Re: [qubes-users] Fedora "/tmp"

[Alex]

On 01/10/2017 12:20 AM, Drew White wrote:
> Hi folks,
> 
> I want to increase the size of the tmpfs for the system, but I am
> unsure of how that would be done in Qubes so that it sticks.
> 
> I altered the FSTAB but it didn't keep the settings after reboot.
> 
> It's a standalone guest, it should be persistent.
> 
> What do I do please?
> 
Hi Drew;
that's another one of the wonderfully undocumented effects of systemd.

Long story short: edit
/usr/lib/systemd/system/tmp.mount.d/30_qubes.conf, and set size=$manyG

Long story: systemd performs mounts with .mount unit files; by default,
if no "Options=" setting is specified, the parameters are read from
/etc/fstab like an old school distro.

But, if "Options=" is specified, those options are merged with the ones
in /etc/fstab. In the case of Qubes, these options are further
customized in the $name.mount.d/ directory; since those options do
specify the tmpfs size, this setting overrides the one set in /etc/fstab.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9ff6eed0-fa3d-b6b9-ced1-5dff080fd530%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: HCL - Toshiba Satellite C55A

[Nicklaus McClendon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 01/09/2017 08:12 PM, Caleb Thompson wrote:
> Update: I'm trying to figure out why the report says I have no
> IOMMU when my BIOS says I'm set to VT-x. Are they different things?
> Is an IOMMU something I can take my computer to a computer store to
> have added to it?

Intel VT-d provides IOMMU support on Intel chips. If your processor
does not support IOMMU/VT-d, you will need to get a new processor, it
isn't something that can just be added.

- -- 
kulinacs 
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlh0OmwACgkQuXLc0JPg
Mlam5g/6Aq8bFB6Lz6TV6UlgGYYnnkibeVFHoJ2fKXUcE8NiW6kiv+ykzOLLhCtb
bqiQniJvbh4tFwg7YRkD9bFMapx3expyG1y1cAbY1IzpKJ4Ljc8D59Zn7xy+oy+/
zyS0EHakVHy7zYXiI+hVh+E781QDqdxroed5niAP76sd3xmIIKGchvJVfBrTXS2o
GPOSVm0+9Y2IVRiBINPF+4XlsMcWrdI8CuvLIBGq3AKh2ZAyZklUTVAD9ByeT9zx
2uz22QwPbbz18y3c2aJpS4PZqsfLvtUtVjXbqBqOGetXIklQkp68cSGXCNsrh7Ah
tnjyjRWOk6QAmRQ2l7Nt0wLTKVQZE0xuP2xClIjOzEOQJFhS/OjNjpF2MAv1WDr0
ZU2Owj3etTuHCJ7GKGz6kx7kEzovgf5fHaC14yxGk08BaaEOCEvIj6/TU7RXfF21
OawfCKrpaLuQO/YqbgGozKsxi7GXHBZV/q/9ApfBfy0enZdrUKDFFgSQtBubeGI9
EoKichPSyqEYPQGozUXztLtp2B3nXUkXvnZ7umPgQPdUZS1UI92Mbt6nPrQUvqoL
btwJrxaVB6v0ldvOJtPdUbJBhh8imQM45Vcw3JFKlRRDcUw+q1YXgEaBqvP7sEWJ
4wJpIaLDoLAt8a7NUeDrj7+hEGZEdY/+NqI2IqgaEmwYwNKkKNs=
=FlOO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c3a6ca43-e3ff-3f38-0baf-cf858bf455ae%40kulinacs.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - Toshiba Satellite C55A

[Caleb Thompson]

Update: I'm trying to figure out why the report says I have no IOMMU when
my BIOS says I'm set to VT-x. Are they different things? Is an IOMMU
something I can take my computer to a computer store to have added to it?

On Mon, Jan 9, 2017 at 7:02 PM, Caleb Thompson  wrote:

> Hello,
>   I'm still new to Qubes and not sure if any problems I'm having are my
> own vs with harware vs with software so if it's okay I'll send feedback
> about that stuff once I know more what I'm talking about.
>Thanks for the new OS,
>
>Caleb
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CALF0EXwDKhF8kAKNX%3D00ti%2BXtzjmm%2B8OeE6H0Q7EUptDGoLgVA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

[Drew White]

On Tuesday, 10 January 2017 10:47:58 UTC+11, Connor Page  wrote:
> Sorry Drew, you asked what needs to be installed to make another dom0, not 
> the bare minimum that is required.

I'm sorry that I was not more specific when I said "needs". It can be taken 
multiple ways, I should have been more precise.


>Every Qubes specific package provides a list of prerequisites and version 
>conflicts.
That is true, but that's why I'm curious about it to know.

>For instance,
> Name: qubes-core-dom0
> Version:  %{version}
> Release:  1%{dist}
> Summary:  The Qubes core files (Dom0-side)
> 
> Group:Qubes
> Vendor:   Invisible Things Lab
> License:  GPL
> URL:  http://www.qubes-os.org
> BuildRequires:  ImageMagick
> BuildRequires:systemd-units
> # FIXME: Enable this and disable debug_package
> #BuildArch: noarch
> Requires(post): systemd-units
> Requires(preun): systemd-units
> Requires(postun): systemd-units
> Requires: python, pciutils, python-inotify, python-daemon
> Requires:   qubes-core-dom0-linux >= 3.1.8
> Requires:   qubes-core-dom0-doc
> Requires:   qubes-db-dom0
> Requires:   python-lxml
> Requires:   python-psutil
> # TODO: R: qubes-gui-dom0 >= 2.1.11
> Conflicts:  qubes-gui-dom0 < 1.1.13
> Requires:   libvirt-python
> %if x%{?backend_vmm} == xxen
> Requires:   xen-runtime
> Requires:   xen-hvm
> Requires:   libvirt-daemon-xen >= 1.2.20-6
> %endif
> Requires:   createrepo
> Requires:   gnome-packagekit
> Requires:   cronie
> Requires:   bsdtar
> # for qubes-hcl-report
> Requires:   dmidecode
> Requires:   PyQt4
> 
> Dom0 is created by installing qubes tools that pull in their dependencies and 
> so on. Yum Extender in dom0 can give you all the prerequisites. Of course 
> here we rely on developers being precise when defining them.

That is true. 

Thing is, I'd be building it from code, which is why I need to know. Because 
not everything is as simple as using an RPM or other package like that. And 
there are no SRPMs so that's another thing that makes it not work well for what 
I need to do to get the packages installed to create a new Dom0.

But that's just the way things go unfortunately.

I can but try.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3512337-8c6d-482b-9951-3fa1bfc8969b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Toshiba Satellite C55A

[Caleb Thompson]

Hello,
  I'm still new to Qubes and not sure if any problems I'm having are my own
vs with harware vs with software so if it's okay I'll send feedback about
that stuff once I know more what I'm talking about.
   Thanks for the new OS,

   Caleb

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CALF0EXzLt%3DBUYTrS%3DNNdQdWiWx0OH6%3DSsn0qD3AeLVPgXZG2hQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-TOSHIBA-Satellite_C55_A-20170109-185257.yml
Description: application/yaml

[qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

[Connor Page]

Sorry Drew, you asked what needs to be installed to make another dom0, not the 
bare minimum that is required. Every Qubes specific package provides a list of 
prerequisites and version conflicts. For instance,
Name:   qubes-core-dom0
Version:%{version}
Release:1%{dist}
Summary:The Qubes core files (Dom0-side)

Group:  Qubes
Vendor: Invisible Things Lab
License:GPL
URL:http://www.qubes-os.org
BuildRequires:  ImageMagick
BuildRequires:  systemd-units
# FIXME: Enable this and disable debug_package
#BuildArch: noarch
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires:   python, pciutils, python-inotify, python-daemon
Requires:   qubes-core-dom0-linux >= 3.1.8
Requires:   qubes-core-dom0-doc
Requires:   qubes-db-dom0
Requires:   python-lxml
Requires:   python-psutil
# TODO: R: qubes-gui-dom0 >= 2.1.11
Conflicts:  qubes-gui-dom0 < 1.1.13
Requires:   libvirt-python
%if x%{?backend_vmm} == xxen
Requires:   xen-runtime
Requires:   xen-hvm
Requires:   libvirt-daemon-xen >= 1.2.20-6
%endif
Requires:   createrepo
Requires:   gnome-packagekit
Requires:   cronie
Requires:   bsdtar
# for qubes-hcl-report
Requires:   dmidecode
Requires:   PyQt4

Dom0 is created by installing qubes tools that pull in their dependencies and 
so on. Yum Extender in dom0 can give you all the prerequisites. Of course here 
we rely on developers being precise when defining them.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7df0a801-2325-4a52-b144-27f266ed1506%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fedora "/tmp"

[Drew White]

Hi folks,

I want to increase the size of the tmpfs for the system, but I am unsure of how 
that would be done in Qubes so that it sticks.

I altered the FSTAB but it didn't keep the settings after reboot.

It's a standalone guest, it should be persistent.

What do I do please?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/868cad1b-9b80-49a6-bd9c-8648b04a60b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

[Drew White]

On Friday, 6 January 2017 19:59:43 UTC+11, Connor Page  wrote:
> why wouldn't you consult the list of actually installed packages?
> https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/conf/comps-qubes.xml

Can you, from that, tell me what are REQUIRED for Qubes-OS to be fully 
functional?

If you can, then you must be able to see something that I am not able to.

While that may have a list of a lot of packages, it doesn't say what versions 
are required.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2e27788-d7d2-4944-9064-4bad294c6e0c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Expand the size of /dev/mapper/qubes_dom000-root - out of space

[dumbcyber]

On Monday, 9 January 2017 08:38:12 UTC-5, Unman  wrote:
> On Mon, Jan 09, 2017 at 01:12:38PM +0100, Alex wrote:
> > On 01/09/2017 01:03 PM, Bernhard wrote:
> > > Hello, I am not expert, but often such differences are explained by
> > > the following calculation: 1 KB is 2^10 = 1024 bytes and not 1000.
> > > While this difference is little, in third power it becomes big: 2^30
> > > * 53= 56,908,316,672 so *real* 53 GiB are approx 60 * 10^6 bytes
> > > which sometimes are called GB al well ...  Bernhard
> > > 
> > > On 01/09/2017 12:02 PM, dumbcyber wrote:
> > >> I built Qubes on a 64Gb USB stick. I then successfully cloned the
> > >> stick to an external SSD drive using Clonezilla. The SSD drive is
> > >> 500Gb in total size.
> > >> 
> > >> As a result my /dev/mapper/qubes_dom000-root on the SSD is only
> > >> 53Gb in total size according to "df -h" in dom0.
> > >> 
> > >> I used gparted on another linux machine to extend the size of this
> > >> partition (qubes_dom000) to the full size available. Gparted then
> > >> shows 57Gb used and 360Gb free.
> > >> 
> > >> I boot off the SSD into Qubes and run "df -h" again but it still
> > >> shows only 53G total size.
> > >> 
> > >> Is there a "right" way to extend the size of
> > >> /dev/mapper/qubes_dom000-root, if in fact its at all possible?
> > >> 
> > >> Thanks in advance.
> > >> 
> > > 
> > The problem here is not the rounding (yes, usb pen drives are usually
> > measured with the SI interpretation of the multiplication prefixes) but
> > the enlargement of the filesystem.
> > 
> > dumbcyber wrote that he correctly adjusted the partition size, but
> > that's not enough; the filesystem on it has to be resized as well.
> > 
> > I'm not an expert with lvm either, but online guides can be found on
> > resizing LVM volumes and filesystems...
> > 
> > -- 
> > Alex
> > 
> 
> Assuming that the LV has been succesfully resized then resize2fs is what
> you need.

Thanks, ran this from dom0 and worked fine.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cfeaf6e0-bfb8-4c9a-be4f-ce22a87e45d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: debian-8 template problem

[Daniel Moerner]

On Monday, January 9, 2017 at 4:33:08 PM UTC-5, haaber wrote:
> Hello,
> I come back to my video-player problem. While I understand that qubes
> won't ship fedora software that fedore accepts only in rpmfusion, there
> seems an easy solution to my concrete problem: use the debian8 template
> since they ship mplayer2 for example without trouble ...
> 
> However, when I shut down the appVM and change its template to debian8,
> I can not even open a terminal. The appvm seems to run, qubes vm manager
> says, but no application is visible. When I revert it back all is
> normal. Since this is a fresh install (5 days old), I probably do some
> newbe error; so I appreciate some hint of yours. Thank you, Bernhard

Hi,

This is something that confused me at first too. When you switch the template 
of an appVM, the menus can't automatically update. Although Debian and Fedora 
both have gnome-terminal, they are actually invoked slightly differently from 
the menu (as you can see in ~/.local/share/applications in dom0).

What you need to do is open "Add more shortcuts" for the appVM after changing 
the template. It will then show the new applications, including the terminal, 
and let you add them.

Daniel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/834a78c3-bbdf-4d76-91cc-64d1f8f57ef1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Problem Bringing PCI device back to dom0

[trbooth]

As seen here 
(https://www.qubes-os.org/doc/assigning-devices/#bringing-pci-device-back-to-dom0),
 I am getting an error on line 4: no file or directory.

echo : > /sys/bus/pci/drivers/pciback/unbind
MODALIAS=`cat /sys/bus/pci/devices/:/modalias`
MOD=`modprobe -R $MODALIAS | head -n 1`
echo  > /sys/bus/pci/drivers/$MOD/bind 

I'm certain I've got the correct BDF as I have the pre-netvm.service working 
fine etc. The contents of "modprobe -R $MODALIAS" are "bcma", but there is no 
"bcma" directory. There is, however, a bcma-pci-bridge directory.

I'm not sure what the next step is. Could anyone point me in the right 
direction?

Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/500b35a6-f6fc-4f44-a54b-bc3a60fef554%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] debian-8 template problem

[haaber]

Hello,
I come back to my video-player problem. While I understand that qubes
won't ship fedora software that fedore accepts only in rpmfusion, there
seems an easy solution to my concrete problem: use the debian8 template
since they ship mplayer2 for example without trouble ...

However, when I shut down the appVM and change its template to debian8,
I can not even open a terminal. The appvm seems to run, qubes vm manager
says, but no application is visible. When I revert it back all is
normal. Since this is a fresh install (5 days old), I probably do some
newbe error; so I appreciate some hint of yours. Thank you, Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb791699-5d06-287b-6be7-f9a28e645b63%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Allow connections to update proxy not being respected!

[Unman]

On Mon, Jan 09, 2017 at 07:09:41PM +, 5xe89r+1y7rhqhfisytc via qubes-users 
wrote:
> Got it now! :D 
> 
> I set this up by myself because I want to force all the traffic to go through 
> the vpn (that is installed on the sys-fw). I've created a custom iptables 
> rule white-listing all traffic originated from the templateVMs on dport 8082 
> and now it works as expected! 
> Many thanks for the valuable help Unman!
> 
> Btw, strangely when the vpn is first set via the networkmanager that INPUT 
> rule that white-lists everything to the dport 8082 is created. However when 
> after that another AppVM is started the rule is trashed.
> Any idea why this is happening? 
> 
> Many thanks!
> 

You've hit the effect of the qubes-firewall service. This updates
iptables following the addition of a downstream qube.
To work around this you need tom out your custom rules in to
/rw/config/qubes-firewall-user-script, and make it executable.

This is in the docs at www.qubes-os.org/doc/firewall

If you have a consistent setup then you could save the rules as you want
them, load them from rc.local and /rw/config/qubes-firewall-user-script
and disable the  qubes-firewall service.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170109201850.GA8696%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AEM boot doesn't load serviceVM's since Xen 4.6.3

[Lorenzo Lamas]

On Sunday, December 4, 2016 at 10:27:19 PM UTC+1, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Sun, Dec 04, 2016 at 07:49:13AM -0800, Lorenzo Lamas wrote:
> > Since upgrading to Xen 4.6.3-21 from Xen 4.6.1-20, booting with AEM fails 
> > to start serviceVM's(netVM, usbVM, firewallVM). When the boot process 
> > finally completes, trying to manually launch the VMs through VM Manager 
> > doesn't work either. When I choose to boot without AEM, everything works as 
> > expected. Problem remains with the latest Xen 4.6.3-24.
> > It is on a HP Elitebook 8460p with IOMMU running Qubes 3.2
> > 
> > I'm not very familiar with Linux, so if you want logs, please tell me where 
> > to find them.
> 
> What exactly you get when starting sys-net manually? Also, take a look
> at /var/log/libvirt/libxl/libxl-driver.log and
> /var/log/xen/console/hypervisor.log for any related messages. For
> example you can use `tail -f` while starting sys-net manually, to see
> what messages will show up there:
> 
> sudo tail -f /var/log/libvirt/libxl/libxl-driver.log
> /var/log/xen/console/hypervisor.log
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab

Not trying to be impatient or rude, but do the logs give any useful information?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1bccfe92-d284-4099-ab72-27b0953631a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Allow connections to update proxy not being respected!

[5xe89r+1y7rhqhfisytc via qubes-users]

Got it now! :D 

I set this up by myself because I want to force all the traffic to go through 
the vpn (that is installed on the sys-fw). I've created a custom iptables rule 
white-listing all traffic originated from the templateVMs on dport 8082 and now 
it works as expected! 
Many thanks for the valuable help Unman!

Btw, strangely when the vpn is first set via the networkmanager that INPUT rule 
that white-lists everything to the dport 8082 is created. However when after 
that another AppVM is started the rule is trashed.
Any idea why this is happening? 

Many thanks!






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com//abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13af6503579c8de256be20d88137f9bdf87%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Allow connections to update proxy not being respected!

[Unman]

On Mon, Jan 09, 2017 at 04:48:32PM +, 5xc9wd+2ok6e via qubes-users wrote:
> I'm a bit lost. 
> I have indeed some AppVMs to use the updates proxy(which is installed in the 
> sys-fw), but not for all of them (only for those that are allowed).
> So I don't know how this is performed as expected and why should I need to 
> create a specific rule to workaround this? Shouldn't these be created when I 
> marked on the qubes-manager which appvms are allowed to use the updates-proxy?
> 
> 
> 
The firewall rule created governs connections THROUGH the firewall -
that's why it is in the FORWARD chain.
You are running the proxy ON the firewall - did you set this up or was
it done for you? The automatically created rules don't govern access in
this case.
If you want this set-up and you want to control access then you will
have to provide custom rules. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170109183749.GC7346%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Bug - Qubes fails to boot if a USB Audio device is connected to the PC

[raahelps]

On Sunday, January 8, 2017 at 12:14:17 PM UTC-5, Grzesiek Chodzicki wrote:
> W dniu niedziela, 8 stycznia 2017 18:03:47 UTC+1 użytkownik Andrew David Wong 
> napisał:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> > 
> > On 2017-01-08 08:30, Grzesiek Chodzicki wrote:
> > > I know that this sounds rather bizarre, but my Qubes instance
> > > consistently gets stuck after GRUB menu if a USB Audio device is
> > > connected to the computer. So far I have a 3/3 repro rate on that.
> > > What type of logs/information should I gather from my machine in
> > > order to troubleshoot that? XL dmesg does print a RMRR warning
> > > about USB controllers
> > > 
> > > Qubes 3.2 Kernel 4.8.12-12 I use a sys-usb AppVM with all
> > > controllers hidden from Dom0.
> > > 
> > 
> > Is your sys-usb set to autostart? If so, try disabling that to see
> > whether the system can boot.
> > 
> > - -- 
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> > -BEGIN PGP SIGNATURE-
> > 
> > iQIcBAEBCgAGBQJYcnDpAAoJENtN07w5UDAw8NcP/iQTveiRfsgdJbeweJC84k6V
> > d3UdLc8i7OrFuh4Cya0opcH341OKvCid4Rv3jIVAhRhE+TSVgobKQkXXEEE9UO8u
> > 8l2ugFuUg3gYUv//WIJUmCNZXRXTTT7Tk7JFjXXhyKUjrkD1B9oAhlVPcK3UaUiQ
> > 2lkAgMWVPDpo9mJMoc4GaQlWZX9sDwJ14M75lMa0lPtbN93nmFOOiye6FNIQ20bH
> > pmbuu6bfyI1w53bVMA84HZIXs1msvXfLLO2CaVksntEk8TaiO/MBM8wmXYA9IQrF
> > I3yxsAVm6pjqlkAIABTkGzM6wOrUeHQjgqTewvmQYO+ch5K00r/Jy2/zZwmNYOOx
> > p/qHn0q82GcITe73xDTD2vp6QILkqV3VCeFBPc9JzqrFYYRONtPr3vDyD48EJ2Nb
> > ButtRJXAxqe6QIkfWs614tfZYWzHMgOVSHokiGnoHMIG5OfU8jDD+ywwzLGyt+2Y
> > QZsAL7dKVxxfEybAFIacumC0HyAIJWtbZDcfl6mnP3qmrGbIo8PebzwpOGCkDMFu
> > NS4aC+dmqJQSqfl2yufNYbr+2eZGoPmhE206qfIL0KBM3Cch8M2RytEXHjyBCH4s
> > u5SGaOALrvlM5zWADoTWyhd6PEg9EWEHkl9vo2MkFYq90o7/VIzWQBX15H5uCsYJ
> > wIyI9Itq6I/JD32gR2i0
> > =lqgz
> > -END PGP SIGNATURE-
> 
> Hello Andrew,
> 
> The issue still occurs after disabling autostart of the sys-usb AppVM.

Did you make sure you followed these directions?  
https://www.qubes-os.org/doc/external-audio/

what type of bios boot are you using?  Try legacy boot.How much ram does 
your system have?  

What if you just remove the sys-usb and try booting qubes without it while 
device is attached?

Did you create it manually?  After removing the sys-usb vm then rebooting and 
seeing if qubes boots with the usb attached. Then recreate sys-usb using qubes 
commands
qubesctl top.enable qvm.sys-usb  
qubesctl state.highstate
and repeat audio device instructions.

Try disabling vt-d to identify the bios iommu as possibly the problem.  
Doublecheck bios options.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8d244fe-8900-4b55-a379-b5e083dd043b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Can NOT get Broadcom BCM43602 Wifi Card working , DELL XPS 15 9950- Qubes sys-net freezes/ crashes

[qmastery16]

Tuesday, 4 August 2016, 17:45:39 UTC+3 kelo wrote:
> anyone knows a solution to get it working somehow with this specific dell xps 
> 15 wirless card the 
>  Broadcom BCM43602 .  Im not an expert with anything terminal related.

Broadcom wireless cards always require proprietary closed drivers, which are 
probably not just full of backdoors but also contain a lot of badly written 
code with security vulnerabilities and bugs. Their hardware is not good 
either... maybe Broadcom could be acceptable for Windows users, but it really 
sucks for Linux ! At the same time, wireless cards of Atheros ath9k family - 
are running on 100% open source drivers, and giving a quite good quality/power 
of signal. https://wikidevi.com/wiki/Atheros <--- from this list, I recommend 
Atheros AR9462, it is the best card of ath9k family - supports 2.4GHz & 5GHz 
WiFi networking, as well as Bluetooth 4.0 . It works flawlessly with QubesOS, I 
have tested it. AR9462 could be received from AliExpress or eBay for less than 
$10, shipping included, so there are no reasons to continue struggling with low 
end Broadcom card - that was shipped with your laptop only because it was among 
the cheapest options for laptop's manufacturer (only a few people care about 
preinstalled wireless cards, so the manufacturers are usually going for the 
cheapest offer, which is often Broadcom)

The only catch there is: your manufacturer could have installed a WiFi card 
whitelist in your BIOS, which prevents booting your computer if non-listed 
wireless card has been found. However, it is possible to mod your BIOS file and 
break this artificial limitation - either by removing whitelist completely, or 
disabling a check for it, or altering the whitelist to replace device IDs of 
whitelisted WiFi card with device ID of your new WiFi card. Luckily, there are 
already a lot of BIOS'es with whitelist removed, available at bios-mods site 
and other websites, so if your laptop's model is relatively popular - you are 
likely to find that someone already did that work for you. Also, in some lucky 
cases, your laptop is supported by Coreboot or Libreboot project - which do not 
contain any whitelists, and could replace the manufacturer's BIOS...

>From what I see online, XPS 9550 does not have any WiFi card whitelist. Good 
>for you ;)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6b93015-e9bf-4d60-9d2c-f01dcddc81aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Allow connections to update proxy not being respected!

[5xc9wd+2ok6e via qubes-users]

I'm a bit lost. 
I have indeed some AppVMs to use the updates proxy(which is installed in the 
sys-fw), but not for all of them (only for those that are allowed).
So I don't know how this is performed as expected and why should I need to 
create a specific rule to workaround this? Shouldn't these be created when I 
marked on the qubes-manager which appvms are allowed to use the updates-proxy?






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com//abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1af199fcdeb99d8bfd2c15f61dbc53e8f59%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Allow connections to update proxy not being respected!

[Unman]

On Mon, Jan 09, 2017 at 03:31:10PM +, 5xb562+7dpfa via qubes-users wrote:
> Oh, well spotted! Thx :)
> 
> So what is the option "Allow connections to update proxy" doing if the INPUT 
> chain allows all traffic destined to 10.137.255.254 ?
> Isn't this a flaw? Is there a way to avoid this?
> 

Well, it's there to cover the case where the firewall is between your
qube and the updates proxy. In this case you are running the proxy
service on the firewall, and you have the qube configured to use the
updates proxy, so it is performing as expected.

The standard proxy is only there to provide some level of filtering:
less now than it used to.
If you don't want to use the updates proxy, either stop it running on the
firewall, or remove the Proxy setting on the qube/template. If you dont
want to do either you will have to introduce a custom rule in the chain
to make sure that there isnt any translation for your source IP.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170109161751.GA7346%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Use an remote PULSE Audio server

[Ángel]

Robert Mittendorf wrote:
> The second and third post were send as a new mail (not a reply).
> Why do these mails appears as answers here?

Where is "here"? The google groups web interface?


> The first post was send as a reply to the mailing list, changing the
> topic and expecting to create a new thread, my bad. Sorry.
> But I do not understand why the other mails end up in this other thread
> as well, as they were created using a new mail just c the body of the
> old mail.

They are not. Whatever is grouping them in the same thread is probably
"fixing" the thread for you trying to be smart based on the subject.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1483978083.1209.2.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Allow connections to update proxy not being respected!

[5xb562+7dpfa via qubes-users]

Oh, well spotted! Thx :)

So what is the option "Allow connections to update proxy" doing if the INPUT 
chain allows all traffic destined to 10.137.255.254 ?
Isn't this a flaw? Is there a way to avoid this?






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com//abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/387df7920c6b9922f7d96591f0fed2c75b36%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Use an remote PULSE Audio server

[Robert Mittendorf]

The second and third post were send as a new mail (not a reply).
Why do these mails appears as answers here?

The first post was send as a reply to the mailing list, changing the
topic and expecting to create a new thread, my bad. Sorry.
But I do not understand why the other mails end up in this other thread
as well, as they were created using a new mail just c the body of the
old mail.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/057f72c8-8c6a-3c9b-889e-5ec64071be31%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.