[qubes-users] Re: Security benefits of rootless template VMs
On Friday, July 10, 2020 at 4:18:30 AM UTC-4, Alex Lu wrote: > > Is having like 5 templateVMs 4 of which have no root is better than having > 1 templateVM > which have root and in charge of every appVM? > There is one potential disadvantage to this setup: Will you actually bother to keep all those templates updated? Especially if some of them have no root, some have sudo prompts, and some have sudo access without prompts, it starts to become a real pain. You have to keep in mind the human cost to managing this kind of complexity, even with nice new tools like Qubes Update. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6123a05b-8a8a-44a5-aad7-79d8c07fdd0do%40googlegroups.com.
[qubes-users] Re: No Suspend/Resume on Dell Latitude 7400 (i5-8365U) with 4.0.2rc3
On Sunday, January 5, 2020 at 9:49:42 PM UTC-5, Guerlan wrote: > can you tell me how you figured this out? I've been trying to fix a > suspend bug in mine and It'd be helpful to know how you debugged things > Mostly trial and error, trying all the things listed above. Two little tricks to use: 1. Look at the end of journalctl right before it tries to suspend. This is where I saw that it was going into s2idle, which then brought me to this thread: https://groups.google.com/forum/#!msg/qubes-users/TmGDlkluJgM/1BFsQZWNDAAJ;context-place=forum/qubes-users This Dell did not have the lack of S3 that the new Thinkpads have, but it did still try to use s2idle. 2. Run speaker-test in dom0 before suspending, if you hear sound on resume then it's some sort of a screen problem. What hardware do you have? If it's corebooted you might want to check out this thread: https://groups.google.com/forum/#!msg/qubes-users/bHJJhK4HtIw/ieQkoJePCgAJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6723332-968f-45e1-a376-40cb7cc801c8%40googlegroups.com.
[qubes-users] Re: No Suspend/Resume on Dell Latitude 7400 (i5-8365U) with 4.0.2rc3
The suspending problem was s2idle. Adding mem_sleep_default=deep to the kernel= line of /boot/efi/EFI/qubes/xen.cfg fixes the suspend problem. Installing kernel-latest (5.3.11-1) fixes the last two problems with completing shutdown and with a lack of a bootsplash. I'll post an HCL in a moment. Everything now works flawlessly. Daniel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72e1f835-0a5c-42ff-83df-4ae23d884775%40googlegroups.com.
[qubes-users] No Suspend/Resume on Dell Latitude 7400 (i5-8365U) with 4.0.2rc3
Hi, I have a Dell Latitude 7400 (Core i5-8365U "Whiskey Lake"). I installed Qubes 4.0.2rc3, and everything seems to mostly work except it won't resume from suspend. The screen stays totally black, and I have to hold the power button to manually restart it. I've tried the following: 1. Shutdown sys-net before suspending. 2. Shutdown sys-usb before suspending. 3. Disable TPM in the BIOS (Inspired by https://github.com/QubesOS/qubes-issues/issues/3705) 4. Disable Thunderbolt in the BIOS 5. Use kernel-latest None of this works. It's quite similar to what's described here, but this machine is not corebooted: https://groups.google.com/forum/#!topic/qubes-users/bHJJhK4HtIw There it's suggested that I should remove a check in xen and recompile, but I'll try that as a last resort. Any other ideas? Doubt it's connected, but two other things I noticed: First, Qubes won't actually shutdown the computer, even after shutting down I always have to use the power button. But I've had this problem with other laptops. Second, there's no bootsplash for the encrypted HD. Best, Daniel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/feae97de-047b-41d9-8a50-91118cc548fd%40googlegroups.com.
Re: Enigmial and Splig GPG2 (previously Re: [qubes-users] Upgrading from Split GPG1 to Split GPG2?)
On Wednesday, November 16, 2016 at 10:21:33 PM UTC-5, george wrote: > Yes. I get the same issue too. I can read the message, but I can't write, and > I'm also in Debian-8 VM on Qubes 3.2, with Enigmail and Thunderbird. I can > READ messages, but I can't send them, nor verify/encrypt/sign them. I'm not > sure what to do with this... Hi, What template are you using for the gpg VM? As far as I can tell, gpg2 always requires access to gpg-agent, even if your keys have no passphrase. I realized this was the problem when running "echo test | gpg2 -v --clearsign" in a terminal in the gpg VM always failed. Switching from a modified fedora23-minimal to a full fedora23 template solved the problem for me. If you're also using a debian-8 template for the gpg VM, it might be missing the same thing that fedora23-minimal was missing. (Which I never figured out because I needed to get enigmail working.) Best, Daniel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ab6f74d-ab14-44f9-a4c8-d9494c17e6e7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] /rw/config/rc.local on debian-8
On Thursday, November 17, 2016 at 9:54:09 AM UTC-5, Vincent Elliott wrote: > Just adding my 2 cents to this conversation... > > The file "/rw/config/rc.local" does not consistently execute on Debian-8 and > I find that the VM has to be restarted (sometimes multiple times) for it to > take effect. The file is executable and all I am trying to do is allow > traffic from some other VM(s) as per the instructions in > https://www.qubes-os.org/doc/firewall/. > > How can I ensure that the script executes reliably? Debian machines sometimes have a problem with loading rc.local a little too quickly. Putting "sleep 1" or "sleep 5" before loading your firewall rules should make it reliable. (see further http://askubuntu.com/a/556563) Daniel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/43c9b01d-9eb8-4804-aa9a-c486397a6891%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fresh R3.2 install, no /etc/default/grub
Hi, I just completed a fresh R3.2 install on a Lenovo X1 Carbon 3rd generation (20BSCT01WW). Thanks to all the devs for their amazing work on this release. So far as I can tell, everything works out of the box. (One of my favorite features is the ease of implementing VM-by-VM VPNs.) I want to enable TRIM for the SSD, following https://www.qubes-os.org/doc/disk-trim/. However, there is no /etc/default/grub in dom0. I realized that grub2-tools is supposed to provide /etc/default/grub and grub2-mkconfig. So I installed that in dom0. But there is still nothing in /etc/default/grub. Where can I find the default /etc/default/grub file? Thanks for any help you might be able to provide, I hope to pass it on in the future to other users. Best, Daniel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/558124b9-f75b-46df-bbe0-564fe560c83e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
