[qubes-users] QSB #45: Insecure default Salt configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We have just published Qubes Security Bulletin (QSB) #45: Insecure default Salt configuration. The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). View QSB #45 in the qubes-secpack: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-045-2018.txt Learn about the qubes-secpack, including how to obtain, verify, and read it: https://www.qubes-os.org/security/pack/ View all past QSBs: https://www.qubes-os.org/security/bulletins/ ---===[ Qubes Security Bulletin #45 ]===--- 2018-12-03 Insecure default Salt configuration Summary In Qubes OS, one use of Salt (aka SaltStack) is to configure software installed in domUs (including TemplateVMs and AppVMs). [1] To protect dom0 from potentially compromised domUs, all complex processing is done in a DisposableVM. [2] Each target domU being configured gets a separate DisposableVM, which is given power to execute arbitrary commands (through the qubes.VMShell qrexec service) in that target domU. In the default configuration, each DisposableVM generated for this purpose is based on the same default DVM Template that is used for all other default DisposableVM actions (including the default "Disposable: Firefox" menu entry). This DVM Template has a red label and has networking enabled, which might suggest that it is not security-critical. However, if this default DVM Template were compromised (for example, by a web browser plugin the user had installed there [3]), then the next time Salt were used, it could also compromise all target domUs it were configuring. Although it is possible to use an alternative DVM Template for Salt, the option to do so has not been exposed through any command-line or graphical user interface. Vulnerable systems == To exploit this vulnerability, two conditions must be met: 1. The user must actively use Salt to configure software inside a domU. This does not happen by default; user intervention is required. Only domUs configured by Salt are affected. 2. The user must compromise the default DVM Template. (For example, the user might customize the DVM Template by installing an untrusted program in it, not realizing the security implications of doing so.) The issue affects only Qubes OS 4.0. In Qubes 3.2, Salt processing occurs in a temporary AppVM based on the default TemplateVM. Resolution == To fix this problem, we are implementing two changes: 1. Adding the "management_dispvm" VM property, which specifies the DVM Template that should be used for management, such as Salt configuration. TemplateBasedVMs inherit this property from their parent TemplateVMs. If the value is not set explicitly, the default is taken from the global "management_dispvm" property. The VM-specific property is set with the qvm-prefs command, while the global property is set with the qubes-prefs command. 2. Creating the "default-mgmt-dvm" DVM Template, which is hidden from the menu (to avoid accidental use), has networking disabled, and has a black label (the same as TemplateVMs). This VM is set as the global "management_dispvm". Patching = The specific packages that resolve the problems discussed in this bulletin are as follows: For Qubes OS 4.0: - qubes-core-dom0 version 4.0.36 - qubes-mgmt-salt-dom0-virtual-machines version 4.0.15 - qubes-mgmt-salt-admin-tools version 4.0.12 For Qubes OS 3.2: - No packages necessary, since 3.2 is not affected. (See above for details.) The packages are to be installed in dom0 via the Qubes VM Manager or via the qubes-dom0-update command as follows: For updates from the stable repository (not immediately available): $ sudo qubes-dom0-update For updates from the security-testing repository: $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing These packages will migrate from the security-testing repository to the current (stable) repository over the next two weeks after being tested by the community. Credits The issue was reported by Demi M. Obenour References === [1] https://www.qubes-os.org/doc/salt/#configuring-a-vms-system-from-dom0 [2] https://github.com/QubesOS/qubes-issues/issues/1541#issuecomment-187482786 [3] https://www.qubes-os.org/doc/dispvm-customization/ - -- The Qubes Security Team https://www.qubes-os.org/security/ This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2018/12/03/qsb-45/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE-
[qubes-users] HCL - ASUS Maximus VIII Hero, i7-6700k with EVGA GTX1070
Installed onto the Samsung 970 evo NVMe SSD 1TB. It was fast, really nice, and no glitches. I unplugged all of the other drives, and only added them after setup was all complete. It is a dual boot right now, but I have to go into bios to manually select Qubes drive for boot. I'm still learning and experimenting, so I'll eventually get it off the dual boot, but just need to figure out how the whole system works. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4216d80d-558d-b458-e3e5-c47e91cd53e0%40gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-System_manufacturer-System_Product_Name-20181202-103030.yml Description: application/yaml Qubes-HCL-System_manufacturer-System_Product_Name-20181202-103030.cpio.gz Description: application/gzip
[qubes-users] Re: How to create AppVM?
On Sunday, December 2, 2018 at 12:19:23 PM UTC-7, seshu wrote: > Hi, I'm really excited that i got 4.0.1 RC installed on my desktop. I'm a > first time Qubes user, but have quickly come up to speed. > > One thing I haven't noticed in the Docs is how to create an appVM? I want to > setup Google Chrome to play Netflix. But, do that in a separate appVM. > Similarily for email, etc. Is their documentation on this and I'm just > missing it? > > Thanks in advance for the help! > > It's really cool to be using Qubes! Thank you very much! When I get a chance, I'll help update the documentation. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e1b22b6-40d0-4247-b01f-e25d1d7fefd0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fresh qubes-builder minimal templates = Terminal not starting
Am Dienstag, 4. Dezember 2018 01:04:33 UTC+1 schrieb unman: > On Mon, Dec 03, 2018 at 06:30:40AM -0800, n1ete wrote: > > Am Montag, 3. Dezember 2018 15:07:25 UTC+1 schrieb unman: > > > On Mon, Dec 03, 2018 at 06:05:16AM -0800, n1ete wrote: > > > > Am Montag, 3. Dezember 2018 13:35:40 UTC+1 schrieb unman: > > > > > On Sat, Dec 01, 2018 at 12:56:07PM -0800, n1ete wrote: > > > > > > i created today 3 minimal templates for qubes. > > > > > > centos-7, f29 and an debian stretch one... > > > > > > > > > > > > they all appear to start fine but the xterm window doesnt show up > > > > > > on all of them. > > > > > > my first instant thought that something at the builder script went > > > > > > wrongeven after reread template applications nothing changed... > > > > > > > > > > > > except on the stretch template: after rereading the applications, > > > > > > uxterm was added and is also showing up when i start it from the > > > > > > menu > > > > > > this lead me to the assumption that building went in general fine > > > > > > and something else is broken > > > > > > > > > > > > .xsession-error log shows no errors expect for some scaling issues > > > > > > but mainly after an "qvm-run -a centos-7-minimal xterm" > > > > > > > > > > > > i see > > > > > > " > > > > > > centos-7-minimal: Starting GUI > > > > > > centos-7-minimal: Sending monitor layout > > > > > > " > > > > > > > > > > > > help for debbuging this and pointing me into the right direction is > > > > > > greatly appreciated ;) > > > > > > > > > > > > > > > > run qvm-run with -p flag, and you may see something useful. > > > > > > > > > > Or qvm-start centos-7-minimal, and then attach to console using > > > > > 'sudo xl console centos-7-minimal' - log in as root,' su - user', and > > > > > then > > > > > start running commands and checking output and logs. > > > > > > > > > > unman > > > > > > > > > > > > thanks for the hint attaching to the consolelogin as root needs a > > > > password and i didnt set yet any... i could mount the root fs and > > > > chroot into it to set one but did i forgott something when building > > > > these templates? any recommended procedure to set one? > > > > > > > You dont have passwordless-root package installed. > > > Much easier to qvm-run -u root passwd > > > > thank you so much > > you think thats it? so i integrate the passwordless-root in my building > > process and it should work? > > > > if i do on dom0 a "qvm-run -u root centos-7-minimal passwd" it doesnt > > return anything...and stuck there with a blinking cursor like any "qvm-run" > > command > > > > You want to intercat with the passwd command, so of course you need -p; > qvm-run -p -u root passwd yeah your right, figured that out a bit later...unfortunatly nothing happens after execution the cursor just sits there like the programm (passwd) is open but i cant see nothing on dom0...i have to ctrl+c out and get some python traceback shown in dom0 terminal. cant see in the build logs folder any passwordless sudo meta package but found some other errors in all of the template building logs could this be related to my error? " -> Installing core RPM packages... /bin/sh: error while loading shared libraries: libtinfo.so.5: cannot open shared object file: No such file or directory warning: %post(libsepol-2.5-8.1.el7.x86_64) scriptlet failed, exit status 127 Failed to get D-Bus connection: Operation not permitted " btw. any easy way to copy+paste logs from dom0 or do i have to copy the files first in a lower lvl domain? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15fe8b84-bdea-45a1-ac42-50524f2f83f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] bind-dirs qubes 4.0
On Mon, Dec 03, 2018 at 07:03:47AM -0800, Roy Bernat wrote: > On Monday, 3 December 2018 08:01:12 UTC-5, unman wrote: > > On Sun, Dec 02, 2018 at 07:07:28AM -0800, Roy Bernat wrote: > > > Hi > > > > > > > > > I use this article to create bind-dirs > > > > > > i created this file 50_user.conf under /rw/config/qubes-bind-dirs.d > > > > > > with the following > > > > > > > > > binds+=( '/var/lib/docker' ) > > > binds+=( '/etc/docker' ) > > > > > > > > > for testing i created a folder inside /var/lib/docker called test and > > > after > > > > > > reboot the folder removed . > > > > > > what is the mistake ? > > > > > > 10x all > > > Roy > > > > > > > No mistake - you need to reboot and then create the folder. > > If you look in the "How does it work?" section, you'll see this > > explained. > > in the templateVM ? or in machine i created ? > bind-dirs is used in TemplateBasedVMs to make files/folders that would otherwise come from the template specific to that qube. So if you put that conf file in the qube, restart it and then make changes in /var/lib/docker, and you will see that the changes remain after rebooting the qube. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181204000754.r3dtqpwkhubj35e7%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fresh qubes-builder minimal templates = Terminal not starting
On Mon, Dec 03, 2018 at 06:30:40AM -0800, n1ete wrote: > Am Montag, 3. Dezember 2018 15:07:25 UTC+1 schrieb unman: > > On Mon, Dec 03, 2018 at 06:05:16AM -0800, n1ete wrote: > > > Am Montag, 3. Dezember 2018 13:35:40 UTC+1 schrieb unman: > > > > On Sat, Dec 01, 2018 at 12:56:07PM -0800, n1ete wrote: > > > > > i created today 3 minimal templates for qubes. > > > > > centos-7, f29 and an debian stretch one... > > > > > > > > > > they all appear to start fine but the xterm window doesnt show up on > > > > > all of them. > > > > > my first instant thought that something at the builder script went > > > > > wrongeven after reread template applications nothing changed... > > > > > > > > > > except on the stretch template: after rereading the applications, > > > > > uxterm was added and is also showing up when i start it from the menu > > > > > this lead me to the assumption that building went in general fine and > > > > > something else is broken > > > > > > > > > > .xsession-error log shows no errors expect for some scaling issues > > > > > but mainly after an "qvm-run -a centos-7-minimal xterm" > > > > > > > > > > i see > > > > > " > > > > > centos-7-minimal: Starting GUI > > > > > centos-7-minimal: Sending monitor layout > > > > > " > > > > > > > > > > help for debbuging this and pointing me into the right direction is > > > > > greatly appreciated ;) > > > > > > > > > > > > > run qvm-run with -p flag, and you may see something useful. > > > > > > > > Or qvm-start centos-7-minimal, and then attach to console using > > > > 'sudo xl console centos-7-minimal' - log in as root,' su - user', and > > > > then > > > > start running commands and checking output and logs. > > > > > > > > unman > > > > > > > > > thanks for the hint attaching to the consolelogin as root needs a > > > password and i didnt set yet any... i could mount the root fs and chroot > > > into it to set one but did i forgott something when building these > > > templates? any recommended procedure to set one? > > > > > You dont have passwordless-root package installed. > > Much easier to qvm-run -u root passwd > > thank you so much > you think thats it? so i integrate the passwordless-root in my building > process and it should work? > > if i do on dom0 a "qvm-run -u root centos-7-minimal passwd" it doesnt return > anything...and stuck there with a blinking cursor like any "qvm-run" command > You want to intercat with the passwd command, so of course you need -p; qvm-run -p -u root passwd -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181204000429.scxppjwq4bqowgzr%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] unable to use USB ports with R4.0.1-rc1 on X1 Carbon 6th
Hi, do you have any debugging hints to get USB ports working either in sys-usb or in dom0 on an X1 carbon 6th generation? the default sys-usb config does not work (usb functionality not available in VM) then I tried to get it to work in dom0 by unassigning the devices from the sys-usb VM and rebooting but with no success. I updated to the bios version 1.34 released in November 2018. thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b5da53fb-7d5c-f867-19ce-940efb4c70c3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] bind-dirs qubes 4.0
On Monday, 3 December 2018 08:01:12 UTC-5, unman wrote: > On Sun, Dec 02, 2018 at 07:07:28AM -0800, Roy Bernat wrote: > > Hi > > > > > > I use this article to create bind-dirs > > > > i created this file 50_user.conf under /rw/config/qubes-bind-dirs.d > > > > with the following > > > > > > binds+=( '/var/lib/docker' ) > > binds+=( '/etc/docker' ) > > > > > > for testing i created a folder inside /var/lib/docker called test and after > > > > reboot the folder removed . > > > > what is the mistake ? > > > > 10x all > > Roy > > > > No mistake - you need to reboot and then create the folder. > If you look in the "How does it work?" section, you'll see this > explained. in the templateVM ? or in machine i created ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83ec5bd5-774e-47c6-b4f1-fb26d17b9082%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fresh qubes-builder minimal templates = Terminal not starting
Am Montag, 3. Dezember 2018 15:07:25 UTC+1 schrieb unman: > On Mon, Dec 03, 2018 at 06:05:16AM -0800, n1ete wrote: > > Am Montag, 3. Dezember 2018 13:35:40 UTC+1 schrieb unman: > > > On Sat, Dec 01, 2018 at 12:56:07PM -0800, n1ete wrote: > > > > i created today 3 minimal templates for qubes. > > > > centos-7, f29 and an debian stretch one... > > > > > > > > they all appear to start fine but the xterm window doesnt show up on > > > > all of them. > > > > my first instant thought that something at the builder script went > > > > wrongeven after reread template applications nothing changed... > > > > > > > > except on the stretch template: after rereading the applications, > > > > uxterm was added and is also showing up when i start it from the menu > > > > this lead me to the assumption that building went in general fine and > > > > something else is broken > > > > > > > > .xsession-error log shows no errors expect for some scaling issues > > > > but mainly after an "qvm-run -a centos-7-minimal xterm" > > > > > > > > i see > > > > " > > > > centos-7-minimal: Starting GUI > > > > centos-7-minimal: Sending monitor layout > > > > " > > > > > > > > help for debbuging this and pointing me into the right direction is > > > > greatly appreciated ;) > > > > > > > > > > run qvm-run with -p flag, and you may see something useful. > > > > > > Or qvm-start centos-7-minimal, and then attach to console using > > > 'sudo xl console centos-7-minimal' - log in as root,' su - user', and then > > > start running commands and checking output and logs. > > > > > > unman > > > > > > thanks for the hint attaching to the consolelogin as root needs a > > password and i didnt set yet any... i could mount the root fs and chroot > > into it to set one but did i forgott something when building these > > templates? any recommended procedure to set one? > > > You dont have passwordless-root package installed. > Much easier to qvm-run -u root passwd thank you so much you think thats it? so i integrate the passwordless-root in my building process and it should work? if i do on dom0 a "qvm-run -u root centos-7-minimal passwd" it doesnt return anything...and stuck there with a blinking cursor like any "qvm-run" command -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6e041488-ba96-49d2-acc1-89e5b234fa32%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fresh qubes-builder minimal templates = Terminal not starting
On Mon, Dec 03, 2018 at 06:05:16AM -0800, n1ete wrote: > Am Montag, 3. Dezember 2018 13:35:40 UTC+1 schrieb unman: > > On Sat, Dec 01, 2018 at 12:56:07PM -0800, n1ete wrote: > > > i created today 3 minimal templates for qubes. > > > centos-7, f29 and an debian stretch one... > > > > > > they all appear to start fine but the xterm window doesnt show up on all > > > of them. > > > my first instant thought that something at the builder script went > > > wrongeven after reread template applications nothing changed... > > > > > > except on the stretch template: after rereading the applications, uxterm > > > was added and is also showing up when i start it from the menu > > > this lead me to the assumption that building went in general fine and > > > something else is broken > > > > > > .xsession-error log shows no errors expect for some scaling issues > > > but mainly after an "qvm-run -a centos-7-minimal xterm" > > > > > > i see > > > " > > > centos-7-minimal: Starting GUI > > > centos-7-minimal: Sending monitor layout > > > " > > > > > > help for debbuging this and pointing me into the right direction is > > > greatly appreciated ;) > > > > > > > run qvm-run with -p flag, and you may see something useful. > > > > Or qvm-start centos-7-minimal, and then attach to console using > > 'sudo xl console centos-7-minimal' - log in as root,' su - user', and then > > start running commands and checking output and logs. > > > > unman > > > thanks for the hint attaching to the consolelogin as root needs a > password and i didnt set yet any... i could mount the root fs and chroot into > it to set one but did i forgott something when building these templates? any > recommended procedure to set one? > You dont have passwordless-root package installed. Much easier to qvm-run -u root passwd -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181203140724.oqo5m4jv6vzgjylb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fresh qubes-builder minimal templates = Terminal not starting
Am Montag, 3. Dezember 2018 13:35:40 UTC+1 schrieb unman: > On Sat, Dec 01, 2018 at 12:56:07PM -0800, n1ete wrote: > > i created today 3 minimal templates for qubes. > > centos-7, f29 and an debian stretch one... > > > > they all appear to start fine but the xterm window doesnt show up on all of > > them. > > my first instant thought that something at the builder script went > > wrongeven after reread template applications nothing changed... > > > > except on the stretch template: after rereading the applications, uxterm > > was added and is also showing up when i start it from the menu > > this lead me to the assumption that building went in general fine and > > something else is broken > > > > .xsession-error log shows no errors expect for some scaling issues > > but mainly after an "qvm-run -a centos-7-minimal xterm" > > > > i see > > " > > centos-7-minimal: Starting GUI > > centos-7-minimal: Sending monitor layout > > " > > > > help for debbuging this and pointing me into the right direction is greatly > > appreciated ;) > > > > run qvm-run with -p flag, and you may see something useful. > > Or qvm-start centos-7-minimal, and then attach to console using > 'sudo xl console centos-7-minimal' - log in as root,' su - user', and then > start running commands and checking output and logs. > > unman thanks for the hint attaching to the consolelogin as root needs a password and i didnt set yet any... i could mount the root fs and chroot into it to set one but did i forgott something when building these templates? any recommended procedure to set one? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/90759f6b-2367-476f-8394-534678c7d751%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installation freezes at storaged.x86_x64
Check the integrity of the QubesOS installation ISO, it could be corrupted. If it's OK try writing it again to your USB disk. Original Message On Dec 3, 2018, 12:24 PM, OV_Ly wrote: > Hello everyone. > > I am trying to install Qubes, but everytime it stops on "storaged.x84_x64 > (748/1018)" I can move mouse, but thats all. > > I am booting in Legacy from USB disk. Installing to another usb disk (i want > to test Qubes before i overwrite my entirely system.) > > I have HP Pavilion Power 17 ab301-nc. > 8 GB ram DDR4 > i5 7.gen > nVidia GTX 1050 > > Previously i've got problems with nVivida drivers (Tails, Kali), so i've > tried Nvidia troubleshooting, but i am not shure if it's the problem. > > Can u help me? > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/1ee50756-76f3-405a-9b16-709a80a5b3b0%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8s-jkmg2hEbJHihlajccvODV3aTsYiXnZWhaYM2bAuiWPLZSfwEi9UOxMV5eC-QyMnNJe5AsBfYsKtwrmkZkXg%3D%3D%40fidelramos.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] bind-dirs qubes 4.0
On Sun, Dec 02, 2018 at 07:07:28AM -0800, Roy Bernat wrote: > Hi > > > I use this article to create bind-dirs > > i created this file 50_user.conf under /rw/config/qubes-bind-dirs.d > > with the following > > > binds+=( '/var/lib/docker' ) > binds+=( '/etc/docker' ) > > > for testing i created a folder inside /var/lib/docker called test and after > > reboot the folder removed . > > what is the mistake ? > > 10x all > Roy > No mistake - you need to reboot and then create the folder. If you look in the "How does it work?" section, you'll see this explained. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181203130110.tbe75mcm76igbcjh%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to create AppVM?
On Mon, Dec 03, 2018 at 02:34:37AM +, js...@bitmessage.ch wrote: > seshu: > > Hi, I'm really excited that i got 4.0.1 RC installed on my desktop. I'm a > > first time Qubes user, but have quickly come up to speed. > > > > One thing I haven't noticed in the Docs is how to create an appVM? I want > > to setup Google Chrome to play Netflix. But, do that in a separate appVM. > > Similarily for email, etc. Is their documentation on this and I'm just > > missing it? > > > > Thanks in advance for the help! > > > > It's really cool to be using Qubes! > > Hi, > > There are a couple ways to do it. In qubes manager there should be a button > at the top with a plus sign. Or select in the menu VM -> create new VM. At > least this is true in 3.2. I know qubes manager is different in 4.0 so maybe > these options have been changed or removed? > > Anyways you can also do it on command line with qvm-create. > > -- > Jackie > In 4.0 you can also use qvm-create at command line. Qube manager is available under Menu-SystemTools, and has the same button, or an entry under 'Qube-Create new qube' menu There is also 'Menu-SystemTools-Create Qubes VM' Strangely, this isn't explicit in the docs. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181203124431.w5e6xc2ec3ed366x%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Decrypting and mounting a partition while qube starts
On Sun, Dec 02, 2018 at 10:31:18AM -0800, mike wrote: > Hi All, > > For one of my qubes I need a specific partition to be mounted during its > start. > I want it automatically attached to the qube and decrypted and mounted during > its boot. > The first task (attaching) is quite easy, although I am not sure how to do > "cryptsetup open" it during boot. > > Also, what would be easier solution: to decrypt the partition in dom0 and > attach the decrypted partition to the qube, or to attach encrypted partition > and decrypt in the qube? > Any idea how I can handle it in the most seamless way? > > > Thanks! > Mike > I would decrypt in dom0 and attach decrypted to qubes. You can script this in dom0 as part of startup process - if you are content with dom0 encryption you can store the password, rather than enter it each time. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181203124035.5pw3erkvq2it37hk%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fresh qubes-builder minimal templates = Terminal not starting
On Sat, Dec 01, 2018 at 12:56:07PM -0800, n1ete wrote: > i created today 3 minimal templates for qubes. > centos-7, f29 and an debian stretch one... > > they all appear to start fine but the xterm window doesnt show up on all of > them. > my first instant thought that something at the builder script went > wrongeven after reread template applications nothing changed... > > except on the stretch template: after rereading the applications, uxterm was > added and is also showing up when i start it from the menu > this lead me to the assumption that building went in general fine and > something else is broken > > .xsession-error log shows no errors expect for some scaling issues > but mainly after an "qvm-run -a centos-7-minimal xterm" > > i see > " > centos-7-minimal: Starting GUI > centos-7-minimal: Sending monitor layout > " > > help for debbuging this and pointing me into the right direction is greatly > appreciated ;) > run qvm-run with -p flag, and you may see something useful. Or qvm-start centos-7-minimal, and then attach to console using 'sudo xl console centos-7-minimal' - log in as root,' su - user', and then start running commands and checking output and logs. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181203123537.gqtv5eu5qb5avd7z%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VM doesn't display graphics, even when booted from an ISO file
On Mon, Nov 26, 2018 at 02:35:48AM +, AJ Jordan wrote: > Hi, > > I have a StandaloneVM which won't display graphics no matter what I try. I > even tried booting from a grml ISO file, which doesn't make anything show up > in the GUI. I tried this with debug mode on and off. > > Also, in dom0, any invocation of qvm-run when targetting this VM just hangs. > > Any idea where I can start debugging? I'm kind of at a loss since I can't > even boot a recovery environment. I'm on Qubes R4.0. I grepped for the VM > name in /var/log/qubes, but didn't see anything out of the ordinary. > > Thanks, > > AJ > How did you create the Standalone, and what is it running? What do you have under qvm-prefs? When you boot from grml do you see any output at all? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181203123004.hdeoypee3i7oaeur%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Installation freezes at storaged.x86_x64
Hello everyone. I am trying to install Qubes, but everytime it stops on "storaged.x84_x64 (748/1018)" I can move mouse, but thats all. I am booting in Legacy from USB disk. Installing to another usb disk (i want to test Qubes before i overwrite my entirely system.) I have HP Pavilion Power 17 ab301-nc. 8 GB ram DDR4 i5 7.gen nVidia GTX 1050 Previously i've got problems with nVivida drivers (Tails, Kali), so i've tried Nvidia troubleshooting, but i am not shure if it's the problem. Can u help me? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ee50756-76f3-405a-9b16-709a80a5b3b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
