Please consult
https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/
https://www.qubes-os.org/news/2017/10/03/core3/
for more information about admin possibilities and how they’re supposed to
work. There are simple demo examples as well.
--
You received this message because you are
you probably ticked update over Tor option when installing.
templates do not connect to network directly, they use an updates proxy.
I' not sure it can be changed in GUI, but you can find the appropriate rpc
policy in /etc/qubes-rpc
alternatively you can temporarily set template vm's network
sudo xl console -t serial Work
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to
The official templates use nftables so shouldn’t be mixed with iptables. I
didn’t have time to learn about nftables, so just removed nftables package from
debian 9 template. YMMV.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe
Hmmm, this kind of makes qvm-pci useless... I think this should be enabled in
vm kernels and then users who want hotplug enabled could just add that kernel
flavour to their grub.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe
I’ll disagree with comparison of btrfs to lvm. there is a very significant
difference between btrfs and lvm. btrfs is like a namespace and lvm volumes are
block devices. one can put a namespace on a block device. but yes, layers and
layers of metadata processing required.
BTW, has anyone
sudo lvcreate -L --type thin-pool --thinpool
qvm-pool --add lvm_thin -o
volume_group=,thin_pool=
qvm-create -P ...
or
qvm-clone -P
set desired private image size using standard tools.
this will put the private volume in the new thin pool. private volumes are
mounted in /rw
btrfs
I agree with Chris. Data specific to a qube should be stored on one of that
qube’s volume. Backups work then.
so in short, first create a qubes storage pool
qvm-pool --add
qvm-create -P
if you go for a thin pool, create it first and use volume group and thin pool
names as options for
Please refer to Qubes issue #3118 which spells it out.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this
I hope you do understand that there is no encryption in what you propose.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
did you update it in R4 before cloning and upgrading?
templates establish a connection to a proxy running in some netvm defined in
dom0 over a vchan.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
did you update it in R4 before cloning and upgrading?
templates establish a connection to a proxy running in some netvm defined in
dom0 over a vchan.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
There are more critical problems than lack of gui frontend at the moment.
Still, backup ui is on the devs' list. See issue #3354
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
AFAIK fn does not emit a code and bios will process it only in combinations
with predefined keys. other keys can probably be remapped. but from my
exprience I failed to swap fn and ctrl.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To
On Thursday, February 2, 2017, Chris Laprise <tas...@openmailbox.org> wrote:
> On 02/01/2017 07:36 PM, Connor Page wrote:
>
>> actually I think that reliance on mangle can be avoided since routing
>> table selection can be done by source address rather than firewall
qvm-backup has a different syntax and vms are excluded from rather than
included in a backup.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
I don't do hotplugging to pfSense. I've created separate Fedora based netvms
with bridges named LAN and DMZ and connected pfSense to those at start. Then
other VMs can use those netvms and connect either to a bridge or do the usual
Qubes routing. Physycal NIC's can be added to tjose vms and
I've encountered some problems myself. Out of two identical standard Realtek
cards only one is recognised. :(
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Drew, as I've said my wifi card is not supported . Perhaps, yours isn't either.
I need to test something that pfsense can talk to.
all I changed in VM config was to do with virtual interfaces. those are
correctly recognised as xn0 and xn1.
--
You received this message because you are
I've managed to install pfSense as a HVM. not sure if it makes sense to run it
as a trusted firewall but that is possible. I created 2 netvms called LAN and
DMZ and created bridges in those. i made a copy of pfSense HVM config and
changed interface type to bridge, added a second virtual
you can create a debian-based sys-net and assign network cards to that. hope
you can get Qubes working for you.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
if you're afraid of cameras, just cover it all when entering sensitive
information like citizen four did.
don't ever enter LUKS passphrase if someone else had an opportunity to boot
your laptop without your direct supervision.in that case yes, a live USB drive
is your friend until it is safe to
if you're afraid of cameras, just cover it all when entering sensitive
information like citizen four did.
don't ever enter LUKS passphrase if someone else had an opportunity to boot
your laptop without your direct supervision.in that case yes, a live USB drive
is your friend until it is safe to
I have successfully castrated ME firmware on 2 Haswell laptops so I'd go for
something more recent but well supported by Linux, reflash and put a non-Intel
network card for peace of mind.
ideally a free BIOS would be desirable but that restricts the selection to
quite old generations of chips
actually I think that reliance on mangle can be avoided since routing table
selection can be done by source address rather than firewall marks. marks are
good to differentiate different types of traffic but in our case all traffic
should be trated the same.
there is difference in how traffic
Rudd-O's solution uses a separate routing table thus ensuring that all traffic
from VMs go either to VPN or a "blackhole". This is more robust than relying on
the main routing table that can be messed up. However, that requires relaxing
the reverse path filter and I don't remember any
I guess qubes tools need to be recompiled against new libraries but userspace
pulseaudio version is not a problem.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
I've been using only f25 for about a month now. the upgrade was smooth. just
needed to tweak qt5 styles and scaling.
looks like now there is a version conflict. qubes-gui-vm requires pulseaudio 9
but I guess f25 has moved on to version 10.
--
You received this message because you are
Linux HVMs don't get network settings from stub domains so all the IPs have to
be set manually. When network topology is changed, new addresses have to be
entered.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group
you can specify your modified config copy in qvm-start
--custom-config=/path/to/config vm-name
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
thank you for the link. I have successfuly tried it on a Haswell notebook. it
doesn't disable ME but (supposedly) limits it's functionality by removing all
modules but 2.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this
you would have to create a new VM, configure it properly and then copy the
private image from the source VM.
same limitation apply to proxyvms :(
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving
Sorry Drew, you asked what needs to be installed to make another dom0, not the
bare minimum that is required. Every Qubes specific package provides a list of
prerequisites and version conflicts. For instance,
Name: qubes-core-dom0
Version:%{version}
Release:1%{dist}
why wouldn't you consult the list of actually installed packages?
https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/conf/comps-qubes.xml
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
On Monday, 14 November 2016 19:24:06 UTC, Unman wrote:
> qvm-block -A allows you to attach an image file to a qube.
BTW, what's the correct way to detach one image file? it's not mentioned in the
man page :(
--
You received this message because you are subscribed to the Google Groups
the filename of the colour profile .icc-file is stored in the X atom
_ICC_PROFILE. perhaps, if that is available then the correct profile can be
selected by gnome settings manager which currently says there are no colour
managed devices in vms. I think colord service would need to be enabled as
darktable and firefox can use a defined profile without colord. the profile has
to be in a specific place and selected as the display profile (with colord
option switched off). for firefox the full path to the profile should be
entered in some property that I don't remember exactly right now
On Friday, 28 October 2016 12:19:56 UTC+1, Laszlo Zrubecz wrote:
> On 09/03/2016 12:49 AM, Connor Page wrote:
> > I have calibrated my yellow screen using argyllcms.
> > I don't attach usb devices to dom0 so installed it in sys-usb as well.
> > used
> > https://encr
контроллер usb должен быть в той же виртуальной машине.
please use English on this mailing list.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Thanks Rusty. People should be aware of this. I think I did reclaim all space
but fiddled too much with the settings. Anyway, it was a good excercise, I
learned about btrfs, LUKS and dracut, that wouldn't happen otherwise.
--
You received this message because you are subscribed to the Google
In fact, I think the right question is "Will Qubes 4 be compatible with btrfs
root if vm storage is expected to reside on a LVM thin pool?"
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails
I have root, home and var as subvolumes on a btrfs volume. I intended to create
snapshots before updates. The tricky bit was to put it on a LUKS partition as
somehow the installer encrypted only the swap partition. Maybe it was my fault,
not sure now. Anyway, if you do it check that it is on
world writable script executed as root is the worst advice I've ever seen on
this mailing list.
please don't do that!
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
the source code of qvm-run is your best documentation of how applications are
run without logging in :)
here is the session that is started in vms. I like the hangman :)
https://github.com/QubesOS/qubes-gui-agent-linux/blob/master/appvm-scripts/usrbin/qubes-session
--
You received this message
would you mind posting the whole script?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send
try Presentation mode in the power manager panel plugin.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to
https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html#_crypto_luks_key_on_removable_device_support
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
does it start with this?
#!/bin/sh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to
no. it looks exactly as acpi problem. have you tried a Fedora live dvd/usb? If
it doesn't work then the problem is not specific to Qubes. please try.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
with such a fairly fresh kernel you probably should make sure you also have the
latest bios. some people also claim that resetting bios settings miraculously
makes their wifi work in Linux.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To
does it work in plain Fedora?
your problem most probably is not directly related to the network card itself.
it could be caused by bios settings and wrong acpi config in kernel. I used to
have the same problem when I first tried Qubes R2 on Lenovo Yoga 2 13.
ideapad_laptop module back then
Think of Whonix as a possible compartment of your digital life that gives more
anonymity online. It would be more or less securely separated from other
compartments. In order to save space and admin effort common parts of these
compartments (i.e., the root filesystem, kernels, modules) are made
agree, when I looked at it some time ago I could not imagine why I would need
all of that. too large an attack surface for my taste. however, I did
investigate what individual elements are capable of and borrowed some ideas,
like using port 636 and tls-auth for openvpn.
--
You received this
they should be connected to the same firewallvm, not netvm. iptables in netvms
are set up differently.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
I think nowadays many live installers that have capability to install on
encrypted partitions give possibility use the tools in a terminal window. For
instance, when I realised that somehow only a swap partition got encrypted in a
fresh Qubes install I launched Manjaro live ISO, dd root
it makes an evil maid's mission a bit more complicated
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this
I have calibrated my yellow screen using argyllcms. I don't attach usb devices
to dom0 so installed it in sys-usb as well. used
https://encrypted.pcode.nl/blog/2013/11/24/display-color-profiling-on-linux/ as
a rough guide. to get the calibration done you just need to run dispcal and
then
No. 4 makes sense. sys-usb shouldn't know the encryption keys. encrypted block
device can be attached to a server vm where it would be appropriately decrypted
and mounted, possibly from dom0 via qvm-run (you can start a vm, attach
storage, decrypt and mount it by a short script using qvm-*
after giving it a thought I decided keep usb devices out of dom0. the solution
for debian is real 2FA but ykfde is for lazy people. I gave it as an example of
dracut hooks. theoretically you can rearrange hooks so that yubikey
authentification happens before rd.qubes.hide_all_usb is processed
this is an interesting idea. initramfs is generated by dracut. read this
https://github.com/nj0y/ykfde/blob/master/README-dracut.md
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from
this is not a universal approach but should work fine for gnome apps. you
should type them in terminal applications in each vm.
a more comprehensive approach to cover all bases is to set proper dpi for X
server, Xft, gsettings (if gnome-settings-daemon runs), xsettings (IIRC Debian
template
you can install dunst for minimalist notifications.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this
Read the last part at https://www.qubes-os.org/doc/usb/
This should solve your problem unless you want to mix sound from multiple vms.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from
I used to run samba server on Archlinux inside Qubes. Actual data was stored on
a separate volume group and mounted in the server vm on boot. The main
difficulty was to do routing and firewalling properly on every change of
network topology. The main risk was that eventually many vms had to be
use arp to see ip and mac addresses of vms connected to interfaces. lookup ip
in qvm-ls -n or qubes-manager
mac addresses are visible in qvm-prefs. assuming your vms don't spoof these
addresses ;)
--
You received this message because you are subscribed to the Google Groups
"qubes-users"
65 matches
Mail list logo