[qubes-users] Installer issues for 3.2
I'm running the installer again. I select to NOT install Debian or Whonix. It is installing them even though I selected for it not to. Is there a bug in the installer where it does this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/758e8f8a-d50a-491c-bb6e-6855e8ef2cb5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] changing DVD/CD on the fly
On Monday, 28 November 2016 14:42:22 UTC+11, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Sun, Nov 27, 2016 at 07:32:55PM -0800, Drew White wrote: > > On Monday, 28 November 2016 14:19:41 UTC+11, Marek Marczykowski-Górecki > > wrote: > > > See if qvm-block tool can help you here. If not, you probably need to > > > look at `xl cd-eject` and `xl cd-insert`. Disclaimer: I have never used > > > them. > > > > libxl: error: libxl.c:2919:libxl_cdrom_insert: cdrom-insert doesn't work > > for stub domains > > So... this is your answer, it isn't possible. It appears not for "stub domains" at least. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5fc72443-5261-4b8c-884e-8ea816ac0f8d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Control Alt Delete
On Monday, 28 November 2016 14:18:33 UTC+11, Christopher Thacker wrote: > What is the Qubes version of "Control Alt Delete"? > > If I leave Qubes and the screen goes black upon my return 5 minutes later, > then I can't interact with anything on the laptop screen. My mouse works > fine but the Qubes VM does not respond to any mouse input. I even unplugged > and replugged my mouse. > > Even the little icons in my lower left and lower right do not respond. It is > as if the entire screen, including the Qubes VM manager, freezes. In such > situations manually restart the laptop. > > What is the "Control Alt Delete" mechanism so i can get a "task manager" to > see what is happening? > > Thank you. Ctrl+Alt+ESC then click Then proceed to see what guest vanished from the screen. After that, in the run dialogue for that guest, run something to bring back the display of it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03c98812-df57-4693-9d77-3902b946b2e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] changing DVD/CD on the fly
On Monday, 28 November 2016 14:19:41 UTC+11, Marek Marczykowski-Górecki wrote: > See if qvm-block tool can help you here. If not, you probably need to > look at `xl cd-eject` and `xl cd-insert`. Disclaimer: I have never used > them. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? libxl: error: libxl.c:2919:libxl_cdrom_insert: cdrom-insert doesn't work for stub domains -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/660896c4-5cc7-4e9a-8d2f-b18f18f0bdf4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] changing DVD/CD on the fly
On Monday, 28 November 2016 14:19:41 UTC+11, Marek Marczykowski-Górecki wrote: > See if qvm-block tool can help you here. If not, you probably need to > look at `xl cd-eject` and `xl cd-insert`. Disclaimer: I have never used > them. > Thanks Marek, I'll give it a try. And no, qvm-block merely kept saying it couldn't unmount a cdrom. I'll let you know how it goes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/17fff5d9-93e8-4dfe-a323-d0c516bab6c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] changing DVD/CD on the fly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 27, 2016 at 07:03:37PM -0800, Drew White wrote: > Hi folks, > > I'm trying to change the DVD in the drive on the fly, but I'm unable to > unmount an assigned DVD/CDROM. > > I've had a look and I can't find the information anywhere here. > > How do I change the DVD/CD on the fly in the VM when referring to ISO's? See if qvm-block tool can help you here. If not, you probably need to look at `xl cd-eject` and `xl cd-insert`. Disclaimer: I have never used them. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYO6JGAAoJENuP0xzK19csUacH/1MysTjYInRl6PXJu8/l/vAJ C96pFD6cSTCo+J9nmZO+jaoRsXLnWWsCMzmwycZA7/5Evc3fPEKxKiuH5cWJtWbB tbBa/cIiA9Ym84+cXlVjWGqcb2Rd7J4jEIWGyqKO57qobQLs/JPI+JAvxyUKZ/ON RAopmUfy+A3mJtwYU18k/gdJFcQSlo5qHRYQpXSyOAu6DqKkdRHut7L57M/0bKzB p5yOueq0szCK52rIAqYtESliIwjfiEFf2+W63gvPA0Y0uUB0VRGupAapJxKbkK8e Uq73PFFcn0+h64C1hW4RFHPoaasRgXoSTVMpL/gc/phlMeUk7qQ7xkEBiLdUlpw= =QLND -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161128031934.GB1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Control Alt Delete
What is the Qubes version of "Control Alt Delete"? If I leave Qubes and the screen goes black upon my return 5 minutes later, then I can't interact with anything on the laptop screen. My mouse works fine but the Qubes VM does not respond to any mouse input. I even unplugged and replugged my mouse. Even the little icons in my lower left and lower right do not respond. It is as if the entire screen, including the Qubes VM manager, freezes. In such situations manually restart the laptop. What is the "Control Alt Delete" mechanism so i can get a "task manager" to see what is happening? Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e6e77fa-1abb-4c56-86eb-0ed66e653396%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] changing DVD/CD on the fly
Hi folks, I'm trying to change the DVD in the drive on the fly, but I'm unable to unmount an assigned DVD/CDROM. I've had a look and I can't find the information anywhere here. How do I change the DVD/CD on the fly in the VM when referring to ISO's? Thanks in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3d36c1e-e3b6-4cdc-a600-8da0d9f9b198%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] custom kernel doesn't work installed in debian cloned template
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 26, 2016 at 09:02:08PM -0800, raahe...@gmail.com wrote: > I followed instructions to install pvgrub2-xen in dom0. Then in template vm > installed qubes-kernel-vm-support and grub2-common. Then i installed the > distribution kernel from debian repos with apt-get (3.16). then update-grub > and shutdown but It doesn't work right. I eventually would like to be able > to compile my own kernel, was hoping it would be easier with pvgrub support > but I think I must be missing something. > > When I boot it after selecting pvgrub in kernel settings. sudo xl console > sows it has booted fine but then is asking me for a login. If I type root i > get root. But I can't load any applications in the gui environment. from > dom0 terminal or from the start menu on desktop. Make sure you have u2mfn module compiled. In some cases (I think it depends on package installation order) it isn't done automatically. AFAIR the easiest way is to execute: sudo dkms autoinstall - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYO5wFAAoJENuP0xzK19csocUH/jIGrtN9mcq+yBKexGLwUiew Frx9riBphesgcpDz3Q4ygI9E5DK3vEj19lnBnhvwKexqv1K1ZE6aas1OH2HlSSrQ obc2qJOZPU1+Yz0vW6ncWWn8vFbS1VJ35RhPoTIh+l+dU7m1sSrLdewXkWgAa5gp XI2Tzc2KA+/2MMhhdk6UT1mm/Aclh8Eg3JpuEAesET5vyTpZTFIaTqkeujYGOGK9 PR1zMyhNpawd70U49pT1QrvVpfgfwHB/Om9rDmSWHcO1SOLcSwD24Ti+oudXK6rv 06gJ1RXN8SouCjWiQMv0GEzYtRcEWVJiEu991CzgR7d4NYI/IsPs7ivAZr6Cptg= =GNyw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161128025253.GM2130%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to block template vm? (prevent it from starting)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 19, 2016 at 09:27:39AM -0800, Pawel Debski wrote: > Folks, > > is it possible to somehow block a TemplateVM and all VMs based on this > template? > > I.e. whenever some app would be started in any VM involving this template I'd > like to get an error messages or at least have the operation fail silently > instead of having Qubes start the VM. There is no builtin option for this, but if you really want, you can intentionally break such template. Like renaming /var/lib/qubes/vm-templates//root.img to some other name. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYO5v/AAoJENuP0xzK19csNfAH/3+Q66qBuyWjxbmWSkJmPEVC fkIDLlgV2TVgjK6g0thQNE1LQo9DgvBNhS+yOq0soidNAGfR53iKXEo8vVXlgnFs WsnuYuT35jndOVp5046awpo7mpXyH2QD0VnaOFru/IqOk/k5Zq697UFyFGEMjCnE ScrwWsbR3EQRC2sx21R9wCue/jqYPjiFD7WdZipk1tLRySiqVrtwfrwSuMaBg19I C65W/YunAydoSfGg8gcgdhBJj891BooYbHzfnkms3ygUl7Tr+JWb/T1G6zpLkUIR 2ZuTH0TigxJgQvb74lSJD5pDRRGf5zOPac6Mug0TO0oDcMs0IMT7KSbE3Dfs55k= =vvdo -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161128025247.GL2130%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes can not decrypt the root directory partition.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 27, 2016 at 01:19:11AM +, Alexander Villalba wrote: > tezeb: > > I do not have Backup ! And I do not think it's a hardware problem. Anyway > there's diagnostic software for that. > > Marek Marczykowski-Górecki: > > And not, it's not the Caps Lock, the keyboard is fine (please, I'm not a > baby!) > > But I do believe there are more options. It would be terrible if there were > no more options. Lets start from the beginning. In default installation you should have LUKS container on one partition. You should be able to access it from console (from whatever running linux - Tails, Qubes installation disk in rescue mode or anything else): Check what partition it is: sudo blkid Search for TYPE="crypto_LUKS", on my system it is /dev/sda3, so lets go to the next step: sudo cryptsetup open /dev/sda3 sda3crypt This should ask you for your disk passphrase. If all goes well, you should get /dev/mapper/sda3crypt. If not, examine LUKS header: sudo cryptsetup luksDump /dev/sda3 You should see at least one key slot "ENABLED". If not (and you don't have any backup), there is no way to recover the data. Next step is to activate LVM - this is what lies inside LUKS container on Qubes. This is easy: sudo vgscan -ay You should get /dev/qubes_dom0/root, which you can mount normally and access your data - VM data images are in /var/lib/qubes/appvms. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYO5r2AAoJENuP0xzK19csOV4H/jeg5fisG5eufBn10M0Iy7NK ObiNpRO7Cgu8pPSrdecqeKWDL0Tdm2fiGMviRw65UM0x3vBFxa0LhmCFFCKJ+kYP pLX4fjyK+hXuanay5WX2cFhS/w7RvQ7D1MTQvQmUDRJonDoce6jXGH4lJkebRGPb WOqZ2LK5H0HfmAkib+WP8+Q2GOTZgWmtQc8gjcxFYfcbAYsFwTolzOb3863vycWj xbvVoL0FZJqfyC7Z+prCXtXCxuDRf6Vj9fyJXp51IDwJazZ+WamCnIOcaFhE1Ugj y8HYdBwGdwTpyavcKvRQ6q0mUNbiHGWrHEPQqKfnXAhNdINa1qgUMFCRN3OF/Fg= =I3gv -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161128024822.GA1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fedora 24 minimal template can not be setup with salt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Nov 18, 2016 at 01:46:26PM +0100, qu...@posteo.de wrote: > Hi, > > I am planning to setup my templates with salt. I have done some preparation > some time ago but not with the Fedora 24 templates I thought it was time to > do it properly. > > One of the issues is that the minimal template can not use salt by default > afaik but needs the package "qubes-mgmt-salt" which needs to be installed > manually. If you want to manage it from dom0, using qubesctl wrapper tool, you don't need salt installed in target template at all. See here: https://www.qubes-os.org/doc/salt/ > When I try to do this on the Fedora 24 minimal template I get a conflict > between the packages qubes-mgmt-salt-config and salt-minion. The conflicting > files are /etc/salt and /etc/salt/minion.d. Is this known or is there a > workaround for it besides forcing the installation? As noted above - you don't need qubes-mgmt-salt-config installed. Neither salt-minion. The only think you need, is qubes-mgmt-salt-vm-connector in your _default_ template. > In general it would be great if you would use salt to setup the templates, > at least optionally, because then it is more transparent what is in them, > you do not need more disk space on the dvd and users can easily customize > them. This would also allow users to not backup the templates which in my > case would save almost 10 GB. Part of it makes sense. Especially managing templates to save on backup space. This also makes it easier to migrate to new template, or recreate it for whatever reason. I think the only currently missing piece is more documentation on it. But it isn't possible to directly create new template using salt - you need something to boot in the VM first to run salt-minion there... Also it won't save much space on DVD, as we don't want to depend on internet access during installation. > The Fedora standard image has way to many packages and also has > gstreamer-plugins-bad installed which provides atm a known remotely > exploitable security hole, at least when Chromium is used. Standard templates are mostly default installation of given distribution - - in case of Fedora - it's Fedora Workstation. With actually some stuff excluded (like libreoffice, evolution) to make it smaller than the default... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYO5HxAAoJENuP0xzK19cs8EcH/190Rjv99S9PnX88PCyrV0k5 iKxyGuAXxLi/6uXsIgTRCcnVw2QpxIK6Ih5cl05yARqELsYGLbcUUNqObOoKqnbC DCIkpQtHZOFsIylmDIENDHKhievUTZpTLw2IV7OiBL/f5MXyasL8JPDXGGGjq4kQ osGjYEoFmwBUTFTbBWrcsW7/b4Wl0nHqOe1a+Vxcg9A+zhwxwbk7fKxcHLyx3327 Rq7h0Vl7sfkr9u8nWr7Ptwcf8jHR7Agsmlh2F5oR83CWHNe0viuv+gzo+U1YKn8N fEH4BxxVANtBS3dhnYL3nG43TZKxg4l05UHyt1m2+kUmhhNj21LVuydGXVc87gE= =G4Au -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161128020953.GZ1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Custom Bios
Hi folks, I'm trying to get a custom BIOS to work, but I can't find where the options are. There is nothing in the documentation to specify where to set it If you know how to do it that would be great! Otherwise, do I have to create a XEN config, and then is there a way to convert that to the Qubes config file? Either way it would be good if there was the availability to do such a task. I did a search in the forum, but could not find anything. Thanks in advance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98cbfad3-ea1f-4612-abd1-d84bfa80ee61%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Creating USB qube: PCI device in use by driver xenlight
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-26 14:29, Grzesiek Chodzicki wrote: > W dniu sobota, 26 listopada 2016 19:52:39 UTC+1 użytkownik Pawel Debski > napisał: >> W dniu sobota, 26 listopada 2016 18:56:49 UTC+1 użytkownik Grzesiek >> Chodzicki napisał: >>> put following command in dom0 terminal: qvm-prefs -s vmname pci_strictreset >>> false >> >> Tx Greg, that works. >> >> Can we briefly discuss how much does it lower the security of the >> workstation. I mean: does it really allow to plug-in fabricated USB device >> to install keylogger to obtain credentials to highly sensitive applications >> running in other qube (say VaultVM). >> >> What other potential attack scenaria does it open? >> (assuming that one is interested only to protect VaultVM transient content) > > If the device is assigned to one vm only at all times then it doesn't lower > security afaik. PCI strict reset is used to reset the device's state when > moving the device between machines. If the device is not moved between > machines then it shouldn't matter. > Correct. From `man qvm-prefs`: pci_strictreset Accepted values: True, False Control whether prevent assigning to VM a device which does not support any reset method. Generally such devices should not be assigned to any VM, because there will be no way to reset device state after VM shutdown, so the device could attack next VM to which it will be assigned. But in some cases it could make sense - for example when the VM to which it is assigned is trusted one, or is running all the time. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYO4QdAAoJENtN07w5UDAwDQUP/j8ipg43tTTftByJ57Fgwoee 3jt4EQtOu/Dj9B1zOvJjdESSXFBconqzRuB6gtEXkUJFNbHVM1zXrYKVl3BIs8fL 9Q5bde7bFOL3s8iUct9LUptZrkJApWE1lLslIXkf310Q/ZueWOeDOj6AWH3JgOQq 4e+YRfmWo2iYdgtOwE8lTafhf6dWW70XwaigDgftmjSrEEXQzCDZIB/skxJYFk08 FTvO/j9Hf5yfjRVHMWCXkK7XNAWQGcZfVh0CXv/mW8YEfmw/c+C9bJMT5HYjf6xw SuLMX5plaE1uqUhGrNhKLICfrF+mr6D0fJLbUqblGmRY7TyneyT4KY404T6euMQw nfgyrXQXhEPk9IDDXI+Lhf1rEOFiSIqovTxMbTdj6nYlvhE4tuj951sOvcsbwXje sriPw1viRntTOLXig41tj1cuKCtoAzoUCz1E/EDS4lUAMJ9eh85sxyGevBxbDMnl H3nE1pyTmy0sobvIc8MwdcgMdQM18yCxmoFq3GbHp3gnibngRSufMbNBe7/u0XKK ihTQxY1hUMnhq/iiXg1UwLVUqDY/1ohzvB0gs3qqvh7AT6gu+8ypEhkxydpv04bb ZcqWZO1C+z9xmDz0k2rHL9nViqj2D/C1PgWJ1/y3MFR+S84TVnOEWt0QjvhOYgSH +Hse/mswOmQy9h+BNNpf =6i/C -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/848eb69d-92bf-1af1-b771-cf385b04d0a2%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Passthrough
On Friday, 25 November 2016 23:36:42 UTC+11, Desobediente wrote: > In the settings tab on the qubes manager you could passthrough almost > everything. For example, if you passthrough the video card, your screen will > black out. I don't want to pass through the device from dom0 to the guest, I jsut want everything that the guest sees to be the physical device that is faked to be as it really is. Not remove it from dom0 and everything else, because that would mean that qubes would stop working because the device isn't shared. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b7aad368-1fba-4cf6-bf47-64f1fabcbda2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Stuck during boot with processor stuck - now with journalctl logs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 22, 2016 at 10:54:32AM -0800, Ronald Duncan wrote: > Added in the journalctl logs > > The laptop works best with latest linux kernal > > rjd@rjd-GL752VW:~$ uname -a > Linux rjd-GL752VW 4.8.0-27-generic #29-Ubuntu SMP Thu Oct 20 21:03:13 UTC > 2016 x86_64 x86_64 x86_64 GNU/Linux > > What is best way of updating qubes to latest kernal and hypervisor. There is 4.8.10 kernel in unstable repository, you can install it with: sudo qubes-dom0-update --enablerepo=qubes*unstable kernel This assume you can boot your system. Does the hang happen all the time, or only sometimes? If the former, try disabling nouveau driver (which looks to be the problematic one), for example using nouveau.modeset=0 kernel option. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYO04zAAoJENuP0xzK19csk64H/jRt3ma1zKxR4sSrE+vhBw2m 4xlViEX3d6wcgul0N4YDJ/D61nlALUjVoel0pEJFIfBAr6rWNAonchd42LclPEk2 nGiF7R5S5t4Ua1B57dj3Gd6PpCU76wiBnHjSLlSY0MOydwpaVLuHTZR+9zqGhFVj 1OVSVH7lZBdetK+VlWGxcOK6VI6LPzKqMCWITC06LrRETF3pwuX0eOpObKzMpB5t yP+8ExTIGSoOqsHoA6FdV2Ie2813biAJsobreKZEK32wJeFa5uNX9fJzrPR9zSlf kzeTh1JQXRkf+N4ZpF9aq52n8kzFjguDITyBPPc7dmGR5DCkKFDGBnfRM/RIZBo= =qGwa -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161127212051.GY1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unsolicited feedback on qubes-issue #2455
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 27, 2016 at 12:47:14PM +0100, Alex wrote: > On 11/26/2016 11:59 PM, Marek Marczykowski-Górecki wrote: > >> - Qubes-GUID crashed in one AppVM as soon as I started monodevelop > >> the first time. Cannot reproduce this problem either. Error in guid > >> log was: > > > >> ErrorHandler: BadAccess (attempt to access private resource > >> denied) Major opcode: 130 (MIT-SHM) Minor opcode: 1 (X_ShmAttach) > >> ResourceID: 0x254 Failed serial number: 3670 Current serial > >> number: 3671 > > > >> may be related to the fact that monodevelop shows and hides many > >> windows in rapid sequence when starting? > > > > Yes, it may be. Very similar error (#2171) was already fixed some > > time ago, but apparently not all the cases. Anyway it's rather > > problem in gui-daemon, independent of Fedora version. > It may be nice to have a fallback handler for qubes-guid crashes, if the > X architecture permits, that restarts the daemon and restores windows > redirection to dom0. After the crash I could check programs were running > inside the VM (via qvm-run) but no window could be seen in dom0. It was > not a pleasant situation :/ A simple recovery-by-restart may help a lot > with the user experience in such cases... Actually this should be the case - restarting gui daemon should be enough. And qvm-run (without --nogui) should automatically start gui daemon if not running currently. What happened when you've tried? Any error regarding gui daemon startup? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYOv0RAAoJENuP0xzK19csKrYH/3hBLL7t3Soy/mWh7NehdUDs Wdweh7QIEjx7x2eF6JGxHTbfeBpj6tCqCjYebhfTfBAqblevsVBepyWqYLB/4W/F CDK6qTWTiV6aqn22PX69rdpVT0eljT2MgMzzJDwApie8n+qzw1JYkkoLAU2I2ICn jbXGXHIK60Pgd//YJKbk9/T0Uy6lRO3C00Imn3rj3ekQC2mmglSOivA9rkPwECQx IvKao/RuRiV0AFNja6pOGL157GoA3hvKhMVj1MX18R5d9jMXKIKbIfA75d3ol+lD bbJi5LsQkPMLLUM0ooZxbFQA1kN3jBYGWAjBlCKMBTnZGW0VsX6LVLQMuNlf3ac= =pg11 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161127153441.GW1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Creating USB qube: PCI device in use by driver xenlight
Great, tx. Wiadomość została wysłana przy pomocy AquaMail dla systemu Android http://www.aqua-mail.com Dnia 26 listopada 2016 23:29:39 Grzesiek Chodzickinapisał(a): W dniu sobota, 26 listopada 2016 19:52:39 UTC+1 użytkownik Pawel Debski napisał: W dniu sobota, 26 listopada 2016 18:56:49 UTC+1 użytkownik Grzesiek Chodzicki napisał: > W dniu sobota, 26 listopada 2016 18:53:26 UTC+1 użytkownik Pawel Debski napisał: > > Folks, > > > > I'm trying to create a VM that will handle all USB devices that are or may be connected to the machine. > > > > 1. I have created a new AppVM based on fedora-24-full-sw template. > > > > 2. fedora-24-full-sw template is a copy of Fedora 24 template with all sorts of additional software installed, for example for Bluetooth handling, 3G modem, finger print reader, camera, flash card reader and so on. > > > > 3. I have assigned an USB controller to the newly created AppVM and switched-off memory balancing in the options as recommended by the message on "Advanced" tab. > > > > 4. When I'm trying to start the VM I'm getting the following message: > > "PCI device in use by driver xenlight" > > > > Please note that at the moment only one single USB bus is assigned to this VM. > > Without any assigned devices this VM starts properly. > > > > What shall I do to make it work with USB bus? > > > > Best regards > > PD > > put following command in dom0 terminal: qvm-prefs -s vmname pci_strictreset false Tx Greg, that works. Can we briefly discuss how much does it lower the security of the workstation. I mean: does it really allow to plug-in fabricated USB device to install keylogger to obtain credentials to highly sensitive applications running in other qube (say VaultVM). What other potential attack scenaria does it open? (assuming that one is interested only to protect VaultVM transient content) If the device is assigned to one vm only at all times then it doesn't lower security afaik. PCI strict reset is used to reset the device's state when moving the device between machines. If the device is not moved between machines then it shouldn't matter. -- You received this message because you are subscribed to a topic in the Google Groups "qubes-users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-users/livE9VYBvUI/unsubscribe. To unsubscribe from this group and all its topics, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c965fe62-57f0-4dc1-ad5a-ba3108df6b15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/158a5a371f0.27bf.e8d9d2e9cd019a112d31c27ed70f495b%40econsulting.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unsolicited feedback on qubes-issue #2455
On 11/26/2016 11:59 PM, Marek Marczykowski-Górecki wrote: > In addition to this, all automatic tests also passes, so basic > things like DispVM, NetVM etc should work. They do, for me too :) I just forgot to mention them :D > >> Now for more unsolicited input, but trying to be as specific as I >> can be - please note that I don't fully understand the working of >> Qubes-GUID (I never studied it, until now :) - One AppVM with a lot >> of installed software took a couple of tries to correctly start. >> The first time the start failed with "qrexec daemon not running", >> and in guid log I found a long list of "invalid PMaxSize for >> 0x201d (32767/32767)" and so on. Cannot reproduce this >> problem. > > This particular message shouldn't be a problem, probably the reason > is somewhere else. Do you still have the last message of the log? I'm sorry, but I was in a semi-hurry and did not keep the logs. My plan-B was to restore everything from a backup in case the upgrade produced some catastrophic situation, and since a mere VM reboot fixed the situation, I did not keep the logs but only some fragments I deemed important. My bad. >> - Qubes-GUID crashed in one AppVM as soon as I started monodevelop >> the first time. Cannot reproduce this problem either. Error in guid >> log was: > >> ErrorHandler: BadAccess (attempt to access private resource >> denied) Major opcode: 130 (MIT-SHM) Minor opcode: 1 (X_ShmAttach) >> ResourceID: 0x254 Failed serial number: 3670 Current serial >> number: 3671 > >> may be related to the fact that monodevelop shows and hides many >> windows in rapid sequence when starting? > > Yes, it may be. Very similar error (#2171) was already fixed some > time ago, but apparently not all the cases. Anyway it's rather > problem in gui-daemon, independent of Fedora version. It may be nice to have a fallback handler for qubes-guid crashes, if the X architecture permits, that restarts the daemon and restores windows redirection to dom0. After the crash I could check programs were running inside the VM (via qvm-run) but no window could be seen in dom0. It was not a pleasant situation :/ A simple recovery-by-restart may help a lot with the user experience in such cases... -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c9667aae-25d6-e28d-c78d-eac10ce12616%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
Andrew David Wong: > A strange networking problem just started in the past day or so: > > Every few hours, around 2/3 of my VMs will suddenly lose network > access. I can still ping websites from sys-net and sys-firewall, > and some VMs still have normal network access, even though all of > them are using the same sys-firewall. (Other devices on my LAN are > also fine.) > > The weird part is, if I create a new, additional "sys-firewall1" > ProxyVM and switch over one of the non-working VMs to it > *without restarting* the non-working VM, network access gets > successfully restored. So, the problem must be in sys-firewall > or the AppVMs, I think. > > I've tried basing sys-firewall on fedora-24 and fedora-24-minimal > with the same results. Also double-checked NetVM assignments > and firewall rules, of course. > > Any ideas for logs or tools I should check to find out what's > failing, or where it's failing? > > - > > I can't imagine what caused this problem to suddenly start, > except maybe a dom0 or template update, so here are the packages > I've updated in dom0 recently as part of normal qubes-dom0-update: > > libsndfile > sudo > bind99-libs > bind99-license > ghostscript-core > hswdata > perf > ntfs-3g > ntfsprogs > perl > perl-libs > perl-macros > > And here are the packages I've updated in my fedora-24 template > (again, as normal updates): > > libicu > libidn2 > gnome-abrt > gnome-software > libdmapsharing > libmetalink > lz4 > lz4-r131 > rpm > rpm-build-libs > rpm-libs > rpm-plugin-selinux > rpm-plugin-systemd-inhibit > rpm-python > rpm-python3 > > Any ideas? > I had networking issues after downloading Fedora 24. I've ditched that and gone back to Fedora 23 - all is well again > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0eed97d-610b-72ed-81db-6d9ff485fd97%40tutanota.com. For more options, visit https://groups.google.com/d/optout.