[qubes-users] Idiot's guide to Ubuntu 16.04 TemplateVM on Qubes 3.2

2017-02-24 Thread 'Qubes Lovitt' via qubes-users
Qbuntu guide posted on reddit -- 
https://www.reddit.com/r/Qubes/comments/5vzg04/idiots_guide_to_installing_qbuntu_ubuntu_1604/




Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Yy3aUMrgWEeoEYvQyuzgUbRI3mq_pXop8AHQBlcMTq_cuWdlW07N2j2rNeSF5HTAtTy-DVh8nw7mUzmORwiG1bpfH2xSGGginudj6x9-WJI%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Two qubes multinoot

2017-02-24 Thread Oleg Artemiev
Hi.

If I want to run VMs from one Qubes in another - would it be possible to
have different coloring for the same VM in different Qubes OS instances?

Is this possible from a VM to attack Dom0 by altering VM image files  or
this is just files and adversary able to rewrite image in one Qubes has no
option to appear outside VM when it is loaded in another Qubes OS instance?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6Orj8H2iPsnP3oCByY1WRC8%3Db_AzWCz8mutkvMwGkmrBA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: qubes-rufus-windows7

2017-02-24 Thread Oleg Artemiev
On Feb 23, 2017 10:07 PM, "руслан шатдинов"  wrote:

четверг, 23 февраля 2017 г., 20:45:43 UTC+3 пользователь руслан шатдинов
написал:
> hello
> i wrote QubesOS on my USB-flash with DD-form option, but Windows7 doesnt
see this USB-flash-disk
> but
> ACRONIS can see this disk
>
> why it doesnt for windows?


Why you need win7 to bother w/ Qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6M48P1S3O86bZnP-LbO6TSLeqRQ%2BcjsA-xph%2BhookBiLQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Dual boot and two swaps?

2017-02-24 Thread Oleg Artemiev
Say I've one enrypted swap and one not from other linux.

Would Qubes ignore unencrupted swap from other distribution or I should
make it to? If so - how do I?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6M50sky3pR9kdWFsHy4b1sMKkQiG1RkoHkocjwZvmQBWw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: shrink ntfs from qubes - what do use for this?

2017-02-24 Thread Oleg Artemiev
On Sat, Feb 4, 2017 at 7:45 PM, Oleg Artemiev  wrote:
> Last time I wanted such a thing I was using a tool like partition
> magic (boot from toolset disk). It was a few years ago. Is there a
> relatively safe way to shrink a win7 partition from linux w/o
> destroyng already installed win7 or current linux tools for this are
> known to be not stable enough?
>
> Installing windows on my laptop is a long timewaste - once did it for
> games and would like to avpoid it.
finally win7 allows shrinking partitions from its disk management.


-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6Pk6vce1mNW%3DWReiY7kWKxTBqUP%2BQ8TZ4GQ-Cg98-0SrA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Backup error - where is the log?

2017-02-24 Thread Zbigniew Łukasiak
I removed some templates - and now there is no error about no disk
space - but when restoring I still get the same error.

It might be indeed about the path fed to tar - because when creating
the archive I also get errors when I try to archive to a file in the
current dir without giving the full path - it looks like the variable
base_backup_dir does not get initialized, see below for the output.
Backing up worked when I gave it a full path - still failing at
restoring time.

Z.

==

[zby@dom0 ~]$ qvm-backup -x dom0 -x anon-whonix  -x sys-net -x
sys-firewall -x sys-whonix -x python-anaconda backup
--+--+--+
   VM | type | size |
--+--+--+
untrusted |AppVM | 16.0 KiB |
 personal |AppVM |0 |
myovm |AppVM |  5.0 GiB |
my-new-vm |AppVM |  9.9 GiB |
 exch |AppVM |315.8 MiB |
--+--+--+
  Total size: |15.1 GiB |
--+--+--+
VMs not selected for backup:
anon-whonix
debian-8
debian-8-python
dom0
fedora-23
fedora-23-dvm
python-anaconda
sys-firewall
sys-net
sys-whonix
whonix-gw
whonix-ws
Traceback (most recent call last):
  File "/usr/bin/qvm-backup", line 218, in 
main()
  File "/usr/bin/qvm-backup", line 141, in main
stat = os.statvfs(os.path.dirname(base_backup_dir))
OSError: [Errno 2] No such file or directory: ''


On Fri, Feb 24, 2017 at 9:27 AM, Marek Marczykowski-Górecki
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Fri, Feb 24, 2017 at 08:23:00AM -0500, Zbigniew Łukasiak wrote:
>> Ok - I tried the command line version - the output is below. The same
>> error I see in ~/.xsession-errors. It looks to work correctly with the
>> symlinked tmp - but still fails somehow - maybe the archive is
>> corrupted.
>>
>> I tried to re-make the bacup from commandline, and this reports
>> "qvm-backup: export error: [Errno 28] No space left on device" - even
>> though I have enough space on both the /home and the /var/tmp
>> partitions. See below for details - I mounted quite a big partition on
>> /var/tmp. Maybe it somehow still uses the root partition. I did not
>> see that error when running backup from Qubes Manager - but maybe the
>> problem was still there and it was corrupting the backup.
>>
>>
>>
>>
>> [zby@dom0 ~]$ qvm-backup-restore qubes-2017-02-22T111605 --verify-only 
>> --debug
>> Please enter the passphrase to verify and (if encrypted) decrypt the backup:
>> Checking backup content...
>> Working in temporary dir:/var/tmp/restore_RxbZ1b
>> Extracting data: 1.0 MiB to restore
>> Run command[u'tar', u'-ixvf', 'qubes-2017-02-22T111605', u'-C',
>> u'/var/tmp/restore_RxbZ1b', u'backup-header', u'backup-header.hmac',
>> u'qubes.xml.000', u'qubes.xml.000.hmac']
>> Got backup header and hmac: backup-header, backup-header.hmac
>> Verifying file /var/tmp/restore_RxbZ1b/backup-header
>> Loading hmac for file /var/tmp/restore_RxbZ1b/backup-header
>> File verification OK -> Sending file /var/tmp/restore_RxbZ1b/backup-header
>> Creating pipe in: /var/tmp/restore_RxbZ1b/restore_pipe
>> Getting new file:qubes.xml.000
>> Getting hmac:qubes.xml.000.hmac
>> Verifying file /var/tmp/restore_RxbZ1b/qubes.xml.000
>> Started sending thread
>> Moving to dir /var/tmp/restore_RxbZ1b
>> Loading hmac for file /var/tmp/restore_RxbZ1b/qubes.xml.000
>> File verification OK -> Sending file /var/tmp/restore_RxbZ1b/qubes.xml.000
>> Getting new file:
>> Waiting for the extraction process to finish...Extracting file
>> /var/tmp/restore_RxbZ1b/qubes.xml.000
>>
>> Running command [u'tar', u'-xkv',
>> u'../../../../var/tmp/restore_RxbZ1b/qubes.xml']
>
> This path looks strange. AFAIR it's calculated as "path to
> /var/tmp/restore_RxbZ1b/qubes.xml, relative to /var/tmp/restore_RxbZ1b".
> Have you actually mounted something on /var/tmp, or used a symlink? You
> can use mount --bind if you don't want to mount the whole device there.
> And be sure do to it before launching qvm-backup-restore, not during it.
>
>> ===
>>
>>
>> [zby@dom0 ~]$ df
>> Filesystem 1K-blocks  Used Available Use% Mounted on
>> devtmpfs 2002988 0   2002988   0% /dev
>> tmpfs2014408308256   1706152  16% /dev/shm
>> tmpfs2014408  1316   2013092   1% /run
>> tmpfs2014408 0   2014408   0% /sys/fs/cgroup
>> /dev/dm-1   95989516  92623640 0 100% /
>
> Having / full is a problem anyway. Even if large files are placed in
> /var/tmp. You need to clean up something - maybe old content of
> /var/tmp? Or some old logs in /var/log?
>
>> tmpfs201440852   2014356   1% /tmp
>> xenstore   

Re: [qubes-users] Disable sys-net autostart?

2017-02-24 Thread Oleg Artemiev
Just asked the same question and then found this thread. %)Thanks for
answer. Could you be so kind to provide more details:

>> Since I created the net VM I'm unable to boot anymore. It hangs during the 
>> sys-net startup. The error message I get after a few minutes is:
>> BUG: soft lockup - CPU#1 stuck for 22s! [libvirtd:1769]
>> Anyone knows how to debug or fix this? The VM worked fine when started after 
>> the system was fully booted, it just fails if started during booting.
> There are a couple of open issues about this autostart issue.
> The simplest solution is to disable the auto start in
> /etc/systemd/system/qubes-netvm.service - you can edit the file or
> disable the service.
Netvm is autostarted by other qubes it is assigned to.

Is it possible to have something like "ask user" ?

Some times it's not good to have networking, but at the same time I'd
like to start other VMs that have this VM as net VM.

> If you do make sure that you aren't starting any
> other qubes that rely on sys-net. (That would include your clockVM.)
Could you point to a paper in dox that we should review to get a
deeper understanding of VM chains?

 I mean that some times I would like to override default start
procedure - how can I get this?

Is there any alternative to get into single mode and play with VM prefs?

Why the auto-start preference ingored by boot sequence - because OS
needs a clock VM?

-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6P9bMJMmmSjuTxEL8MrA8Z9%2B1T_7%2B3UyC%3DCePcQX-Mr_Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] sys-net, sys-firewall starting independent to start on boot in properties

2017-02-24 Thread Oleg Artemiev
How do I disable autostart of sys-net, sys-firewall? Qubes manager
setting seem to be ignored.
Qubes r3.2

-- 
Bye.Olli.
gpg --search-keys grey_olli , use key w/ fingerprint below:
Key fingerprint = 9901 6808 768C 8B89 544C  9BE0 49F9 5A46 2B98 147E
Blog keys (the blog is mostly in Russian): http://grey-olli.livejournal.com/tag/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABunX6NUvw0o%3DSXZF2fq7PPb9eVxmPQHrupMXy9tPv9c11SRkg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes using Cloudflare - Why?

2017-02-24 Thread taii...@gmx.com

https://arstechnica.com/security/2017/02/serious-cloudflare-bug-exposed-a-potpourri-of-secret-customer-data/
Wow.

It wouldn't have been such a big problem if cloudflare didn't have 
monopoly status.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f664f380-b880-b82e-bf17-3f282ef60d79%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Disable sys-net autostart?

2017-02-24 Thread 'Slideshowbob' via qubes-users
 Original Message 

Subject: Re: [qubes-users] Disable sys-net autostart?
Local Time: February 24, 2017 2:16 AM
UTC Time: February 24, 2017 1:16 AM
From: un...@thirdeyesecurity.org
To: Slideshowbob 
qubes-users@googlegroups.com 

On Thu, Feb 23, 2017 at 01:13:40PM -0500, 'Slideshowbob' via qubes-users wrote:
> Hi,
>
> is there a way to disable autostart for sys-net? Unticking the checkbox 
> (including VMs which might trigger a sys-net start) doesn't work. Also, what 
> are the security implications of doing this? Would network devices not in use 
> by sys-net appear in dom0?
>
> I'm trying to upgrade from 3.1 to 3.2 since the first RCs but the new version 
> somehow behaves bat shit crazy on my system (6440HQ, I/O MMU and HAP/SLAT 
> active on 3.1). As this is my main system and support for 3.1 comes to an end 
> soon I finally need to find a solution somehow.
>
> I was able to install und boot 3.2 by not creating the standard VMs in the 
> post installer setup tool. I created the sys-net VM manually and was able to 
> start/stop it without issues.
>
> Since I created the net VM I'm unable to boot anymore. It hangs during the 
> sys-net startup. The error message I get after a few minutes is:
>
> BUG: soft lockup - CPU#1 stuck for 22s! [libvirtd:1769]
>
> Anyone knows how to debug or fix this? The VM worked fine when started after 
> the system was fully booted, it just fails if started during booting.
>
> Greets,
>
> slideshowbob
>

There are a couple of open issues about this autostart issue.

The simplest solution is to disable the auto start in
/etc/systemd/system/qubes-netvm.service - you can edit the file or
disable the service. If you do make sure that you aren't starting any
other qubes that rely on sys-net. (That would include your clockVM.)
That way at least your Qubes will start up and then you can start the
individual qubes.
If you cant boot at all, you should be able to boot from a live distro,
mount the drive and edit that file in place.

Hope this helps

unman

Thanks for your response!

Would the hardware assigned to the net VM gain access to dom0 by disabling 
autostart?

I've got some noobish questions about that part of the security concept, maybe 
someone could explain that:
Is a pci device in dom0 able to do bad stuff if there's no driver loaded in 
dom0 using the device (I'd assume yes)?
How is dom0 protected from malicious pci devices during the time frame between 
starting xen and starting the related net VM?
I just noticed that lspci (in dom0, v3.1) shows the device which is currently 
assigned to my running net VM. Is that supposed to be the case? Are there xen 
commands to show which pci devices are actually active and which VMs they're 
assigned to?
While writing this I noticed there's 'xl pci-assignable-list'. Are those the 
currently non active pci devices?

On a side note, I'm currently still on 3.1, the 3.2 installation is on a usb 
stick for testing purposes. I want to solve all issues before I make the switch 
(can't have the main system in a broken state for long). Some time ago I made a 
regular 3.2 installation to hard disk and had the same issue so I assume it's 
not related to the usb installation.

slideshowbob

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ufWTP-w1O9FvAURK_61ft0JTHPK7o6m_0LdHemlaDGCmi6dhk50qEibYNdoATzPIwoRQcrWXOaH29Mp7J_mwI-OJRtX0-3PG3yaJBqAnmqg%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Backup error - where is the log?

2017-02-24 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Feb 24, 2017 at 08:23:00AM -0500, Zbigniew Łukasiak wrote:
> Ok - I tried the command line version - the output is below. The same
> error I see in ~/.xsession-errors. It looks to work correctly with the
> symlinked tmp - but still fails somehow - maybe the archive is
> corrupted.
> 
> I tried to re-make the bacup from commandline, and this reports
> "qvm-backup: export error: [Errno 28] No space left on device" - even
> though I have enough space on both the /home and the /var/tmp
> partitions. See below for details - I mounted quite a big partition on
> /var/tmp. Maybe it somehow still uses the root partition. I did not
> see that error when running backup from Qubes Manager - but maybe the
> problem was still there and it was corrupting the backup.
> 
> 
> 
> 
> [zby@dom0 ~]$ qvm-backup-restore qubes-2017-02-22T111605 --verify-only --debug
> Please enter the passphrase to verify and (if encrypted) decrypt the backup:
> Checking backup content...
> Working in temporary dir:/var/tmp/restore_RxbZ1b
> Extracting data: 1.0 MiB to restore
> Run command[u'tar', u'-ixvf', 'qubes-2017-02-22T111605', u'-C',
> u'/var/tmp/restore_RxbZ1b', u'backup-header', u'backup-header.hmac',
> u'qubes.xml.000', u'qubes.xml.000.hmac']
> Got backup header and hmac: backup-header, backup-header.hmac
> Verifying file /var/tmp/restore_RxbZ1b/backup-header
> Loading hmac for file /var/tmp/restore_RxbZ1b/backup-header
> File verification OK -> Sending file /var/tmp/restore_RxbZ1b/backup-header
> Creating pipe in: /var/tmp/restore_RxbZ1b/restore_pipe
> Getting new file:qubes.xml.000
> Getting hmac:qubes.xml.000.hmac
> Verifying file /var/tmp/restore_RxbZ1b/qubes.xml.000
> Started sending thread
> Moving to dir /var/tmp/restore_RxbZ1b
> Loading hmac for file /var/tmp/restore_RxbZ1b/qubes.xml.000
> File verification OK -> Sending file /var/tmp/restore_RxbZ1b/qubes.xml.000
> Getting new file:
> Waiting for the extraction process to finish...Extracting file
> /var/tmp/restore_RxbZ1b/qubes.xml.000
> 
> Running command [u'tar', u'-xkv',
> u'../../../../var/tmp/restore_RxbZ1b/qubes.xml']

This path looks strange. AFAIR it's calculated as "path to
/var/tmp/restore_RxbZ1b/qubes.xml, relative to /var/tmp/restore_RxbZ1b".
Have you actually mounted something on /var/tmp, or used a symlink? You
can use mount --bind if you don't want to mount the whole device there.
And be sure do to it before launching qvm-backup-restore, not during it.

> ===
> 
> 
> [zby@dom0 ~]$ df
> Filesystem 1K-blocks  Used Available Use% Mounted on
> devtmpfs 2002988 0   2002988   0% /dev
> tmpfs2014408308256   1706152  16% /dev/shm
> tmpfs2014408  1316   2013092   1% /run
> tmpfs2014408 0   2014408   0% /sys/fs/cgroup
> /dev/dm-1   95989516  92623640 0 100% /

Having / full is a problem anyway. Even if large files are placed in
/var/tmp. You need to clean up something - maybe old content of
/var/tmp? Or some old logs in /var/log?

> tmpfs201440852   2014356   1% /tmp
> xenstore 2014408   240   2014168   1% /var/lib/xenstored
> /dev/sda11   1889292184884   1590388  11% /boot
> /dev/dm-3  288243040  67263564 206314468  25% /home
> tmpfs 402884 0402884   0% /run/user/991
> tmpfs 402884 8402876   1% /run/user/1000
> /dev/sda7  272256456 167991052  90412476  66% /home/zby/tmp

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYsELWAAoJENuP0xzK19cs4sIH/3xTOfvVJ3RmfzdoXAfz85Z2
QH1loLH347X5omAENt+4HwhzlTq84LZFGKwRWMEgSDQUuj67saas711x5+ybH47N
riswwTJfRC6SrEKPO27/QIN/JSGhCi1h+kmco9UxQSvaovSD0iSBoHsUui2iSvfL
4JfszFiWWVAsOZJu2nJdFOQPH7e69yKBC/hwMX+6PhP+FbhgmT8QZtIm6qWu3NGA
n69O00exgPVKVjv1zhz1QoBzZn9J/MCq+N5vx/Ur6zVb8dD7+Vwu/3fvMFeuxKbx
PJ7XXUQgVuiTxxc3GNfk0nrJqLSSAbn6HAmXDY6rtpcdXt1PyaYZDoxQkKtKJtY=
=nXLP
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170224142730.GO1146%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Backup error - where is the log?

2017-02-24 Thread Zbigniew Łukasiak
Ok - I tried the command line version - the output is below. The same
error I see in ~/.xsession-errors. It looks to work correctly with the
symlinked tmp - but still fails somehow - maybe the archive is
corrupted.

I tried to re-make the bacup from commandline, and this reports
"qvm-backup: export error: [Errno 28] No space left on device" - even
though I have enough space on both the /home and the /var/tmp
partitions. See below for details - I mounted quite a big partition on
/var/tmp. Maybe it somehow still uses the root partition. I did not
see that error when running backup from Qubes Manager - but maybe the
problem was still there and it was corrupting the backup.




[zby@dom0 ~]$ qvm-backup-restore qubes-2017-02-22T111605 --verify-only --debug
Please enter the passphrase to verify and (if encrypted) decrypt the backup:
Checking backup content...
Working in temporary dir:/var/tmp/restore_RxbZ1b
Extracting data: 1.0 MiB to restore
Run command[u'tar', u'-ixvf', 'qubes-2017-02-22T111605', u'-C',
u'/var/tmp/restore_RxbZ1b', u'backup-header', u'backup-header.hmac',
u'qubes.xml.000', u'qubes.xml.000.hmac']
Got backup header and hmac: backup-header, backup-header.hmac
Verifying file /var/tmp/restore_RxbZ1b/backup-header
Loading hmac for file /var/tmp/restore_RxbZ1b/backup-header
File verification OK -> Sending file /var/tmp/restore_RxbZ1b/backup-header
Creating pipe in: /var/tmp/restore_RxbZ1b/restore_pipe
Getting new file:qubes.xml.000
Getting hmac:qubes.xml.000.hmac
Verifying file /var/tmp/restore_RxbZ1b/qubes.xml.000
Started sending thread
Moving to dir /var/tmp/restore_RxbZ1b
Loading hmac for file /var/tmp/restore_RxbZ1b/qubes.xml.000
File verification OK -> Sending file /var/tmp/restore_RxbZ1b/qubes.xml.000
Getting new file:
Waiting for the extraction process to finish...Extracting file
/var/tmp/restore_RxbZ1b/qubes.xml.000

Running command [u'tar', u'-xkv',
u'../../../../var/tmp/restore_RxbZ1b/qubes.xml']
Removing file /var/tmp/restore_RxbZ1b/qubes.xml.000
ERROR: unable to extract files for
/var/tmp/restore_RxbZ1b/qubes.xml.000.(u'', u'tar:
../../../../var/tmp/restore_RxbZ1b/qubes.xml: Not found in
archive\n\ntar: Exiting with failure status due to previous errors\n')
Tar command output: %s
Process ExtractWorker3-1:
Traceback (most recent call last):
  File "/usr/lib64/python2.7/multiprocessing/process.py", line 258, in
_bootstrap
self.run()
  File "/usr/lib64/python2.7/site-packages/qubes/backup.py", line 931, in run
self.__run__()
  File "/usr/lib64/python2.7/site-packages/qubes/backup.py", line
1251, in __run__
"\n".join(self.tar2_stderr
QubesException: unable to extract files for
/var/tmp/restore_RxbZ1b/qubes.xml.000.(u'', u'tar:
../../../../var/tmp/restore_RxbZ1b/qubes.xml: Not found in
archive\n\ntar: Exiting with failure status due to previous errors\n')
Tar command output: %s
Extraction process finished with code:1
ERROR: unable to extract the qubes backup. Check extracting process errors.


===


[zby@dom0 ~]$ df
Filesystem 1K-blocks  Used Available Use% Mounted on
devtmpfs 2002988 0   2002988   0% /dev
tmpfs2014408308256   1706152  16% /dev/shm
tmpfs2014408  1316   2013092   1% /run
tmpfs2014408 0   2014408   0% /sys/fs/cgroup
/dev/dm-1   95989516  92623640 0 100% /
tmpfs201440852   2014356   1% /tmp
xenstore 2014408   240   2014168   1% /var/lib/xenstored
/dev/sda11   1889292184884   1590388  11% /boot
/dev/dm-3  288243040  67263564 206314468  25% /home
tmpfs 402884 0402884   0% /run/user/991
tmpfs 402884 8402876   1% /run/user/1000
/dev/sda7  272256456 167991052  90412476  66% /home/zby/tmp

[zby@dom0 ~]$ qvm-backup -x dom0 -x untrusted -x anon-whonix -x vault
-x personal -x work -x sys-net -x sys-firewall -x sys-whonix back -x
python-anaconda --debug
--+--+--+
   VM | type | size |
--+--+--+
myovm |AppVM |  5.0 GiB |
my-new-vm |AppVM |  9.8 GiB | <-- The VM is
running, please shut it down before proceeding with the backup!
 exch |AppVM |316.0 MiB | <-- The VM is
running, please shut it down before proceeding with the backup!
qvm-backup: export error: [Errno 28] No space left on device
--+--+--+
  Total size: |15.1 GiB |
--+--+--+
VMs not selected for backup:
anon-whonix
debian-8
debian-8-python
dom0
fedora-23
fedora-23-dvm
personal
python-anaconda
sys-firewall
sys-net
sys-whonix
untrusted
vault
whonix-gw
whonix-ws
work
ERROR: Please shutdown all VMs before proceeding.


On Thu, Feb 23, 2017 at 3:42 AM, Marek 

[qubes-users] Re: Question to Mirage OS firewall users

2017-02-24 Thread Foppe de Haan
On Tuesday, February 7, 2017 at 6:22:53 PM UTC+1, Thomas Leonard wrote:
> On Tuesday, February 7, 2017 at 4:51:06 PM UTC, Foppe de Haan wrote:
> > On Tuesday, February 7, 2017 at 5:24:58 PM UTC+1, Thomas Leonard wrote:
> > > On Tuesday, February 7, 2017 at 3:55:30 PM UTC, Foppe de Haan wrote:
> > > > Anyone else tried to use MirageOS i.c.w. a torrent client? I've 
> > > > allocated 60mb ram, but it crashes within 2-8 hours here, which is kind 
> > > > of disappointing.
> > > 
> > > Do the logs show an out-of-memory error when that happens? I haven't seen 
> > > one for a long time now, but maybe torrents stress it more than usual.
> > > 
> > > If so, it could be https://github.com/yomimono/mirage-nat/issues/17 - 
> > > there's a Mirage hackathon next month and I'm hoping to get some time to 
> > > work on this there.
> > 
> > Yes. "Fatal error: out or memory. Mirage exiting with status 2"
> 
> By the way, what version of the firewall are you using?
> If it's not qubes-mirage-firewall v0.2 then try upgrading first - there were 
> lots of OOM problems in v0.1.
> 
> > That said, 2 minutes earlier the log notes that memory use was still only 
> > at 16.7/38.2 MB.
> 
> The annoying thing about hashtables is the way they suddenly double in size. 
> Since you're allocating 60 MB to the firewall (I only use 20 MB for mine), 
> you could try adjusting the thresholds at these two lines:
> 
> https://github.com/talex5/qubes-mirage-firewall/blob/master/memory_pressure.ml#L41
> https://github.com/talex5/qubes-mirage-firewall/blob/master/memory_pressure.ml#L47
> 
> Change the 0.9 (allow 90% of memory to be used) to 0.4 in both places. If the 
> NAT table is the cause, that should make the problem go away.
> 
> > (Most of the log -- 90-95% -- consists of 'Failed to parse frame' messages, 
> > btw.)
> 
> "Failed to parse frame" probably means it saw an ICMP (not TCP or UDP) packet 
> and therefore didn't handle it. Another thing I'm hoping to fix soon... 
> https://github.com/yomimono/mirage-nat/issues/15

It looks stable now (uptime 3-4 days since last reboot, whereas before it only 
lasted ~8h max).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/947eea3e-08bb-401b-9823-69b1ef06e107%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes and ram

2017-02-24 Thread Holger Levsen
On Wed, Feb 22, 2017 at 05:37:17PM +, Holger Levsen wrote:
> echo $(((`(for VM in $(xl list|egrep -v "(Name|dom0)"|cut -d " " -f1) ; do 
> /usr/lib/qubes/qrexec-client -d $VM user:"/usr/bin/vmstat -s -S K" -t -T|grep 
> "used memory"|cut -d "K" -f1 ; done)|xargs echo|sed "s# #+#g#"`)/1024))MB used
 
misses the used memory in dom0, so better:

echo $(((`(for VM in $(xl list|egrep -v "(Name|dom0)"|cut -d " " -f1) ; do 
/usr/lib/qubes/qrexec-client -d $VM user:"/usr/bin/vmstat -s -S K" -t -T|grep 
"used memory"|cut -d "K" -f1 ; done)|xargs echo $(vmstat -s -S K|grep "used 
memory"|cut -d "K" -f1)|sed "s# #+#g#"`)/1024))

which is better done like this:

echo $(((`( vmstat -s -S K ; for VM in $(xl list|egrep -v "(Name|dom0)"|cut -d 
" " -f1) ; do qvm-run $VM -p "/usr/bin/vmstat -s -S K" ; done ) | grep "used 
memory" | cut -d "K" -f1 | xargs echo | sed "s# #+#g#"`)/1024))

which is also easier to understand I think ;) Essentially it runs vmstat
everywhere and adds up the numbers for "used memory", that's all.

And, it still should better read /proc/meminfo…


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170224120459.GA12227%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature