Re: [qubes-users] No wired internet (Intel I219-LM) on new 4.1 install

2022-05-24 Thread Sven Semmler 

On 5/24/22 08:36, M wrote:

sys-firewall - limit traffic to * on TCP port 443.
I tried ping google from sys-net and sys-firewall terminal.
From sys-net domain+ip went through, sys-firewall only ip.


* ping uses ICMP which the firewall will always let through unless you use 
qvm-firewall
* DNS queries are routed by Qubes OS to the netvm, which is in your case 
sys-firewall
* once you allow UDP port 53 in the firewall settings in sys-firewall DNS 
should work


Updates are also not working.


Well, they need DNS. ;-) ... and also Fedora will try to contact some HTTP URLs

If you don't want to allow HTTP in sys-firewall, you can

1. clone it to sys-update
2. set sys-update as updatevm and in the policy for updates
3. allow HTTP for sys-update
4. set "provides networking" to false for sys-update

That means sys-update will be used as update proxy but no other qube can use it 
as network (netvm).

/Sven

--
 public key: https://www.svensemmler.org/2A632C537D744BC7.asc
fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbe90e79-6db5-544a-e990-53233d641193%40SvenSemmler.org.


OpenPGP_signature
Description: OpenPGP digital signature

[qubes-users] Failing Salt code: out of ideas and wrong error

2022-05-24 Thread 'Johannes Graumann' via qubes-users 
Can any one point me to why the following fails? I have been banging my
head against this for a while ...

--- SNIP ---
create bind dirs config file:
  file.managed:
- name: /rw/config/qubes-bind-dirs.d/50_user.conf
- makedirs: True
- mode: 644
- dir_mode: 755

{% set binddirs = ['/usr/local'] %}

{% for binddir in binddirs %}
  configure '{{ binddir }}' to be persistent:
file.replace:
  - name: /rw/config/qubes-bind-dirs.d/50_user.conf
  - pattern: "^binds+=( '{{ binddir }}' )$"
  - repl: "binds+=( '{{ binddir }}' )"
  - append_if_not_found: True
{% endfor %}
--- SNIP ---

The corresponding error ("State 'create bind dirs config file' in SLS
'custom_dom0.sys-vpn-mpihlr_assert_vpn_setup' is not formed as a list")
is a complete red herring, as the so called first part by itself works
just fine and only fails when I add the latter (jinja) part ...

How do I properly deal with the single quotes in `pattern` and `repl`?

Thanks for any pointers.

Sincerely, Joh


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb5ea5103d373739332790182caa3cec24049cdf.camel%40graumannschaft.org.

Re: [qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?

2022-05-24 Thread Demi Marie Obenour 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, May 24, 2022 at 10:37:18AM +0200, Qubes OS Users Mailing List wrote:
> https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable
> states:
> >  To do this [make a particular application open everything in a 
> > disposable VM], enable a service named app-dispvm.X in that qube, 
> > where X is the application ID.
> 
> and invokes `app-dispvm.thunderbird` as an example.
> 
> How would you do that for an application installes and run through
> flatpak?

Flatpak-installed applications still have an application ID, which is
what gets passed to qubes.StartApp to launch the application.

- -- 
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKNCU4ACgkQsoi1X/+c
IsEMuA//VFfRexOsdHC7jd1eb7tZOCsBgeXlX6e/jU84XDvwCETveFUWrP0jRjva
cZshRg3AilVXQVuLfLQMyqTP2w5izlsXQByFdTo5/V3vWiHIvO1ohl+Ugrkg7sZc
albGEfGnOoNheGjGhdCWX4XLmteR79DR8tyjhTyP3hc6KvHAKmrT4ighPFVI+hRn
6XZbP5BWQOZ1QSva9wwa6bXJh2/7ZujsNrMOR5V+vLXa/wEc/Xwx4Hwv83UljD8E
BkccHrp3nfEuorV9PTiBVavVKHZfaPbZu1wxkA9ws2Hh0Akse1PyRtABk1TJAQgT
2hZwHs0mbjstrgTjSb8SgG/oXwkyIxubLljBcRpbU1XRSmOZzr8QbGd3Mh3JU2xx
mDZs7i1qTM+Vbb4SyTMfN8gKtv9TyREOGdKNP247g3SxzRUw4u/ZJ2OthUH1+vwC
4o8ohCSfVgvMBcM3BhQN7i3jr0wD38KCdJHSL6OkxVdPn7H2DWZorhfm6Ov14qr7
UKX1/tErPMbv6GTlwBjVHx9X1WSkCrzWOZNxssXs6e4OoDA+LF8PJuLFiIMT89as
DAu/PKwD0cyBPM+91weSRgp3XgI8gETPLTAxRC9WwIBpPBjQ3Yf/H6mHWkH76rBU
+BLIE5mOwBCqawxb4azFF0Ww0fgd8NXzZ3TISK2H86hdTPFxheM=
=1FBd
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Yo0JTb%2Bzm3cYGmtI%40itl-email.

[qubes-users] No wired internet (Intel I219-LM) on new 4.1 install

2022-05-24 Thread M 
Everything is default with the exception of:

1. devices in sys-net is only with ethernet one. The other one, which was 
listed as unknown (guess wifi, disabled from bios) was removed.
2. sys-firewall - limit traffic to * on TCP port 443.
3. Disabled TOR. It said that I will not have internet (don’t know if it is 
connected, or mean only for whonix VMs)

The internet icon does not have an X.

I tried ping google from sys-net and sys-firewall terminal.

>From sys-net domain+ip went through, sys-firewall only ip.

Updates are also not working.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8661d76-b087-4e03-86c4-9f64c57f69c7n%40googlegroups.com.

[qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?

2022-05-24 Thread 'Johannes Graumann' via qubes-users 
https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable
states:
>  To do this [make a particular application open everything in a 
> disposable VM], enable a service named app-dispvm.X in that qube, 
> where X is the application ID.

and invokes `app-dispvm.thunderbird` as an example.

How would you do that for an application installes and run through
flatpak?

Thanks for any pointers.

Sincerely, Joh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a5cb7e4937d4dc24f095a9fa263c773e8f0e447.camel%40graumannschaft.org.