrote: > Hello, > > ... I am giving up. > > On Mon, 29 Oct 2018 at 02:13, unman wrote: > > > On Sun, Oct 28, 2018 at 10:58:21PM +0100, 799 wrote: > > > But the Template VM is unable to access the internet. > > > What needs to be done, so that I can connect the Template VM? > > > > > > Nothing further needs to be done. This should "just work"(TM). > > If it isnt working for you then you should do standard troubleshooting- > > Check that Template has IP address set (you shouldnt need to set this > > manually), and it is consistent with sys-firewall. > > Check the route. > > Check that /etc/resolv.conf looks proper. > > > > I am unable to enable networking on my template VM. > It is based on a regular fedora-28-minimal template as all my other > Templates. > Strangely I am able to install normal packages via dnf but the Template VM > is not showing an IP address. > > It seems that the eth0 interface is DOWN. > Honestly I don't understand how I can install packages at all if I can't > even ping my sys-firewall VM from the Template VM. > > So what are the detailed steps to enable networking in a Template VM which > is cloned from a fedora-28-minimal template? > > - O By default TemplateVMs are not network enabled. They are able to update because they use the Qubes Update Proxy. You can (and should) read about this at https://www.qubes-os.org/doc/software-update-vm/#updates-proxy You hadn't said previously that you were using a minimal template. Have a look at https://www.qubes-os.org/doc/templates/fedora-minimal/ What you need to do is: 1. qvm-run -u root xterm 2. (in template): dnf install qubes-core-agent-networking 3. Shutdown template 4. qvm-prefs netvm sys-firewall 5. qvm-run -u root xterm Bear in mind that templates are meant to be kept offline, and you should be particularly careful if you put one online. Any mistake here could compromise all qubes that use that template. HTH unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181029234619.czivfkbvfa4mpki7%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to connect Tenmplate VM to the internet
Hello, ... I am giving up. On Mon, 29 Oct 2018 at 02:13, unman wrote: > On Sun, Oct 28, 2018 at 10:58:21PM +0100, 799 wrote: > > But the Template VM is unable to access the internet. > > What needs to be done, so that I can connect the Template VM? > > Nothing further needs to be done. This should "just work"(TM). > If it isnt working for you then you should do standard troubleshooting- > Check that Template has IP address set (you shouldnt need to set this > manually), and it is consistent with sys-firewall. > Check the route. > Check that /etc/resolv.conf looks proper. > I am unable to enable networking on my template VM. It is based on a regular fedora-28-minimal template as all my other Templates. Strangely I am able to install normal packages via dnf but the Template VM is not showing an IP address. It seems that the eth0 interface is DOWN. Honestly I don't understand how I can install packages at all if I can't even ping my sys-firewall VM from the Template VM. So what are the detailed steps to enable networking in a Template VM which is cloned from a fedora-28-minimal template? - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2v0AMJvLFkAG5Gohrb_MUub6qt%2B1BZVJmLZfiC4BusEZg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installation Problem
Well that clears it up! Thanks!!! Very surprising...guess I’ll go to another distro. Bye Qubes! > On Oct 29, 2018, at 2:51 PM, Fidel Ramos wrote: > > ‐‐‐ Original Message ‐‐‐ >> On Monday, October 29, 2018 6:20 PM, Andy Powell wrote: >> >> Hello Qubes group! >> >> I’m trying to install Qubes but it fails after “Test this media & install >> Qubes R4.0” at “Loading initrd.img” >> >> I’m on a 2012 MacBook Pro, running Parallels (which I guess may be the >> issue, as 100% of your documentation refers to VirtualBox...do you support >> other hypervisors?) >> >> I’ve followed everything as best I can and am stuck in an infinite loop. No >> issues running other major OS VMs (Ubuntu, Mint, Fedora, various Win, etc) >> >> Please help! Thank you! >> >> —Andy > > Running QubesOS inside a virtual machine is not supported, and as you found > out it won't work in most configurations. > > If you want to try out Qubes in your machine you could install it into a USB > drive or USB HDD (i.e. put the installer into a USB drive, boot the > installer, then install into a *different* USB drive). It will be slower, but > you can see if it works with your hardware. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1D4515B3-B7B7-4A85-B804-CEFED1D2EF58%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installation Problem
‐‐‐ Original Message ‐‐‐ On Monday, October 29, 2018 6:20 PM, Andy Powell wrote: > Hello Qubes group! > > I’m trying to install Qubes but it fails after “Test this media & install > Qubes R4.0” at “Loading initrd.img” > > I’m on a 2012 MacBook Pro, running Parallels (which I guess may be the issue, > as 100% of your documentation refers to VirtualBox...do you support other > hypervisors?) > > I’ve followed everything as best I can and am stuck in an infinite loop. No > issues running other major OS VMs (Ubuntu, Mint, Fedora, various Win, etc) > > Please help! Thank you! > > —Andy Running QubesOS inside a virtual machine is not supported, and as you found out it won't work in most configurations. If you want to try out Qubes in your machine you could install it into a USB drive or USB HDD (i.e. put the installer into a USB drive, boot the installer, then install into a *different* USB drive). It will be slower, but you can see if it works with your hardware. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7OYwu-82Jm_sf1Br-sHUg4tMLjtBjyghaP7jvVhfEjZYa_9dRIBAswahD7_dSnOv7qzPc2_dHrhzL8Nz-VfM6g%3D%3D%40fidelramos.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Installation Problem
Hello Qubes group! I’m trying to install Qubes but it fails after “Test this media & install Qubes R4.0” at “Loading initrd.img” I’m on a 2012 MacBook Pro, running Parallels (which I guess may be the issue, as 100% of your documentation refers to VirtualBox...do you support other hypervisors?) I’ve followed everything as best I can and am stuck in an infinite loop. No issues running other major OS VMs (Ubuntu, Mint, Fedora, various Win, etc) Please help! Thank you! —Andy Sent from my iPhone -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/D829D6ED-59B3-44DB-B4C6-D671E5FDC375%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Motherboard recommendations
I have answered this question over 20 times - search before you post! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cefe4d82-1105-002b-009e-80299b14eb27%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS 3.2.1-rc1 has been released!
Any ETA on 4.0.1 yet? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a0499f5-d653-4ea7-ba57-7c248694f70e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: My farewell to Qubes OS!
Sad to see you go Joanna, thank you for all the work you put into Qubes OS. Golem Project is lucky to have you! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d10481ca-f903-437b-a85e-20609de1b22e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problem when creating a new standalone VM based on a template via the command line.
On Mon, Oct 29, 2018 at 10:29:30AM +, Fidel Ramos wrote:
> ‐‐‐ Original Message ‐‐‐
> On Monday, October 29, 2018 9:55 AM, Keld Norman
> wrote:
>
> > I am scripting the creation of a new standalone VM based on a template.
> >
> > I want to automate the creation of a Qube that I normally do in the Qubes
> > Manager GUI:
> > select Qubes -> Create New Qube
> > TYPE: Standalone Qube based on template.
> > TEMPLATE: bionic
> >
> > I have made this script and it works fine when adding a Qube as an AppVM
> > instead of a StandaloneVM
> >
> > #
> >
> > SCRIPT:
> >
> >
> >
> > #
> >
> > #!/bin/bash
> > clear
> > echo ""
> > SHUTDOWN_TIMEOUT=30
> > VM_NAME="Ubuntu18"
> >
> > if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then
> > #echo " The VM called ${VM_NAME} exist - do you want to delete it and
> > re-create it?"
> >
> > ask here.. to do scripting
> >
> > ===
> >
> > #echo ""
> >
> > exit 1
> >
> > ===
> >
> > echo " Deleting VM: ${VM_NAME}"
> > echo " ---"
> > echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})"
> > /usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME}
> > echo " - Deleting VM named ${VM_NAME}"
> > /usr/bin/qvm-remove --force ${VM_NAME}
> > fi
> >
> > CREATE NEW VM
> >
> > ==
> >
> > echo ""
> > echo " Creating VM: ${VM_NAME}"
> > echo " ---"
> > echo " Class AppVM"
> > echo " VirtMode hvm"
> > echo " Template bionic"
> > echo " Label orange"
> > echo " NetVM sys-net"
> > echo " Kernel ''"
> > echo " VCPU(s) 8"
> > echo " Memory 4096"
> >
> > /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange
> > --property vcpus=8 --property memory=4096 --property maxmem=4096 --property
> > netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME}
> > exit
> > echo ""
> > echo " - Disabling Memory info writer service"
> > /usr/bin/qvm-service ${VM_NAME} meminfo-writer off
> > /usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer
> > etc etc ...
> >
> > ---
> >
> >
> >
> > Here is the isolated command that fails:
> >
> > =
> >
> > [user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic
> > --label orange --property vcpus=8 --property memory=4096 --property
> > maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property
> > kernel='' Ubuntu18
> >
> > And here the output from journalctl -xe
> >
> >
> >
> > [user@dom0 bin]$ journalctl -xe
> > -- Unit user-0.slice has finished shutting down.
> > Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295
> > ses=4294967295 msg='unit=user@0 comm="systemd"
> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> > Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226):
> > pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd"
> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]:
> > balance_when_enough_memory(xen_free_memory=70634428,
> > total_mem_pref=3319025152.0, total_available_memory=28691692055.0)
> > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208
> > acceptors_count=2
> > Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460
> > acceptors_count=1
> > Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for
> > user root
> > Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2
> > msg='op=PAM:session_close
> > grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix
> > acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de
> > Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2
> > msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root"
> > exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/5 res=success'
> > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]:
> > balance_when_enough_memory(xen_free_memory=70634428,
> > total_mem_pref=3254653644.8, total_available_memory=28756063562.17)
> > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351
> > acceptors_count=2
> > Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825
> > acceptors_count=1
> > Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling
> > src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic'
> > len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE
> > PROBLEM ?
> > Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last):
> > Oct 29 10:27:46 dom0 qubesd[2612]: File
> > "/usr/lib/python3.5/site-packages/qubes/api/init.py",
Re: [qubes-users] Problem when creating a new standalone VM based on a template via the command line.
‐‐‐ Original Message ‐‐‐
On Monday, October 29, 2018 9:55 AM, Keld Norman wrote:
> I am scripting the creation of a new standalone VM based on a template.
>
> I want to automate the creation of a Qube that I normally do in the Qubes
> Manager GUI:
> select Qubes -> Create New Qube
> TYPE: Standalone Qube based on template.
> TEMPLATE: bionic
>
> I have made this script and it works fine when adding a Qube as an AppVM
> instead of a StandaloneVM
>
> #
>
> SCRIPT:
>
>
>
> #
>
> #!/bin/bash
> clear
> echo ""
> SHUTDOWN_TIMEOUT=30
> VM_NAME="Ubuntu18"
>
> if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then
> #echo " The VM called ${VM_NAME} exist - do you want to delete it and
> re-create it?"
>
> ask here.. to do scripting
>
> ===
>
> #echo ""
>
> exit 1
>
> ===
>
> echo " Deleting VM: ${VM_NAME}"
> echo " ---"
> echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})"
> /usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME}
> echo " - Deleting VM named ${VM_NAME}"
> /usr/bin/qvm-remove --force ${VM_NAME}
> fi
>
> CREATE NEW VM
>
> ==
>
> echo ""
> echo " Creating VM: ${VM_NAME}"
> echo " ---"
> echo " Class AppVM"
> echo " VirtMode hvm"
> echo " Template bionic"
> echo " Label orange"
> echo " NetVM sys-net"
> echo " Kernel ''"
> echo " VCPU(s) 8"
> echo " Memory 4096"
>
> /usr/bin/qvm-create --class StandaloneVM --template bionic --label orange
> --property vcpus=8 --property memory=4096 --property maxmem=4096 --property
> netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME}
> exit
> echo ""
> echo " - Disabling Memory info writer service"
> /usr/bin/qvm-service ${VM_NAME} meminfo-writer off
> /usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer
> etc etc ...
>
> ---
>
>
>
> Here is the isolated command that fails:
>
> =
>
> [user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic
> --label orange --property vcpus=8 --property memory=4096 --property
> maxmem=4096 --property netvm=sys-net --property virt_mode=hvm --property
> kernel='' Ubuntu18
>
> And here the output from journalctl -xe
>
>
>
> [user@dom0 bin]$ journalctl -xe
> -- Unit user-0.slice has finished shutting down.
> Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295
> ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd"
> hostname=? addr=? terminal=? res=success'
> Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226):
> pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd"
> exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]:
> balance_when_enough_memory(xen_free_memory=70634428,
> total_mem_pref=3319025152.0, total_available_memory=28691692055.0)
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208
> acceptors_count=2
> Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460
> acceptors_count=1
> Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for
> user root
> Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2
> msg='op=PAM:session_close
> grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix
> acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de
> Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2
> msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo"
> hostname=? addr=? terminal=/dev/pts/5 res=success'
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]:
> balance_when_enough_memory(xen_free_memory=70634428,
> total_mem_pref=3254653644.8, total_available_memory=28756063562.17)
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351
> acceptors_count=2
> Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825
> acceptors_count=1
> Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling
> src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic'
> len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE
> PROBLEM ?
> Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last):
> Oct 29 10:27:46 dom0 qubesd[2612]: File
> "/usr/lib/python3.5/site-packages/qubes/api/init.py", line 262, in respond
> Oct 29 10:27:46 dom0 qubesd[2612]: untrusted_payload=untrusted_payload)
> Oct 29 10:27:46 dom0 qubesd[2612]: File
> "/usr/lib64/python3.5/asyncio/futures.py", line 381, in iter
> Oct 29 10:27:46 dom0 qubesd[2612]: yield self # This tells Task to wait for
> completion.
> Oct 29 10:27:46 dom0
[qubes-users] Problem when creating a new standalone VM based on a template via the command line.
I am scripting the creation of a new standalone VM based on a template.
I want to automate the creation of a Qube that I normally do in the Qubes
Manager GUI:
select Qubes -> Create New Qube
TYPE: Standalone Qube based on template.
TEMPLATE: bionic
I have made this script and it works fine when adding a Qube as an AppVM
instead of a StandaloneVM
#
# SCRIPT:
#
#!/bin/bash
clear
echo ""
SHUTDOWN_TIMEOUT=30
VM_NAME="Ubuntu18"
if [ $(/usr/bin/qvm-ls|grep ^${VM_NAME}|wc -l) -ne 0 ]; then
#echo " The VM called ${VM_NAME} exist - do you want to delete it and
re-create it?"
# ask here.. to do scripting
#echo ""
# exit 1
echo " Deleting VM: ${VM_NAME}"
echo " ---"
echo " - Shutting down (timeout ${SHUTDOWN_TIMEOUT})"
/usr/bin/qvm-shutdown --wait --timeout ${SHUTDOWN_TIMEOUT} ${VM_NAME}
echo " - Deleting VM named ${VM_NAME}"
/usr/bin/qvm-remove --force ${VM_NAME}
fi
# CREATE NEW VM
echo ""
echo " Creating VM: ${VM_NAME}"
echo " ---"
echo " Class AppVM"
echo " VirtMode hvm"
echo " Template bionic"
echo " Label orange"
echo " NetVMsys-net"
echo " Kernel''"
echo " VCPU(s)8"
echo " Memory 4096"
/usr/bin/qvm-create --class StandaloneVM --template bionic --label orange
--property vcpus=8 --property memory=4096 --property maxmem=4096 --property
netvm=sys-net --property virt_mode=hvm --property kernel='' ${VM_NAME}
exit
echo ""
echo " - Disabling Memory info writer service"
/usr/bin/qvm-service ${VM_NAME} meminfo-writer off
/usr/bin/qvm-features --unset ${VM_NAME} service.meminfo-writer
etc etc ...
# ---
# Here is the isolated command that fails:
[user@dom0 bin]$ /usr/bin/qvm-create --class StandaloneVM --template bionic
--label orange --property vcpus=8 --property memory=4096 --property maxmem=4096
--property netvm=sys-net --property virt_mode=hvm --property kernel='' Ubuntu18
# And here the output from journalctl -xe
[user@dom0 bin]$ journalctl -xe
-- Unit user-0.slice has finished shutting down.
Oct 29 10:27:38 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295
ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
Oct 29 10:27:38 dom0 kernel: audit: type=1131 audit(1540805258.364:226): pid=1
uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]:
balance_when_enough_memory(xen_free_memory=70634428,
total_mem_pref=3319025152.0, total_available_memory=28691692055.0)
Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=7070424208
acceptors_count=2
Oct 29 10:27:41 dom0 qmemman.daemon.algo[2611]: left_memory=2881216460
acceptors_count=1
Oct 29 10:27:42 dom0 sudo[7047]: pam_unix(sudo:session): session closed for
user root
Oct 29 10:27:42 dom0 audit[7047]: USER_END pid=7047 uid=0 auid=1000 ses=2
msg='op=PAM:session_close
grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix
acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/de
Oct 29 10:27:42 dom0 audit[7047]: CRED_DISP pid=7047 uid=0 auid=1000 ses=2
msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/bin/sudo"
hostname=? addr=? terminal=/dev/pts/5 res=success'
Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]:
balance_when_enough_memory(xen_free_memory=70634428,
total_mem_pref=3254653644.8, total_available_memory=28756063562.17)
Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=7293221351
acceptors_count=2
Oct 29 10:27:42 dom0 qmemman.daemon.algo[2611]: left_memory=3062594825
acceptors_count=1
Oct 29 10:27:46 dom0 qubesd[2612]: unhandled exception while calling
src=b'dom0' meth=b'admin.vm.Create.StandaloneVM' dest=b'dom0' arg=b'bionic'
len(untrusted_payload)=26 <-- NOTICE THE UNTRUSTED MARKING HERE IS THAT THE
PROBLEM ?
Oct 29 10:27:46 dom0 qubesd[2612]: Traceback (most recent call last):
Oct 29 10:27:46 dom0 qubesd[2612]: File
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 262, in respond
Oct 29 10:27:46 dom0 qubesd[2612]: untrusted_payload=untrusted_payload)
Oct 29 10:27:46 dom0 qubesd[2612]: File
"/usr/lib64/python3.5/asyncio/futures.py", line 381, in __iter__
Oct 29 10:27:46 dom0 qubesd[2612]: yield self # This tells Task to wait
for completion.
Oct 29 10:27:46 dom0 qubesd[2612]: File
"/usr/lib64/python3.5/asyncio/tasks.py", line 310, in _wakeup
Oct 29 10:27:46 dom0 qubesd[2612]: future.result()
Oct 29 10:27:46 dom0 qubesd[2612]: File
"/usr/lib64/python3.5/asyncio/futures.py", line 294, in result
Oct 29 10:27:46 dom0 qubesd[2612]: raise self._exception
Oct 29 10:27:46 dom0 qubesd[2612]: File
"/usr/lib64/python3.5/asyncio/tasks.py", line 240, in _step
Oct 29 10:27:46 dom0 qubesd[2612]: result =
Re: [qubes-users] Re: system doesn't boot after update
‐‐‐ Original Message ‐‐‐ On Monday, October 29, 2018 4:39 AM, wrote: > Me too, I did qvm-dom0-update yesterday and when it tried to re-boot it got > in a boot loop, and I'll re-type the messages here: > > > > Xen 4.8.4 (c/s) EFI loader > Using configuration file 'xen.cfg' > vmlinux-4.14.74-1.pvops.qubes.x86_64: 0x495ae000-0x49b8db20 > initramfs-4.14.74-1.pvops.qubes.x86_64.img: > 0x49002000-0x495ae000 > 0x:0x01:0x00.0x0: ROM: 0x19400 bytes at 0x5302e018 > 0x:0x00:0x02.0x0: ROM: 0x1 bytes at 0x5300c018 > > -- > > [ 0.179397] ACPI Error: [\SB.PCIO.XHC_.?HUB.HS11] Namespace lookup failure > AE-NOT_FOUND (20170720/dswload-210) > [ 0.179406] ACPI Exception: AE_NOT_FOUND, During name lookup/catalog > (20170720/psobject-252) > [ 0.179500] ACPI Exception: AE_NOT_FOUND, (SSDT:ProjSalt) while loading table > (20170728/tbxfload-220) > [ 0.188039] ACPI Error: 1 table load failures, 11 successful > (20170728/tbxflad-246) > [ 0.508657] Initramfs unpacking failed: read error > [ 2.762742] Kernel panic 0 not syncing: UFS: Unable to mount root fs on > unknown-block(0.0) > [ 2.762769] CPU: Z PID: 1 Comm: swapper/0 Not tainted > 4.1474-1.pvops.qubes.x86_64 #1 > [ 2.762790] Hardware name: LENOVO , BIOS N1TET41W (1.15) 10/20/2017 > [ 2.762813] Call Trace: > [ 2.762826] dump_stack+0x5c/0x85 > [ 2.762839] panic+0xc4/0x252 > [ 2.762851] mount_block_root+0x35b/0x52c > [ 2.762865] ? do_early_param+0x16e/0x16e > [ 2.762879] prepare_namespace+0x278/0x245 > [ 2.762892] ? do_early_param+0x16e/0x16e > [ 2.762905] kernel_init_freeable+0x2c8/0x324 > [ 2.762920] ? rest_init+0xb0/0xb0 > [ 2.762932] kernel_init+0xa/0x101 > [ 2.762945] ret_from_fork+0x35/0x40 > [ 2.762964] Kernel Offset: disabled > > - > > I anyone could help me get my qubes running again I'd be much obliged. I found this post in an Archlinux forum that has the same error: https://bbs.archlinux.org/viewtopic.php?id=131785 The problem was that the /boot partition ran out of space. Try checking the available space in your boot partition and if it's zero or low remove some of the old kernels, then recreate the initramfs images. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/XnPXXKP784ZOmR94pzVaziHlnikXFg7iwnYVWboNx-g0qa77Bev2Z3Btf9DXnz57DY_HFAgjklpe9t2V6XJ15g%3D%3D%40fidelramos.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Boot failure after update / boot loop
On Sunday, October 21, 2018 at 3:15:37 PM UTC, Alchemist wrote: > So i just installed 4.0 and updated it, after I ran the update I rebooted. > > I'm no longer able to boot into qubes, even using refid, I can see the EFI > boot string but it just shuts down the machine. I've got the same problem, see my 'miss-post' https://groups.google.com/forum/#!topic/qubes-users/eW3N434-tlo and will try the same solution as offered by @awokd. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46ea3f0e-88ac-4583-9b92-748e1d1ce3be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: system doesn't boot after update
On Monday, October 29, 2018 at 4:39:03 AM UTC, joeh...@gmail.com wrote: > Me too, I did qvm-dom0-update yesterday and when it tried to re-boot it got > in a boot loop, and I'll re-type the messages here: > - > Xen 4.8.4 (c/s) EFI loader > Using configuration file 'xen.cfg' > vmlinux-4.14.74-1.pvops.qubes.x86_64: 0x495ae000-0x49b8db20 > initramfs-4.14.74-1.pvops.qubes.x86_64.img: > 0x49002000-0x495ae000 > 0x:0x01:0x00.0x0: ROM: 0x19400 bytes at 0x5302e018 > 0x:0x00:0x02.0x0: ROM: 0x1 bytes at 0x5300c018 > - > [0.179397] ACPI Error: [\_SB_.PCIO.XHC_.?HUB.HS11] Namespace lookup > failure > AE-NOT_FOUND (20170720/dswload-210) > [0.179406] ACPI Exception: AE_NOT_FOUND, During name lookup/catalog > (20170720/psobject-252) > [0.179500] ACPI Exception: AE_NOT_FOUND, (SSDT:ProjSalt) while loading > table (20170728/tbxfload-220) > [0.188039] ACPI Error: 1 table load failures, 11 successful > (20170728/tbxflad-246) > [0.508657] Initramfs unpacking failed: read error > [2.762742] Kernel panic 0 not syncing: UFS: Unable to mount root fs on > unknown-block(0.0) > [2.762769] CPU: Z PID: 1 Comm: swapper/0 Not tainted > 4.1474-1.pvops.qubes.x86_64 #1 > [2.762790] Hardware name: LENOVO, BIOS N1TET41W (1.15) 10/20/2017 > [2.762813] Call Trace: > [2.762826] dump_stack+0x5c/0x85 > [2.762839] panic+0xc4/0x252 > [2.762851] mount_block_root+0x35b/0x52c > [2.762865] ? do_early_param+0x16e/0x16e > [2.762879] prepare_namespace+0x278/0x245 > [2.762892] ? do_early_param+0x16e/0x16e > [2.762905] kernel_init_freeable+0x2c8/0x324 > [2.762920] ? rest_init+0xb0/0xb0 > [2.762932] kernel_init+0xa/0x101 > [2.762945] ret_from_fork+0x35/0x40 > [2.762964] Kernel Offset: disabled > > > I anyone could help me get my qubes running again I'd be much obliged. I just see there was another one with the same problem: https://groups.google.com/forum/#!topic/qubes-users/ftXn36ipklQ I'm going to try the solution proposed there and will continue in that thread, as it is more related than this one. Sorry for the wrong posting here. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/058a7857-a840-4516-922c-6fc42c66a56c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] system doesn't boot after update
Hello Sorry, it was a typo. It is dev I will try to paste a whole log later today Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f85ec4b8-6657-48d4-87c3-b28fd980290b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
