Re: [qubes-users] Build USB install with kernel 5+

['Max Andersen' via qubes-users]

Just want to mention the system(firmware, etc.) is brand new, so many
issues might be lack of support.

On 4/14/20 1:28 AM, 'awokd' via qubes-users wrote:
> 'Max Andersen' via qubes-users:
>
>> I can actually put in an older wireless usb in the machine, and it sees it 
>> with lsusb in dom0, but I Dont know how To enable it in vm
> In dom0, use qvm-usb to try to attach that device to sys-net. Some USB
> devices don't passthrough very well, though.

qvm-usb shows no output:

[max@dom0 ~]$ qvm-usb
BACKEND:DEVID  DESCRIPTION  USED BY
[max@dom0 ~]$ lsusb
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 006: ID 0bda:8179 Realtek Semiconductor Corp. RTL8188EUS
802.11n Wireless Network Adapter
Bus 001 Device 005: ID 046d:c52f Logitech, Inc. Unifying Receiver
Bus 001 Device 004: ID 046d:c318 Logitech, Inc. Illuminated Keyboard
Bus 001 Device 002: ID 05e3:0608 Genesys Logic, Inc. Hub
Bus 001 Device 003: ID 8087:0026 Intel Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
[max@dom0 ~]$

>> Tried qvm-pci
>>
>> It showed usb controller on that?
>>
>> When runming qvm-pci a sys-net-clone-1 dom0:00_14.0 it failed with got empty 
>> response from qubesd and hung
> You might be trying to attach the USB controller itself to
> sys-net-clone-1. This can work, if you're sure nothing else is on it
> (like your keyboard & mouse). Many systems only have one controller
> though, so try USB passthrough first.


That was probably what I did and it failed :).

Sincerely

Max


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1f5bbea-d78a-80a7-fd58-bc3349efbf64%40militant.dk.

[qubes-users] Re: HCL - Intel NUC10i7FNK

[Günter Zöchbauer]

I tried the predecessor NUC8i7 and it made a lot of noise every time it had 
to do more than showing the plain desktop.

I'm back to a proper desktop PC where fans only start getting noisy when a 
job runs on multiple cores full load for several minutes.

On Monday, April 13, 2020 at 8:07:16 PM UTC+2, Max Andersen wrote:
>
> Hi everyone,
>
> NUC's are promising. 64GB memory with 1TB NVMe is acceptable for a Qubes 
> installation and takes up zero space.
>
> Got 800x600 with the 4.19 kernel. no wifi. Upgraded kernel to 5.5.13-1 and 
> got my 4K monitor working. no wifi. wifi device flapping for a few minutes, 
> then stop. Hoping for some upgrades at some point.
>
> Runs current-testing repo.
>
> Sincerely
>
> Max
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67e76ffd-7ef6-473e-8d2c-cf8b1232beeb%40googlegroups.com.

Re: [qubes-users] Which version of Xen does Qubes uses? Shouldn't it support OVMF already (HVM EFI boot)?

[Guerlan]

On Monday, April 13, 2020 at 8:13:18 PM UTC-3, awokd wrote:
>
> Guerlan: 
>
> > Can you tell me more about what is QEMU/stubdomain? Do you know of any 
> > reasons for them to not compile xen with efi boot support? 
>
> I meant to say libvirt (https://wiki.xen.org/wiki/Libvirt) more than 
> QEMU. Qubes uses libvirt calls to interact with Xen. Sometimes Xen 
> specific functionality (possibly OVMF as an example) aren't coded into 
> libvirt, so Qubes can't use that functionality without direct Xen calls. 
> I think they try to avoid those, in general. On top of that, the Qubes 
> utilities may not surface the option, even if it's available in Libvirt. 
> Different hard drive controllers are an example. It can be added, but 
> would take a programmer to add it to the layers. 
>
> -- 
> - don't top post 
> Mailing list etiquette: 
> - trim quoted reply to only relevant portions 
> - when possible, copy and paste text instead of screenshots 
>


Please take a look at: https://github.com/QubesOS/qubes-issues/issues/5767

I asked and somebody said there's support.

I activated it, it almost worked.

On Windows it booted to the Windows logo and then stayed that way forever 
(with high CPU usage)

On Linux it passed the "try ubuntu without installing" but then halted

If you know how to debug that, it'd be great

I'm trying to understand all of this out of curiosity but maybe I can make 
it work, who knows

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59f51d2e-af11-4753-a7e4-ec70447e4689%40googlegroups.com.

[qubes-users] What do these Dom0 messages mean?

[Ulrich Windl]

Hi!

I'm watching Dom0 journal messages, and I'm wondering about some of 
those (marked with ### blocks):


...during initializing the AMD graphics card...
Feb 12 22:25:14 dom0 kernel: [drm] VCE enabled in VM mode
###
Feb 12 22:25:14 dom0 kernel: resource sanity check: requesting [mem 
0x000c-0x000d], which spans more than PCI Bus :00 [mem 
0x000dc000-0x000d window]
Feb 12 22:25:14 dom0 kernel: caller pci_map_rom+0x6a/0x1d0 mapping 
multiple BARs

###
Feb 12 22:25:14 dom0 kernel: amdgpu :01:00.0: No more image in the 
PCI ROM

Feb 12 22:25:14 dom0 kernel: ATOM BIOS: 113-TIC33062-001
Feb 12 22:25:14 dom0 kernel: [drm] vm size is 64 GB, 2 levels, block 
size is 10-bit, fragment size is 9-bit
Feb 12 22:25:14 dom0 kernel: amdgpu :01:00.0: VRAM: 4096M 
0x00F4 - 0x00F4 (4096M used)
Feb 12 22:25:14 dom0 kernel: amdgpu :01:00.0: GART: 256M 
0x - 0x0FFF

Feb 12 22:25:14 dom0 kernel: [drm] Detected VRAM RAM=4096M, BAR=256M
Feb 12 22:25:14 dom0 kernel: [drm] RAM width 128bits GDDR5
Feb 12 22:25:14 dom0 kernel: [TTM] Zone  kernel: Available graphics 
memory: 2009316 kiB

...
Feb 12 22:25:15 dom0 kernel: amdgpu: [powerplay] Failed to retrieve 
minimum clocks.

...

...initializing firewire...
Feb 12 22:25:14 dom0 kernel: firewire_ohci :05:02.0: added OHCI 
v1.10 device as card 0, 4 IR + 8 IT contexts, quirks 0x41
Feb 12 22:25:14 dom0 kernel: firewire_ohci :05:02.0: DMA context 
ARReq has stopped, error code: evt_unknown
Feb 12 22:25:14 dom0 kernel: firewire_ohci :05:02.0: DMA context 
ARReq has stopped, error code: evt_unknown
Feb 12 22:25:14 dom0 kernel: firewire_ohci :05:02.0: DMA context 
ARRsp has stopped, error code: evt_unknown
Feb 12 22:25:14 dom0 kernel: firewire_ohci :05:02.0: bad self ID 0/1 
( != ~)

...

...
Apr 13 19:38:34 dom0 kernel: pciback :03:00.0: Driver tried to write 
to a read-only configuration space field at offset 0xb2, size 2. This 
may be harmless, but i

 1) see permissive attribute in sysfs
 2) report problems to the xen-devel 
mailing list along with details of your device obtained from lspci.

...

Why are those messages repeating so fast?
...
Apr 13 19:48:07 dom0 qrexec[9736]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:08 dom0 qrexec[9738]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:09 dom0 qrexec[9740]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:10 dom0 qrexec[9742]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:10 dom0 qrexec[9743]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:10 dom0 qrexec[9744]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:10 dom0 qrexec[9748]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:11 dom0 qrexec[9751]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:11 dom0 qrexec[9750]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:11 dom0 qrexec[9754]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net
Apr 13 19:48:11 dom0 qrexec[9756]: qubes.UpdatesProxy: fedora-30 -> : 
allowed to sys-net

...

...
Apr 13 20:10:31 dom0 qrexec[16588]: whonix.SdwdateStatus: sys-whonix -> 
whonix-ws-15-dvm: allowed to whonix-ws-15-dvm
Apr 13 20:10:32 dom0 run-parts[16593]: (/etc/cron.daily) finished 
qubes-dom0-updates.cron
Apr 13 20:10:32 dom0 anacron[15604]: Job `cron.daily' terminated 
(mailing output)
Apr 13 20:10:32 dom0 anacron[15604]: Can't find sendmail at 
/usr/sbin/sendmail, not mailing output

...

What is that about?

...
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S3 disabled
Apr 13 20:34:35 dom0 libvirtd[4941]: S4 disabled
Apr 13 20:34:35 dom0 systemd[1]: Stopped Virtualization daemon.
...

Regards,
Ulrich

--
You received this message because 

Re: [qubes-users] can't open anything in standalone vm ?

['awokd' via qubes-users]

Stumpy:

> oops. only relied to awokd (sorry).
> repost:
> 
> 
> Thanks,
> gave it a try and either i am misunderstanding the command or something
> else?
> 
> [sam@dom0 ~]$ sudo xl console miffed
> miffed is an invalid domain identifier (rc=-6)
> 
No problem; did you see my reply? Miffed has to be powered on first.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/264338e3-29e7-a89d-aaf1-f97cbc1670de%40danwin1210.me.

Re: [qubes-users] Build USB install with kernel 5+

['awokd' via qubes-users]

'Max Andersen' via qubes-users:

> I can actually put in an older wireless usb in the machine, and it sees it 
> with lsusb in dom0, but I Dont know how To enable it in vm

In dom0, use qvm-usb to try to attach that device to sys-net. Some USB
devices don't passthrough very well, though.

> Tried qvm-pci
> 
> It showed usb controller on that?
> 
> When runming qvm-pci a sys-net-clone-1 dom0:00_14.0 it failed with got empty 
> response from qubesd and hung

You might be trying to attach the USB controller itself to
sys-net-clone-1. This can work, if you're sure nothing else is on it
(like your keyboard & mouse). Many systems only have one controller
though, so try USB passthrough first.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98b80349-4b57-ee17-ba72-87af296f55fc%40danwin1210.me.

Re: [qubes-users] Audio Intel PCH card 0 disappeared in DOM0

['awokd' via qubes-users]

facethefrag:
> Hello 
> (and sorry for previous post as an answer and not new thread...)
> 
> I'm using Ques OS since 4 months and have an audio issue in DOM0 since last 
> Wednesday (04/08/2020), and I'm unable to fix it...
> 
> Any help or advise will be welcome !
>   
> Issue Explanation:
> 
> Intel PCH Audio card 0 is no more present in pulseaudio GUI, only the 
> NVIDIA HDMI audio card 1 is present.
> Although hardware is OK (verified with my previous debian hard drive today).

Possibly try an older kernel in dom0? See
https://www.qubes-os.org/doc/software-update-dom0/#changing-default-kernel
if needed.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f4c552f1-1564-8437-ce1a-49b12a83ee62%40danwin1210.me.

Re: [qubes-users] Where can I find the .cfg file for my VMs in qubes?

['awokd' via qubes-users]

Guerlan:
> I found
> 
> /var/lib/qubes/appvms
> 
> has folders for each VM, but inside each folder there's only firewall.xml 
> and icon.png
> 
> where can I find the .cfg file that xen uses? And how can I start these VMs 
> using this .cfg? I want to do some xen tests
> 
You were close. All VM definitions are in /var/lib/qubes/qubes.xml. See
https://github.com/Qubes-Community/Contents/blob/master/docs/misc/iaq.adoc#what-is-the-process-flow-when-starting-an-appvm-under-qubes-r4-x
for the full process. Make sure to make a copy of that qubes.xml and be
careful if you want to try editing it directly. Test stopping and
starting sys-net & sys-firewall before rebooting if you do.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2455c374-2971-fe42-cd33-3d6c5c7fb0dc%40danwin1210.me.

Re: [qubes-users] Which version of Xen does Qubes uses? Shouldn't it support OVMF already (HVM EFI boot)?

['awokd' via qubes-users]

Guerlan:

> Can you tell me more about what is QEMU/stubdomain? Do you know of any 
> reasons for them to not compile xen with efi boot support?

I meant to say libvirt (https://wiki.xen.org/wiki/Libvirt) more than
QEMU. Qubes uses libvirt calls to interact with Xen. Sometimes Xen
specific functionality (possibly OVMF as an example) aren't coded into
libvirt, so Qubes can't use that functionality without direct Xen calls.
I think they try to avoid those, in general. On top of that, the Qubes
utilities may not surface the option, even if it's available in Libvirt.
Different hard drive controllers are an example. It can be added, but
would take a programmer to add it to the layers.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ccb9dea-6774-0c2d-742a-1ea8878aa384%40danwin1210.me.

Re: [qubes-users] Is a StandaloneVM equally secure as a AppVM that is created on it's own TemplateVM, and what is the difference between a StandaloneVM and a AppVM ?

[Chris Laprise]

On 4/12/20 5:22 PM, Dan Krol wrote:

 > Standalone VMs are good in rare cases when you need to experiment with
 > an app or configuration that might conflict with a template.

Personally, so far I've used it when I want to install something that's 
not in the Debian/Fedora repository (which half the time just means dev 
tools and dependencies). I recently reduced my need there considerably 
with Flatpak user-level installation, but not entirely.


Is there a better way to achieve the same? bind-dirs for normal OS 
packages seems complicated and sort of defeats the purpose of the 
security benefit you just described. Perhaps I ought to clone Debian 10 
Template, install what I want, and then make an AppVM based on that?


That's reasonable and I think its what Qubes users do in most situations.

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/36db92af-39fc-6a55-d617-caf010fbe736%40posteo.net.

[qubes-users] HCL - Intel NUC10i7FNK

['Max Andersen' via qubes-users]

Hi everyone,

NUC's are promising. 64GB memory with 1TB NVMe is acceptable for a Qubes
installation and takes up zero space.

Got 800x600 with the 4.19 kernel. no wifi. Upgraded kernel to 5.5.13-1
and got my 4K monitor working. no wifi. wifi device flapping for a few
minutes, then stop. Hoping for some upgrades at some point.

Runs current-testing repo.

Sincerely

Max

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dad871c9-9572-c0db-ce64-1e7b3c0345ae%40militant.dk.


Qubes-HCL-Intel_R__Client_Systems-NUC10i7FNK-20200413-194233.cpio.gz
Description: application/gzip


Qubes-HCL-Intel_R__Client_Systems-NUC10i7FNK-20200413-194233.yml
Description: application/yaml

Re: [qubes-users] Nvidia Geforce GTX 1660TI (1650)

[Frédéric Pierret]

Hi,
There is recent work done at kernel for making HDMI in NVIDIA laptops working. 
Currently, the patches are not merged into 5.6 or LTS 5.4. For example, Fedora 
has backported those patches for 5.6: 
https://src.fedoraproject.org/rpms/kernel/c/c242538da102e54acc0378e3322262058ba5a8de?branch=master

I had also a lot troubles with NVIDIA on laptops. So few days ago I decided to 
backport those upstream patches for Qubes and the result is excellent. I 
finally got HDMI working on problematic laptops.

Currently it's not merged into Qubes but soon. I tested the backport for LTS 
5.4 https://github.com/fepitre/qubes-linux-kernel/commits/v5.4.31-backport and 
5.6 https://github.com/fepitre/qubes-linux-kernel/commits/kernel-5.6-backport

The two branches are on top of current PR for Qubes linux-kernel component. So 
you can build them if you want. If you don't, the two kernels for Qubes 4.1 are 
available on my mirror:
- LTS 5.4: 
https://mirror.notset.fr/qubes/repo/notset/yum/r4.1/unstable/dom0/fc31/rpm/kernel-5.4.31-1.qubes.x86_64.rpm
- Latest: 
https://mirror.notset.fr/qubes/repo/notset/yum/r4.1/unstable/dom0/fc31/rpm/kernel-latest-5.6.3-1.qubes.x86_64.rpm

You can check the signature of the packages with 
https://mirror.notset.fr/qubes/repo/notset/RPM-GPG-KEY-notset

Best,
Frédéric

On 2020-04-13 11:58, user74...@disroot.org wrote:
> Hello,
> 
> 
> does anyone a Geforce GTX 1660 or similar working with qubes 4.0 or 4.1?
> I've already tried to compile the nvidia driver, which is working if i boot 
> qubes without xen.
> But nvidia driver and also the nouveau driver are not working for now.
> I get the device is not supported in Xorg.log.
> 
> 
> Please give me some hints how i can get it work.
> My problem is, that my laptop requires the nvidia card used to get the hdmi 
> port working :-(.
> 
> 
> Thanks
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9b84e87-e8e0-2246-b281-9b3286e10832%40qubes-os.org.

[qubes-users] Nvidia Geforce GTX 1660TI (1650)

[user74293]

Hello,


does anyone a Geforce GTX 1660 or similar working with qubes 4.0 or 4.1?
I've already tried to compile the nvidia driver, which is working if i boot 
qubes without xen.
But nvidia driver and also the nouveau driver are not working for now.
I get the device is not supported in Xorg.log.


Please give me some hints how i can get it work.
My problem is, that my laptop requires the nvidia card used to get the hdmi 
port working :-(.


Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0802615852861e2113cd8882ea372bad%40disroot.org.

[qubes-users] Docker and Fedora 31

[Frédéric Pierret]

Hi all,

For those who are using docker and also gave a chance to Fedora 31 testing 
template, you may know that there is a "Cgroups Exception" for Fedora 31. 
According to the official page https://docs.docker.com/engine/install/fedora/, 
they suggest to:

"""
For Fedora 31 and higher, you need to enable the backward compatibility for 
Cgroups.

$ sudo grubby --update-kernel=ALL 
--args="systemd.unified_cgroup_hierarchy=0"

"""

That does not really fit Qubes. Globally, it's a matter of adding a kernel 
options to your VM where you run your dockers. Assming this VM is called 
'work-docker', in dom0:

1) Check your VM kernel opts:

qvm-prefs work-docker kernelopts

For me, it was only 'nopat'

2) Add the docker suggested option and your already present kernelopts:

qvm-prefs --set work-docker kernelopts 'nopat 
systemd.unified_cgroup_hierarchy=0'

That's all. You can continue to use your dockers in your Fedora 31 AppVM.

Another useful trick thanks to Qubes, is to use 'bind-dirs' 
(https://www.qubes-os.org/doc/bind-dirs/) for '/var/lib/docker'. It allows you 
to not modify default dockers location or symlink or copy paste at early boot 
or whatever.

Best,
Frédéric

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f29726a0-610b-e1c5-0d56-470737a53536%40qubes-os.org.

[qubes-users] anyone can help debugging hidden EFI HVM boot option on Qubes?

[Guerlan]

I'm on a quest to make macOS run under Qubes. This repo: 
https://github.com/foxlet/macOS-Simple-KVM does this for KVM with minimal 
effort, using a python tool that downloads a macOS base image through 
python directly from apple servers. This base image is responsible for 
downloading and installing the rest of the macOS. Anyone can do it!

This post 
 
is the only one I found that teaches how to install macOS on Qubes, but 
it's for Qubes 3, requires too much effort, and we have to trust someone's 
else macOS image. The main problems he addresses to install Qubes are:

   - 
   
   Qubes 3 didn't have support for EFI boot (macOS only boots through EFI 
   now), so he does a hack that allows him to boot through USB in legacy mode.
   - 
   
   Xen had some bugs while running macOS, 2 patches were added
   - 
   
   There are some incompatibility problems with qemu-xen and qemu upstream 
   had to be used on some parts
   - 
   
   Some kexts are needed
   
Well, turns out Qubes now has support for EFI boot on HVM mode, as a 
developer told me here: 
https://github.com/QubesOS/qubes-issues/issues/5767#issuecomment-612551107

I enabled it and tried to boot Windows 10 and Ubuntu 18.

Windows 10 kinda boots: the Windows logo appears, but then the CPU gets 
high (like 90%) all the time and nothing more hapens.

Ubuntu 18 also kinda boots: I can select the "try ubuntu without 
installation", but after that, the VM halts.

I think that if we can solve this EFI boot problem, we can easily put the 
qcow2 image generated from the macOS-Simple-KVM repository to run under 
Qubes. They already have the kexts needed for Qemu, and we can try to make 
those 2 macOS xen patches land on Qubes Xen tree, or check if they didn't 
already land.

I'm learning about OVMF  in order to 
debug what happens when we try to boot into HVM EFI mode. Anyone have 
knowledge about this? If it boots but hangs or halts, then could it be that 
OVMF is working but something in Xen is broken?

I'm also reading Qemu source code. I can pass what I learned so far, and we 
can try to understand it better.


Please fell free to call me on github or comment things here about OVMF, 
Xen, Qemu, etc.

I have a macOS running under KVM rigth now on my other computer but I 
really wanted it to run Qubes. So why not try and learn a lot in the 
process?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c33c835-e566-4471-88b4-7110c8b47ee7%40googlegroups.com.