[qubes-users] Unable to install SEH UTN Manager in Win7 hvm
I am unable to install SEH UTN Manager (https://www.seh-technology.com/fileadmin/user/downloads/deviceserver/tools/sehutnmanager-win-3.0.21.zip) in my win7 hvm. I have tried both with/without QWT installed. The problem seems to be related to signing of the driver, see attached screenshots. I never had any problems getting this working outside of QubesOS, so I'm guessing this is a QubesOS/XEN limitation? Feel free to download and install SEH UTN Manager from the link provided. Hope somebody is able to explain why this is failing in QubesOS, and if there is a way forward? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f2328b4-e397-4e84-a566-c06cd3d09f2b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: beginner trying to choose a laptop question
On Monday, November 21, 2016 at 11:45:10 AM UTC-5, Warren wrote: > I'm looking at the "HP Laptop 250 G5 (X9U07UT#ABA) Intel Core i5 6200U (2.30 > GHz) 8 GB Memory 256 GB SSD Intel HD Graphics 520" at > (http://www.newegg.com/Product/Product.aspx?Item=N82E16834266056_re=HP_Laptop_250_G5_%28X9U07UT%23ABA%29-_-34-266-056-_-Product). > > ark.intel.com says that VT-d and VT-x is supported by the processor but I > can't find out, so far, whether it's actually enabled or can be enabled. > HP site says the chipset is intel SoC. > > Would anyone care to hazard a guess as to whether or not I could use this > laptop to run qubes? > > Thanks as long as you can get to the bios, that part should work. you might have to do this, http://linuxbsdos.com/2016/11/05/disable-secure-boot-on-hp-250-g5-laptop/ 8 gigs is pretty tight for qubes, if you get this one, you'll want to upgrade to 16. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/44932c61-6bb7-4233-8857-e1c43ac74016%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes OS 3.2 Installation Issues: anaconda 'text mode' Installation Destination autopart failed LUKS
Device: Lenovo ThinkPad L450 modified with OCZ Trion 150 (480GB) SSD Installation Setup: USB Drive with prepared ISO, using Basic Graphics mode under Troubleshooting due to system lockup in GUI mode. Primary Problem: When trying to setup partitioning, and selecting either Standard or LVM, this error occurs: "storage configuration failed: autopart failed: Encryption requested for LUKS device sda2 but no encryption key specified for this device. Could this have something to do with the fact that the original SSD had OPAL 2.0 and the replacement SSD does NOT have that feature? Am I unable to use the OCZ drive as a result, or is this something entirely different. Background: I am a first time user of Qubes OS and have only marginal experience with installing any type of Linux disto. I'm mostly a Windows guy, where things like this 'just work' usually. Thanks for the support. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/311e16d5-abda-4fae-a28b-fde34d7b45ef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Warning when launching applications
On Tuesday, November 22, 2016 at 8:14:04 PM UTC+1, Loren Rogers wrote: > I'm not sure if this is the expected behavior. When a VM is starting up, > if I launch an application from the Applications menu, it gives me this > error: > > > domain '' qrexec not connected > > I also get a warning in the VM Manager. (See attached.) > > I imagined that the applications would queue while the VM started up, > then launch when it was ready. Is there a reason it doesn't work this way? I think there's no technical reason but nobody has added this yet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5aeb83cf-4eef-4955-af44-d1dc115ba02b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] RE: 2442, 2412, 1861
RE: https://github.com/QubesOS/qubes-issues/issues/2442 Will you still allow options to be set so that we can edit the boot config for grub to enable and disable features that are annoying and things we do not want? RE: https://github.com/QubesOS/qubes-issues/issues/2412 Can you make it able to use multi-drive for install rather than combining them all into one? RE: https://github.com/QubesOS/qubes-issues/issues/1861 If the bugs for Seamless Tools that already exist for Windows 7 get fixed, the ones that have appeared since 3 versions ago, then I hope that the tools get better and the bugs that were reported fixed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12ea792a-7622-4f70-8f37-c74d9342a41a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes not shutting down
On Tuesday, 22 November 2016 13:41:30 UTC+11, Loren Rogers wrote: > On 11/21/2016 06:24 PM, Drew White wrote: > > On Tuesday, 22 November 2016 06:04:43 UTC+11, Loren Rogers wrote: > >> On 11/21/2016 11:04 AM, Loren Rogers wrote: > >>> On 11/21/2016 12:42 AM, Drew White wrote: > On Sunday, 20 November 2016 04:56:03 UTC+11, Loren Rogers wrote: > > Another correlation I've noticed is that my machine randomly shuts > > itself down without warning when I'm browsing in the Anon-Whonix VM. It > > seems that simply having the Whonix browser open causes the problem. > > I've not been able to pin down an exact cause, but it seems to happen > > after about 5-20min. When this happens, the machine sometimes ends > > up in > > a hung state (black screen) at the end of the shutdown process. > > > > I've also noticed that the fan speeds up right at it starts to > > shutdown. > > (The screen turns to the Qubes logo with the progress bar, then the fan > > cranks up.) Sometimes the bar makes it all the way to the end, other > > times it seems to simply crash to a hault. As I mentioned elsewhere, > > the > > Thinkpad X201t is known to have overheating issues, but I'm not sure if > > this is related. I'm not working the machine particularly hard (just > > browsing articles on the web), and the hardware is not particularly hot > > to the touch. > When it gets to the qubes logo screen, press ESC to see what it's > actually doing. > > If you wish to always know what it's doing, turn off rhgb and quiet > in the boot config. > > Then you will see where the issue is. > >>> Thanks, I'll give that a shot next time it happens. I feel like it'll > >>> go by too quickly for me to see what's happening; does it also write > >>> its activity to a log somewhere? > >> I can now confirm that it's an over heating issue. When it went into the > >> automatic shutdown sequence, I pressed escape and managed to take note > >> of a few of the messages. One of the very first ones was something about > >> "thermal_zone_0 critical temperature reached: 128C", which I assume is > >> the cause. (This isn't an exact quote, since I noted it from memory.) > >> > >> This raises some questions: > >> - What could be causing this overheating issue in Whonix? > >> - Is 128C a normal temperature for the safety shutdown to kick in? > >> - Does Qubes have a warning / alert system for potential overheat? (Like > >> low battery) > > It is a high temperature, but does it ONLY happen in Whonix? > > Or if you push the PC does it happen also? > > Have you tried limiting the threads Whonix can use? > > > > Sometimes CPUs have shutdown at 99 degrees. > > So 128 degrees is a bit high in my own opinion. > > > > I recommend you check the CPU Fan and heatsinks (if it has them). > > Thanks for the input - I just dusted out the fan, and we'll see if it > helps. It wasn't too bad, but we'll see if there's an improvement. > > No, it also randomly goes into auto-shutdown when backing up VMs. > However, that happens about 20% of the time. Whonix seems to do it about > 80% of the time, the other 20% I figure I shut it down before it does so > on its own. I figure there may be something in the Whonix VM that's > causing my processor to over work itself. The auto-shutdowns may be > ultimately linked to dust in the fan or something like that, but if > there's something processor intensive in Whonix, it may be worth looking > into. > > Also, a heat warning message would be nice. I assume the thresholds are > set via the bios - is there a standard way of monitoring this? (I'm not > particularly well versed in this sort of thing.) I recommend you get your HDD checked, and your RAM. Test both thoroughly. Could be some bad sectors. Also run a smartd check. Some PCs have system diagnostics built in for RAM in the startup sequence. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46ae5b6e-79bd-4e09-a7f8-0bbf6478659e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Warning when launching applications
On Wednesday, 23 November 2016 06:14:04 UTC+11, Loren Rogers wrote: > I'm not sure if this is the expected behavior. When a VM is starting up, > if I launch an application from the Applications menu, it gives me this > error: > > > domain '' qrexec not connected > > I also get a warning in the VM Manager. (See attached.) > > I imagined that the applications would queue while the VM started up, > then launch when it was ready. Is there a reason it doesn't work this way? Try increasing the timeout for qrexec. The typical wait time isn't very long, and if your PC is slow or doesn't have much power available for booting the guest, then it's possible that inside the guest things have not fully started when dom0 tries to communicate to the guest. (at least, that's what I found) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2c29550-3f75-4e3d-ba08-84b3d13156ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Any chance the freezing could be resolved?
On Tuesday, 22 November 2016 11:34:22 UTC+11, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Mon, Nov 21, 2016 at 03:36:05PM -0800, Drew White wrote: > > did not work... > > $ qubes-dom0-update xen* > > Another quirk of yum->dnf transformation... > > > did work... > > $ qubes-dom0-update xen* --action=update > > Did it changed anything? > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJYM5KJAAoJENuP0xzK19csV4UH/2bldPEzU8rgqZp4WdpcKz2b > 7XnrclfsiCwPHQYfetZHP/oZmjYDm9/wazKeW7UeP6bAvC3TxoB5/2oiGJT7pnL5 > AStMt06ETdYeDAXC3EsJTyHthD7RpTEtPzbgZQ/CGNFoLhp9Gympv9tqUl3zsuZv > qaPdL5jZ1cLoisnNYPs6W/LnzuQBcoHIxwDukRzQN42SkMCXH5yj4AdF6TR078fM > 6ln3aHJQsV8cXc9relDWJ/uWx1BvYTCdgBnNKdDwJVDcICetYTElCLOaEE6MrDvU > 3cQ01XLH6TPnHLBRWSWLA5wub9P4MkgYGBbOAjiFdX9bJqHjPLyCV5LtK0Oz9ko= > =yGcH > -END PGP SIGNATURE- It doesn't matter with yum or dnf. yum install xen* installs all xen. dnf install xen* installs all xen. Both do the same thing, update what is needed to be updated and also install new things that are xen, including dependancies. (or so I have found every time I do a yum or dnf) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ac44aa1-c3be-46d1-90e1-8889e090e686%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Security Bulletin #27
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 22, 2016 at 01:30:31PM -0500, Steve Coleman wrote: > I know the developers at ITL have their hands busy with this right issue > right now, but I have a (long winded) curiosity question in hope to gain > some context when you get a chance to think about it. > > I can see that in this particular potential exploit one might use a client > vm's PCI device to exploit an emulated instruction, then used to generate a > memory offset that potentially could be used as a pointer to break out of > the Xen hypervisor jail. Correct? > > My question here would be whether the Xen FLASK subsystem might have given > some level of protections against this kind of "emulated" instruction > exploit, given that labeling of virtual devices and memory is supported > (e.g. flask-label-pci). I realize you may need to give client VMs access to > pci devices in general, and this particular pci label does not protect > against use of pointers to memory, but could the client call then be > restricted to just the necessary IO memory in this case, and thus forcing an > AVC denial fault when that generated pointer is actually used outside that > range? Or are these emulated instructions running in a hypervisor context > that would ignore its own FLASK policy? The later case. Additionally I don't think XSM is plugged in x86_emulate anywhere. If domain is given permission to access some resource (and the policy allow it at this stage), it isn't re-checked later. At least this is my understanding of quick grep results. Generally XSM/FLASK policy can be used only to limit what operations can be triggered by a VM. If implementation of particular operation is buggy, and the operation itself is allowed by XSM, that's over. None of last Xen critical bugs affecting Qubes OS could be stopped by proper XSM/FLASK policy. Exactly for the same reason. On the other hand, our architecture (for example having qemu sandboxed in stub domain, not using pygrub, etc) make most of Xen vulnerabilities harmless for Qubes OS. XSM could help if the buggy operation would not be needed at all - in this case it could be blocked by the policy, so would be out of reach for the attacker. But if the operation isn't needed, maybe it shouldn't be in the hypervisor at all? This is why we're advocating for having as much as (reasonably) possible code disabled compile time using Kconfig. Not supporting non-SLAT/EPT hardware in Qubes 4.0 is one of those things - - we do not include shadow page table code at all there. It isn't possible to compile-time disable all the PV handling code, at least not yet. But work towards PVHv2 might make it possible (in Xen 4.9 perhaps...). But still - instruction emulation in some cases still would be needed... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYNM1zAAoJENuP0xzK19csOIEH/jE05gE1u7BaqZLoQ7RX0iWt KSHKoyWV4xR0pWSMxob4bhGBj2Ktyh5m9CARg36XiwDLaDNgrD1NmH8ouIak6yqW 1MFL2FM4MaNDukYdUbPdR5I1jSFynAS+dD4wD6WH5IzKSiWWh3avreMEXn173pyr lKPu5VevjoXkIYAhW2Q8QVKePKHYiXO25HaaeQ4urOqk3e9VgV4mqcW/c/rgZJfs mkIfn1O3hXo5aZmFYVMnCJcIYggh6bGqZy6GO/Btlg8VTacB5eoriAXKi8zghFBy lGRdswSXCaSPnR8QFdxj2HYH1mOfoZdntOTT6X3CKM4Gntvil7at/XwDU3dUrYE= =hTm6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016115754.GH1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fwd: Us congress hearing of maan alsaan Money laundry قضية الكونغجرس لغسيل الأموال للمليادير معن الصانع
*موقع اليوتيوب الذي عرض فيديوهات جلسة استماع الكونجرس الأمريكي * * لمتابعة نشاطات غسل الأموال ونشاطات* *السعودي معن عبدالواحد الصانع* *مالك مستشفى وشركة سعد ومدارس سعد بالمنطقة الشرقية** بالسعودية * * ورئيس مجلس ادارة بنك اوال البحريني* *وتعليق محطة سي ان بي سي التلفزيونية* *مترجم باللغة العربية* US Congressional Hearing of Saudi billionaire" maan Al Sanea " and Money Laundering with bank of America With Arabic Subtitles http://www.youtube.com/watch?v=mIBNnQvhU8s -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAEfki2-qUiPf18LK3-%3DcteXRxNRF0jt5waYedVNAc8Paa9hNEQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] ssh/proxy VM ( direct traffic to AppVM)
*by this method -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e9c254f-69ee-4921-9348-242d7b0e6bee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] ssh/proxy VM ( direct traffic to AppVM)
*by this method -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b6fef9e-a453-4d81-868b-8b65d537df85%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] ssh/proxy VM ( direct traffic to AppVM)
*by this method -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3802c436-77bb-4ec1-924f-bf1b471229be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Setup Fails to Install netvm, firewallvm, work, personal, etc - Fedora 23 Error
That was the problem, thank you! I re-burned the ISO on to my USB drive and problem solved. It must have been an issue with dd the first time. Issue closed/solved. Thanks again! On Monday, November 21, 2016 at 10:17:00 PM UTC-5, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Mon, Nov 21, 2016 at 06:17:53PM -0800, wrote: > > Trying to install Qubes 3.2 > > > > -Lenovo P70 with nvidia graphic card > > -Followed recommended settings for Lenovo bios: > > https://www.qubes-os.org/doc/thinkpad-troubleshooting/ > > -Intel SSD (not NVME) > > -Followed instructions here to get qubes to boot > > https://www.qubes-os.org/doc/uefi-troubleshooting/ > > > > -After install but before reboot I add the Xen flags as recommended on that > > page: > > Edit /mnt/sysimage/boot/efi/EFI/qubes/xen.cfg and add to every kernel > > section: > > mapbs=1 > > noexitboot=1 > > > > Then I reboot and qubes setup continues normally until it gets to setting > > up the TemplateVMs > > > > I get the following error: > > > > ['/usr/bin/qubes/pref','--set','default-template','fedora-23'] failed: > > stdout:"" > > stderr: "A VM with the name 'fedora-23' does not exist in the system" > > > > Here is the error: http://imgur.com/a/zgE6Q > > > > > > When I click OK, the setup says that it has completed and boots to the > > desktop but I have none of the VMs that were supposed to be setup (none > > that are based on Fedora). > > > > Resulting Qubes VM Manager: http://imgur.com/a/sxkVM > > > > I cannot get online to do any updates because there is no way to set up a > > NetVM > > > > I have > > -dom0 > > -debian-8 Template > > -whonix-gw Template > > -whonix-ws Template > > > > Do NOT have > > -NetVM > > -FirewallVM > > -Fedora 23 Template > > -Work > > -Personal > > -Untrusted > > -Vault > > > > Is there any way to fix this and get all the defaults? (I'm happy to > > reinstall rather than trying to set it all up manually) > > Are you sure about installation media integrity? Having some of > templates, but not others suggests broken installation media (namely: > broken/missing Packages/q/qubes-template-fedora-23-rpm file). > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJYM7inAAoJENuP0xzK19csVjEH/in/Igq4vChFn9no2hSWqH0j > k0WkPAQwFPAo258ZfdJWxZIPCLLK44X+VM3RFMrAXvsypboXBUQA6/rK9GAA+HWc > OcrTyrcGfk5qkAOWPLk8SdzZX9bIUhmJYrXGUwuYAmMcv3SqWkPLjz8JDaNawUoi > TvY7jIL0hCm6b4BszBNB9BjXSH0h5bcPlg1wM879SRZKqYH1/8eEt68kY0FhIuwc > TSXV8uWB0ha2+oLnY28xahGmvdm458BbGJ+lZIlYpFSQYrbDgIyltC0BPaiZTFO6 > 54k5tfkzsWJpziw+FGEK69QjVQSTNQasv6srh7wKmw/0qRXRDloK7TX/OwGI2V4= > =I5Go > -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e8424e17-c6d4-442e-bd04-791d94623158%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4 with Grsec could make a big splash
Will this be using the latest linux kernel since grsecurity only provide the latest version free. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0808903a-585b-4e2d-84ea-9f138033e62f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Warning when launching applications
I'm not sure if this is the expected behavior. When a VM is starting up, if I launch an application from the Applications menu, it gives me this error: > domain '' qrexec not connected I also get a warning in the VM Manager. (See attached.) I imagined that the applications would queue while the VM started up, then launch when it was ready. Is there a reason it doesn't work this way? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41e15372-e25d-65a7-a7a6-9a433654ecf5%40lorentrogers.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: installing nvidia
W dniu wtorek, 22 listopada 2016 19:23:15 UTC+1 użytkownik nezn...@xy9ce.tk napisał: > > Did you enable fullscreen for the machine you use to watch youtube videos? > > No, but even when i click "fullscreen" in the youtube in the window of > firefox - i getting "stuck" video. > Also some video-services like Vimeo, Coub, Hitbox stream - i can't watch even > without fullscreen try adding the allow_fullscreen parameter in either qvm-prefs or in /etc/qubes/guid.conf file -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c55e50f9-8ca3-4e6f-8b81-3ae1c39dfbd2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4 with Grsec could make a big splash
On Tuesday, November 22, 2016 at 8:57:56 PM UTC+2, kev27 wrote: > I saw this being retweeted by the Qubes account on Twitter. Can Grsec support > still land in Qubes 4.0, or should we expect it for 4.1 or 4.2, etc? > > I think if Grsec would be enabled by default in Qubes, it would be no > question that Qubes is the most secure operating system out there. Forgot to add the link: https://twitter.com/coldhakca/status/801107979126784000 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a42439da-ce7a-4909-9439-94929aef9f50%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 4 with Grsec could make a big splash
I saw this being retweeted by the Qubes account on Twitter. Can Grsec support still land in Qubes 4.0, or should we expect it for 4.1 or 4.2, etc? I think if Grsec would be enabled by default in Qubes, it would be no question that Qubes is the most secure operating system out there. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fda0358a-0bbc-4d69-a607-1cf03c4f3289%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Stuck during boot with processor stuck
logs till crash rjd@rjd-GL752VW:~$ journalctl -D /media/rjd/5ce4e7fe-aa0d-42d1-97f0-5c9197677697/var/log/journal/219d2a92843f491aaf97807aa063449c -- Logs begin at Fri 2016-11-18 19:08:26 GMT, end at Sun 2016-11-20 10:30:15 GMT Nov 18 19:08:26 dom0 systemd-journal[216]: Runtime journal is using 8.0M (max al Nov 18 19:08:26 dom0 systemd-journal[216]: Runtime journal is using 8.0M (max al Nov 18 19:08:26 dom0 kernel: x86/PAT: Configuration [0-7]: WB WT UC- UC WC W Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpuset Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpu Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpuacct Nov 18 19:08:26 dom0 kernel: Linux version 4.4.14-11.pvops.qubes.x86_64 (user@re Nov 18 19:08:26 dom0 kernel: Command line: root=/dev/mapper/qubes_dom0-root rd.l Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[3]: 960, xstate_sizes[3]: Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[4]: 1024, xstate_sizes[4]: Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x01: 'x87 floati Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x02: 'SSE regist Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x04: 'AVX regist Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x08: 'MPX bounds Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x10: 'MPX CSR' Nov 18 19:08:26 dom0 kernel: x86/fpu: Enabled xstate features 0x1f, context size Nov 18 19:08:26 dom0 kernel: x86/fpu: Using 'eager' FPU context switches. Nov 18 19:08:26 dom0 kernel: Released 0 page(s) Nov 18 19:08:26 dom0 kernel: e820: BIOS-provided physical RAM map: Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x-0x00057fff] us Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x00058000-0x00058fff] re lines 1-23...skipping... -- Logs begin at Fri 2016-11-18 19:08:26 GMT, end at Sun 2016-11-20 10:30:15 GMT. -- Nov 18 19:08:26 dom0 systemd-journal[216]: Runtime journal is using 8.0M (max allowed 196.7M, trying to leave 295.0M free of 1.9G available → current limit 196.7M). Nov 18 19:08:26 dom0 systemd-journal[216]: Runtime journal is using 8.0M (max allowed 196.7M, trying to leave 295.0M free of 1.9G available → current limit 196.7M). Nov 18 19:08:26 dom0 kernel: x86/PAT: Configuration [0-7]: WB WT UC- UC WC WP UC UC Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpuset Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpu Nov 18 19:08:26 dom0 kernel: Initializing cgroup subsys cpuacct Nov 18 19:08:26 dom0 kernel: Linux version 4.4.14-11.pvops.qubes.x86_64 (user@release) (gcc version 5.3.1 20160406 (Red Hat 5.3.1-6) (GCC) ) #1 SMP Tue Jul 19 01:14:58 UTC 2016 Nov 18 19:08:26 dom0 kernel: Command line: root=/dev/mapper/qubes_dom0-root rd.lvm.lv=qubes_dom0/root rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[3]: 960, xstate_sizes[3]: 64 Nov 18 19:08:26 dom0 kernel: x86/fpu: xstate_offset[4]: 1024, xstate_sizes[4]: 64 Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x01: 'x87 floating point registers' Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x02: 'SSE registers' Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x04: 'AVX registers' Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x08: 'MPX bounds registers' Nov 18 19:08:26 dom0 kernel: x86/fpu: Supporting XSAVE feature 0x10: 'MPX CSR' Nov 18 19:08:26 dom0 kernel: x86/fpu: Enabled xstate features 0x1f, context size is 1088 bytes, using 'standard' format. Nov 18 19:08:26 dom0 kernel: x86/fpu: Using 'eager' FPU context switches. Nov 18 19:08:26 dom0 kernel: Released 0 page(s) Nov 18 19:08:26 dom0 kernel: e820: BIOS-provided physical RAM map: Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x-0x00057fff] usable Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x00058000-0x00058fff] reserved Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x00059000-0x0009dfff] usable Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x0009e000-0x000f] reserved Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x0010-0x72693fff] usable Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x72694000-0x72694fff] ACPI NVS Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x72695000-0x726defff] reserved Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x726df000-0x72730fff] usable Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x72731000-0x72b71fff] reserved Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x72b72000-0x758d9fff] usable Nov 18 19:08:26 dom0 kernel: Xen: [mem 0x758da000-0x76368fff] reserved Nov 18 19:08:26 dom0 kernel: Xen: [mem
Re: [qubes-users] Qubes Security Bulletin #27
I know the developers at ITL have their hands busy with this right issue right now, but I have a (long winded) curiosity question in hope to gain some context when you get a chance to think about it. I can see that in this particular potential exploit one might use a client vm's PCI device to exploit an emulated instruction, then used to generate a memory offset that potentially could be used as a pointer to break out of the Xen hypervisor jail. Correct? My question here would be whether the Xen FLASK subsystem might have given some level of protections against this kind of "emulated" instruction exploit, given that labeling of virtual devices and memory is supported (e.g. flask-label-pci). I realize you may need to give client VMs access to pci devices in general, and this particular pci label does not protect against use of pointers to memory, but could the client call then be restricted to just the necessary IO memory in this case, and thus forcing an AVC denial fault when that generated pointer is actually used outside that range? Or are these emulated instructions running in a hypervisor context that would ignore its own FLASK policy? I am merely asking the above because when it comes to security I am definitely a belt and suspenders kind of person. My way of thinking would be to instrument the system such that the FLASK subsystem, in both the client VM's and in Xen itself, would feed back into an active intrusion detection mechanism, so that any fault could instantly freeze a client VM for forensic analysis purposes. An intruder is going to try certain things, like jiggling door knobs so to speak, and in this particular case just trying to access any pci device that has not explicit permissions set, the system would trap the intruders process, caught right in the very act of trying to take ownership of the hypervisor. Exploit code still loaded in memory, source code possibly still available, network context still in tack. Game over. You loose. Please try again! From the Xen FLASK docs: "Device Labeling in Policy - FLASK is capable of labeling devices and enforcing policies associated with them. There are two methods to label devices: dynamic labeling using flask-label-pci or similar tools run in dom0, or static labeling defined in policy. Static labeling will make security policy machine-specific and may prevent the system from booting after any hardware changes (adding PCI cards, memory, or even changing certain BIOS settings). Dynamic labeling requires that the domain performing the labeling be trusted to label all the devices in the system properly." and... "The AVC denials for IRQs, memory, ports, and PCI devices will normally contain the ranges being denied to more easily determine what resources are required. When running in permissive mode, only the first denial of a given source/destination is printed to the log, so labeling devices using this method may require multiple passes to find all required ranges." My thoughts. In the default permissive mode (in XSM:FLASK & SELinux) all avc's generated could be collected and used to auto-generate a security policy file (e.g audit2allow) specifically for that particular system and installed software. When installing a new subsystem a user would place the system/clientVM in this special collection mode, run and exercise the system for a period of time to allow all the proper avc's to be identified, then run the avc's it collected back through a policy generator. Last of all they install that new security policy and activate it. This way the system knows all features that user/system needs explicit permissions for, and anything outside of that set would by default create avc events that either centrally warn the owner of a potential intrusion or for just certain faults, immediately freeze the intruders client VM process in place. Carbonite the exploit toolkit right in place. The absolute worst possible situation to be in is being hacked _and_ not knowing it. A good mechanism for detection is paramount if you want to prevent that. You may not be able to prevent software bugs from being exploited, but you don't need to give the intruder the chance to clean you out and take it all. Active policy could simply slam the lid on the cookie jar and limit the damage done. In Qubes we deliberately give sudo/root capability by default to the general user, which is great for the user, but not so great if an intruder knows how to become persistent and invisible within a VM. That is rather easy once you have used Qubes and understand its file system design. If they are editing /rw/usr/local, and it were labeled as off limits for write by root, and the system actively trapped an intruders attempt to hook into it, then we would all be much better off not needing to do useless tripwire on everything, and wasting valuable CPU time while still missing the files the
[qubes-users] Re: Problem creating Win7 HVM
As a new QubesOS user I recently found my self stuck at the same windows logo when installing win7 for the second time, after removing the first win7 hvm. I ended up reinstalling QubesOS from scratch and then the same win7 media booted flawlessly... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9feaf2b6-71e0-4ac4-b130-c804985203c7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: installing nvidia
> Did you enable fullscreen for the machine you use to watch youtube videos? No, but even when i click "fullscreen" in the youtube in the window of firefox - i getting "stuck" video. Also some video-services like Vimeo, Coub, Hitbox stream - i can't watch even without fullscreen -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2fa5e04-8542-4880-9ff8-7c521b5509ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: installing nvidia
> Did you enable fullscreen for the machine you use to watch youtube videos? No, but even when i click "fullscreen" in the youtube in the window of firefox - i getting "stuck" video. Also some video-services like Vimeo - i can't watch even without fullscreen. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1125de31-e65d-4060-9784-c97ec9a62623%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Dell Inspiron 5423
Video ok Networking ok Energy Management ok Second Monitor Dell ok HDMI ok Mouse USB ok UEFI and Legacy boot ok Crypt ok bluetooth Mic webcam not working (great ;-) I don't need this ) Thanks a lot Qubes Team. -- Amilton Justino https://br.linkedin.com/in/amiltonjustino -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAH_11fDCk%3D%2BBNDWmK8h%3Dgs0K%2Bef%3DSHc5Bucbf_wYqrHw_oNa%2Bw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Dell_Inc_-Inspiron_5423-20161122-115500.yml Description: application/yaml
Re: "What does "supported" mean"? was: Re: [qubes-users] Fedora 24 Template for Qubes 3.1?
I tried to upgrade a Qubes 3.1 system to use FC24 a while back, and dnf itself broke badly, stating something about not having a python "Goal", having something to do with the python module missing some feature or module. The template was therefor unusable, since it could not be maintained. I don't have access to that machine right now so I can't give you the exact error message. Because of this the upgrade broke and the system was unable to install or upgrade anything after that, except by using other software installers from KDE/Gnome, but could never get dnf reinstalled/upgraded and happy. Without having access from there to a 3.2 system I was unable to determine what packages needed fixing within dnf to get past that. I tried this several times, and even did some local RPM installs to try and fix dnf, and all attempts failed the same way. I also tried backing up a 3.2 FC24 template and restoring it to that 3.1 machine but 3.1 failed to even start the vm. Obviously I needed to replace the Qubes 3.2 components for it to start as a 3.1 template. That also went nowhere. At this point, upgrading all existing systems to at least FC24 is important since today FC25 just was announced, and therefor FC23 support is ending. If I get time I will be looking at upgrading a Qubes 3.2 template to FC25, unless anyone knows a reason that will not fly? I figure it could not hurt to try. Steve On 11/21/2016 10:25 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 21, 2016 at 04:45:33PM +0100, Achim Patzner wrote: Am 20.11.2016 um 21:16 schrieb Joonas Lehtonen: Hi, since Qubes 3.1 is supported until 2017-03-29 This is a question I always wanted to ask: What does “support” mean in relation to Qubes? Security fixes? Plus bug fixes? Plus feature upgrades? That's a good question. Surely not major changes in behaviour (new features etc). But for the other two categories I'd say yes. AFAIR there was some major incompatibility in qubes-core-vm package in R3.1 preventing it being fully compatible with Fedora 24 (and requiring a change falling far outside of "bug fixes" category). But after brief test, it looks like my memory fails me (maybe that was about R3.0?) and the only needed thing was replacing tabs with spaces in one file: https://github.com/QubesOS/qubes-gui-agent-linux/commit/16c98bc7ebebc0c4025ab02ec2e5bbf4dc9a77d2 So, expect Fedora 24 template being supported in R3.1 soon too :) - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYM7qrAAoJENuP0xzK19csMZgH/RryNKJq9wsrnJ9T4djHvSRh HbHvWe+CEfLGnbbO7DIKMrSJr2iJAVcTTuevu4JrI6wSeN48IK5/OzFYqgM6RJiG UFfDCYwM6VnfA5dSIko6XdpZOqFGURJ/ZGDHb+UOMP/CImz6r/COQ4e18kzrLEMZ SeV3SlKpQ6yJgmzTp37Q0LtwmjdTlJ04NTYAPLdaig/gbu2O2prsj8coxP5+d8Ll osWaPTAP8sD4C6JObQawBWJyH1OQnG3eb2bweXHtBWltUP2dCU5m88xDISDr8ZOt jc+ZshW1sKoQEJWrW+WyJgkf1zqfJRxNEj6GUiRUGkZkAVNk5XZAm51CzE5pVQA= =OJdh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8832f60f-5e0a-df0d-439c-5490578aee21%40jhuapl.edu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Qubes R3.1] Installation problem: "NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s!"
On Saturday, May 14, 2016 at 1:48:37 PM UTC+3, Danny Eagle wrote: > Full error message: > [5578494253.737246] NMI watchdog: BUG: soft lockup - CPU#2 stuck for 22s! > [NetworkManager: 1057] > > After choosing "Install Qubes" option this message pops up. > I'm installing it on desktop not laptop. > > If i take "Check hardware and install Qubes" I get to second window and it > freezes. Same bug here. Sometimes it says CPU#2, sometimes CPU #5. I algo get [Xorg 1224] at the end. It's a more recent Asus laptop with Core i7 6700HQ (Skylake) CPU. I should also mention that when I get the installation menu it says "processing" for installation source, and when I select it, it only gives me options for DVD, local iso, an network install - but I'm trying to install from a USB. What's up with that? The installation did boot from the USB and I chose DD mode in Rufus. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc13c28b-98b8-4095-8e53-248bdeba35db%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Security Bulletin #27
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/22/16 06:13, Chris Laprise wrote: > On 11/22/2016 08:41 AM, Andrew David Wong wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >> On 11/22/16 05:37, Chris Laprise wrote: >>> On 11/22/2016 07:44 AM, Marek Marczykowski-Górecki wrote: Dear Qubes users, We have just released a new Qubes Security Bulletin (QSB #27): https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt >>> Updates not visible yet... >>> >>> I'm assuming if I have Xen 4.6.3-21 from testing, the update from standard >>> repo should go OK. >>> >>> >> Did you make sure to enable the qubes-dom0-security-testing repo? I was able >> to download the updates just a few minutes ago. >> > > No, I didn't. Although the QSB mentions the upload to security-testing it > also says: > "The packages are to be installed in Dom0 via qubes-dom0-update command or > via the Qubes graphical manager." > > ...which somehow didn't suggest I use --enablerepo on the command line. > > Anyway, its downloading now. > I'm not quite sure what you're getting at, but I think it's worded that way intentionally. You're not required to download the updates as soon as they become available. There's a reason the standard procedure is for them to sit in security-testing for a while before they move to the stable repo. Only users who are willing to test the packages should download and install them at this point. Once they move to the stable repo, no one will have to use --enablerepo to get them. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNFigAAoJENtN07w5UDAwC2MQAKTyLMecuWuQ/wUqi6wGzX62 n6jvV8sUzBrObDhpm9pSslHW83A/tTtMA+MT7K10J8R6rrL+nRC0I74z0n8Kkw7w 70wdw6Fe9YYwOx0CqhRY+TIt1RGiYldg0YCSn+pKp7uCX5jese16xP5i3ORf3U41 XqNjG15BbZK0LqAYiznAk5JSyEL7Et3TUbeEFXTar/FjpsYXxFcUk3OL23/4cCvY naveHT6HpdAODDu6T+qTwI4M6RIFh1CLZhlaW+tAXSZgQ4gWk2NvIX7k213hN/GL 1vrrleFAtFpRjR/yXTUeYRcAKQ/v8yDMDSaZnJWyjMMgrpt1HyhwzgtoEsveFPiK w7DJO86HihuhvvXg4YVFxmgCMZCJkBhma98hW/rVfYIx6qvlGRKq4lZLjpiXplgq hhgag32GqNrEA+cSHB3fURrIgTEw+5e90BULZcSDzc+BWg02QQBNcnIYjF00gcGd z88r5MjqdqqTfeYZgANfdhehZCZrEVhoxYiO45QkUiYJoh4hVO3cKNmjJsMty23s Uqbh0sIrPmV9v3awT6cSjFL3mMEknazEqZgBdPbeD8PTuZHLDp3hKd4XpewhHGsx kvXiB+4q1svh4/HwTYMPy//84ldoodFmA+NVR/GyMAVp4UjQGhC+jrSMO+erNac3 cIfyDm9VCmG4XcJc61Pc =WJm4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/93528179-44b7-92e3-66d9-9d9b720cef16%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Security Bulletin #27
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/22/16 05:37, Chris Laprise wrote: > On 11/22/2016 07:44 AM, Marek Marczykowski-Górecki wrote: >> Dear Qubes users, >> >> We have just released a new Qubes Security Bulletin (QSB #27): >> >> https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt >> >> - -- > > Updates not visible yet... > > I'm assuming if I have Xen 4.6.3-21 from testing, the update from standard > repo should go OK. > > Chris > Did you make sure to enable the qubes-dom0-security-testing repo? I was able to download the updates just a few minutes ago. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNEsdAAoJENtN07w5UDAwvcAP/RYlA4ZKz4d/7atCTnGZV7tI cCYYaUYoL91Q0VfLYIWGkcJbXvs0cpodGDdKapYEFztESMRLZ7fR0+L3zAcftA9k gEAc12qt2KtcJW2TrYOzcg0lI1OZp7a54VWLjuiRgTfYJutpcZIl77rnbm+qGDzg MDH+4jgIelWIDL/oLCgmQ4mxR3lxGCpROC4XTcG/GTdV1YgWUnuMWp92FHcfkuwM 1eilKs3MXsy/0Yyo09eEq6AaX2oa9xje/9Qf2DLACzhPiJJ3VTMSbbz6yYVyFlLz yj/PU5b1PPJYWBW5YKGWZFFQ3azYffHNlxXLXJ+zAb7+wusI67aDZAbxqr8fCTMN pBI3yYg3QH2m66nsEOBwSmAChLo5hbkEWpun7OpQ4MBRDZ212Xi0WlEpCzBAQb90 SyjSnCNe3OpMWSOu9NWw3W0w7wbofEZXajAwV7v2bjTr2BjNCn09g3/yNZu4qq1i Dd0wvDdJGrNcSZCMMP1Imhg3aWQt/QcXpxmT1oGYoBET78hO9K31VzQG2hi8/i/d zN0x07Bdi+ueFViQFDf7YtpH4rFRvXzxwCz1elG6TyV785e1XHK5i8DKFKG9+Uq6 zDVh6U2W7OxCUYCIcqHC/LD8fPDva1+om2Q21E8RwVVBYeuQxdsUMlouPgpaA0op q/jhRTlQr6cTCNW5uKfA =NLON -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ac9f367-0e2e-e5d1-b857-716dd990fa79%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Security Bulletin #27
On 11/22/2016 07:44 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Qubes users, We have just released a new Qubes Security Bulletin (QSB #27): https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt - -- Updates not visible yet... I'm assuming if I have Xen 4.6.3-21 from testing, the update from standard repo should go OK. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74ebd3e1-7171-df87-0e11-5933d9c5913b%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Security Bulletin #27
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Qubes users, We have just released a new Qubes Security Bulletin (QSB #27): https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYND2gAAoJENuP0xzK19csZDEH/3khwJcaCdDCLuueMOxQD41D pA0/uTck63+SvwcUTaCDldWD4RznX4H4F/JQvZz4xjv/xHDkPkeWC9PlGU+g9k+m yr9U7ae33tLmSrYS/rinVtu0dJp4ttY3iisr2S+3/ZjU7ZFM46fPhMkXQnUcMrI/ ezSfyLVDWHC/LdmYoKZ6mNHZUN3ioILPmb6NsS1cIOA6aEB6XuFdgdq0DvnoIusb Shb7h6eGiX4K2WhmToem5g2zg5DsVarUq+TLtZG0aPae8iywf7fHGtGT6KGhPHBL swyGvR/V2+kFOPaG+1c2C7+2t2wE1DrNvz7rWnX6uMG84R0x89MqqJzcH5ZwM10= =mkFF -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161122124415.GA8194%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)
Thank you very much, your solution worked (actually I had to give virsh -c xen:/// undefine trim-fedora-23 and not virsh -c xen:/// undefine fedora-23-fstrim and then I had to manually remove the trim-fedora-23 files in /var/lib/qubes/appvm). The problem started when I decided to make a little script to automatize the trim process for all my templates at once, but it is evident that I must have made some mistake while doing it :D Anyway, a "global trim function", as well as a "global update function" would be very helpful, updating/trimming of templates can be quite time consuming! Cheers, Fab. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/53fffefd-49a7-4422-82d1-1e2eacc144a2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-trim-template fails (Qubes 3.2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 22, 2016 at 01:47:52AM -0800, Fabrizio Romano Genovese wrote: > Hello all, I'm basically having the same error described here: > https://github.com/QubesOS/qubes-issues/issues/1910 > > When I try to perform qvm-trim-template on any template, the error > > 'libvirterror operation failed: domain 'fedora-23-fstrim' already exists with > uuid ' > pops up. As in the linked thread, rebooting doesn't help. I don't understand > the proposed solution. I tried to remove the temporary vm (that in my case it > has name trim-template-name) giving > > 'qvm-remove trim-template-name' > > but I get the error > > 'A VM with the name 'trim-template-name' does not exist in the system.' > > Can you help me? My Template VM are becoming a bit too big now... When you started to have this problem? Was previous trim operation interrupted? Anyway, try this: virsh -c xen:/// undefine fedora-23-fstrim - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYNBerAAoJENuP0xzK19cs7+QH/AlIugr9MjRTSRrG0TuD4HUv D/7GgKZXd82VjrFPCn/HSCXFGORD/AUJMQuqdq/D0Wt1BmbOPaEbYOmllOHlPggP FOmoEsGvAB0eV2boF8z9eVxyDT/FfWJx2OG4ioNR9wqRXv6mMER/Hn+GiRh2v9+b 9a88ZSHaINRJfGz6FSjY4tLgZSUCJrsoPAh5JkTJEu+ndAt7EcJVcyjDSSgR3NNX ErWMwjurAuEspAnATuUNJGU5tPI5aX8+mAKO0tl9PF6B/H4o5eMu11eELX8+Hbn4 hYv+af+0hSi2hDWvbMqjOQcrJEvwlANggywq97uJD4NgDvOirqiBjAxgQ+++cNE= =053l -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161122100218.GW1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qvm-trim-template fails (Qubes 3.2)
Hello all, I'm basically having the same error described here: https://github.com/QubesOS/qubes-issues/issues/1910 When I try to perform qvm-trim-template on any template, the error 'libvirterror operation failed: domain 'fedora-23-fstrim' already exists with uuid ' pops up. As in the linked thread, rebooting doesn't help. I don't understand the proposed solution. I tried to remove the temporary vm (that in my case it has name trim-template-name) giving 'qvm-remove trim-template-name' but I get the error 'A VM with the name 'trim-template-name' does not exist in the system.' Can you help me? My Template VM are becoming a bit too big now... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/26eeb42b-9e46-410c-aee2-42a616e63307%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: "What does "supported" mean"? was: Re: [qubes-users] Fedora 24 Template for Qubes 3.1?
Marek Marczykowski-Górecki: > So, expect Fedora 24 template being supported in R3.1 soon too :) Thank you! Looking forward to the announcement. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc4ed7bf-7a05-ee23-6730-5bbe9094c584%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature