[qubes-users] Annoying exit code error when deny using VM-Sudo
Hello, Is it normal when deny the root access using 'VM-Sudo' method with the leak message like below? $ su /usr/lib/qubes/qrexec-client-vm failed: exit code 1 su: System error $ sudo su /usr/lib/qubes/qrexec-client-vm failed: exit code 1 sudo: PAM authentication error: System error Is there any other way on how to prevent this leak message from happened (i.e. without any message appear on the tty instead)? Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65e1df5c-ed28-9393-2376-3b48fa9d870f%40gmail.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Re: HCL - Dell Latitude 7480
On Monday, 20 March 2017 12:27:43 UTC+8, lok...@gmail.com wrote: > I have not been able to install Qubes 3.2 on this machine. > > The installer cannot start as the graphics card is not supported. The result > is that you get dropped into the text-based installer which does not work. > > This is kind of disappointing as this is a very light laptop that supports up > to 32 GB RAM, which would be very nice to have with Qubes. I forgot to include the actual specs for the machine I used for testing: Intel(R) Core(TM) i7-7600U CPU @ 2.80GHz 16 GB RAM Intel Integrated HD Graphics 620 Specs at: http://www.dell.com/sg/business/p/latitude-14-7480-laptop/pd -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cdf03343-0ab2-442c-aec2-8bcda3f546af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Dell Latitude 7480
I have not been able to install Qubes 3.2 on this machine. The installer cannot start as the graphics card is not supported. The result is that you get dropped into the text-based installer which does not work. This is kind of disappointing as this is a very light laptop that supports up to 32 GB RAM, which would be very nice to have with Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/003a1f65-7fc0-4390-b8ed-4e24bdf763d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-19 17:52, Andres MRM wrote: > Thanks for the reply, Andrew! > > [2017-03-19 19:13] Andrew David Wong: >> That's up to you. The pros and cons are, I think, pretty clearly >> laid out on the USB page. If you have specific questions that >> aren't addressed there, please feel free to ask. > > That's what I feared... =/ > > I think I have no option, for I can only forward the smartphone to > an "adb" qube if the USB controller is in a USB qube, right? (can't > do that from dom0) > Right. > Do the USB qube get reset every reboot (like a DVM)? That would > reduce the threat, I think... > By default, no. It's probably possible to script a disposable USB qube solution, though. > And about the commands' outputs, any idea if they really mean only > one USB controller? > I don't know for certain, but I think your machine (like the vast majority) probably has only one USB controller. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYzzq8AAoJENtN07w5UDAwq54QAKbGoC3Q3dkT4bKYZvY3FvSx k+25+pRAZgftPCjRBVrKMAVsINojuWlshTcCvYJrvs/Su308cD1yL+gzrZcdfpUg wlCdDNpgr8ysC9fwRsTTjL4IkiwQHXF4DSu/YeMxKBGW2BHL9z/JISQfx3abB4Qd XAjLFRuIWvnyrEekZyoyoszk7Ago1w+Ma7zjeSPZXf4WMLCg6YfmDWS+LU8tc/lu +Q0ic58NQVWxozC/ORGdjEddckBcZzL30t6hRCh6HeNhEXSHPRx/qhLgABmZzMjy v86HKl0MaCeN7DuxUQ84tnoCfuBgfZ3voZnoAkDp9Eraf4+cDp/u1615EfIH+EHX EqJlJhs6nmcEpFc84WBiqhlG/mqpayRLEbBHOSGQ/waLFLe/CutJ6jxqSfd5IKLg op+uq7ZK5CnwXwy03wY5NFIizxUysvkfNNZtJiAtq/nYIsPX3zfbIvWxGg2D+KkX 5O5eaawfomIRzd276/NSg1vXnOveTwdkUMGYq4jUTZpReG4pzFytx6RWrpkmGEtN PVnHE81FNq5qEH9v9k4OHyGWGkIks1sg/8dUEb72ts6YBewBTyVHHjJ89wsvFNoY OT7dN60jHn+OzShXaIJOWMdQvRYL3cOBQvtiiIMzRAko02bSTSShsMzJjmMTHgfH 2seJPazXbp1v/L/jbS+y =o7d2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4df3e2e8-c549-4b9a-1774-b831ab1f7ee2%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?
Thanks for the reply, Andrew! [2017-03-19 19:13] Andrew David Wong: > That's up to you. The pros and cons are, I think, pretty clearly laid > out on the USB page. If you have specific questions that aren't > addressed there, please feel free to ask. That's what I feared... =/ I think I have no option, for I can only forward the smartphone to an "adb" qube if the USB controller is in a USB qube, right? (can't do that from dom0) Do the USB qube get reset every reboot (like a DVM)? That would reduce the threat, I think... And about the commands' outputs, any idea if they really mean only one USB controller? Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/148997117881.900.6223634171823122302%40email. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Arch Linux + i3] High CPU usage after closing windows
[2017-03-19 18:04] : > Hi, guys. Can you help me with this error ? > > Curl: (22) The requested URL returned error: 404 non found Hi! Does the VM has internet connection? Can you ping something? If not, maybe you need to change settings (QubesManager) so it connects through a NetVM. Me: > Any ideas about where to place a "xmodmap ~/.Xmodmap"? I added a .desktop to .config/autostart/, but it's not really good. It required a "sleep 1" before "xmodmap ~/.Xmodmap" for it to work... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/148997026899.900.13212364451618759185%40email. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] SSD and normal HDD as RAID1 (HW-Raid LSI)
On Sun, Mar 19, 2017 at 12:32:38PM -0700, ludwig jaffe wrote: > Hi, > > I think about improving speed of my box. > I have SAS-Disks of 698GB as RAID1 on my LSI > SAS-RAID-Controller. > So what about replacing one of the Disks with an > SSD by SAMSUNG e.g. 850 series? > > So if the SSD drops some electrons the HDD will keep > up with data and the SSD will be quicker then the HDD > while reading. > > Will this work? > > Are there any people who tried such a raid1? > > Cheers, > > > Ludwig > Haven't tried it: you will definitely crock the write speed on SSD, and may see improvements on read. That will depend on the controller - some controllers bias toward SSD, others distribute the reads, in which case you would probably see very little improvement. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2017032230.GB17309%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?
On Sun, Mar 19, 2017 at 01:50:30PM -0700, andres...@gmail.com wrote: > Hi! > > I use an external keyboard and mouse, both currently connected to dom0. > After reading the USB doc I wanted to add an USB qube so I could "safely" > connect other devices (like untrusted pendrives, and my smartphone to an adb > qube). > > Since untrusted devices will connected to this USB qube, it should be > considered untrusted. But I think I only have one USB controller... > This mean my keyboard and mouse will need to be connected to this untrusted > qube together with untrusted devices, right? > > Is it worth it to create this extra USB qube this way? > > Bellow are the outputs of two commands, if anyone can help me make sure I > really have only one USB controller. I pointed the devices I identified using > a > ">(device name)". All my 3 USB ports were in use when I ran the commands. > > # lsusb > Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub > Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub > Bus 001 Device 003: ID 04f2:b2e3 >Internal Camera > Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub > Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub > Bus 004 Device 002: ID 04e8:61b6 >External HDD > Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub > Bus 003 Device 003: ID 0e6a:030c >External Keyboard > Bus 003 Device 006: ID 046d:c077 >External Mouse > Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub > > # readlink /sys/bus/usb/devices/usb* > ../../../devices/pci:00/:00:1a.0/usb1 > ../../../devices/pci:00/:00:1d.0/usb2 > ../../../devices/pci:00/:00:14.0/usb3 > ../../../devices/pci:00/:00:14.0/usb4 > > > The most similar thread I found about this topic is this one: > https://groups.google.com/forum/#!searchin/qubes-users/usb|sort:relevance/qubes-users/a86st0lUgEw/2FH24xuBFAAJ > But in that case mojosam had 2 controllers. > > > Thanks for the attention! > Try 'lspci|grep USB' Alternatively, look in QubesManager on the devices tab, and see how many Controllers are there. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170319234802.GA17309%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] *.mov-Files with Intel-Grafic?
On Sat, Mar 18, 2017 at 06:01:37PM +0100, evo wrote: > > > Am 18.03.2017 um 17:18 schrieb Unman: > > On Sat, Mar 18, 2017 at 03:47:18PM +0100, evo wrote: > >> Hi! > >> > >> i tried to play mov-files on debian-8 template (with VLC) and it works > >> rather good, but just if i make a little window. If i go fullscreen it > >> doesn't work good at all. > >> > >> is it a problem of RAM or grafic-card? (i have 16GB RAM, but maby i > >> should give more to this VM) Initial memory is 2000 and max 4000. > >> > >> or is it a problem of grafic-card. i have 2 of them, intel and nvidia > >> K1000M. As i understood, i can not really use nvidia on qubes. > >> > >> can you play full-hd mov-files in qube-VMs? > >> > > > > Yes is the answer, but I warrant it depends on your graphics and > > available memory, as you guess. > > You may find that you can resize the window to (almost) full screen > > without introducing choppiness, and that this works better than using > > the "full screen" mode. That's my experience. > > It's undoubtedly worth playing around to see what works best for you. > > > > unman > > > > hmmm... ok... what is about the nvidia-doc on the qubes page? > is it non realistic? It's been a while since I looked at that - at one time I had nvidia support on a laptop. From what I see on the lists it's difficult and may not work depending on what card you have. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170319221410.GC15867%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-19 13:50, andres...@gmail.com wrote: > Hi! > > I use an external keyboard and mouse, both currently connected to > dom0. After reading the USB doc I wanted to add an USB qube so I > could "safely" connect other devices (like untrusted pendrives, and > my smartphone to an adb qube). > > Since untrusted devices will connected to this USB qube, it should > be considered untrusted. But I think I only have one USB > controller... This mean my keyboard and mouse will need to be > connected to this untrusted qube together with untrusted devices, > right? > If your keyboard and mouse are USB devices, yes. > Is it worth it to create this extra USB qube this way? > That's up to you. The pros and cons are, I think, pretty clearly laid out on the USB page. If you have specific questions that aren't addressed there, please feel free to ask. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYzwKEAAoJENtN07w5UDAw76kP/jnfjJ26Pgjii/N9MGz1CY4r 6naH9kikwkGtGFeNghZXPSuj5FVzzm3UwU0L2auciOkDjclNvukx29lMnrPdDR+i V4GfEn0eiBVceyJsUyrvPFGAE9dpLQdzHn4Tzckt/kl+db1x748ErleM4QZJPaKT h9/HIksuiQIO/9hVQzS60OQgbLY08uY2DveuKO6KVQJ3/79vwCO98SirThzdxXtA Cuq81jXntgceCznrK76xMVgwqYnapgnQmbyueFS0ZrjEgOWddHogAXzvT7ETnVfh ZvGtLQcviUqwLTa0R0+IMMByJrBzTlUM8VBGtCRjI00OF4CYHPGp60hJWZWTXq8F pP1pduIMeY3scVroT7PchRxT4UifUlwMOypYHjOVsloSRrOFiRy3m4cGyYtulBa0 d7KzDlq0Av8m7nM66GfGb9E+ZLHSf9uX9EWv3Ej38VSsjmups/vcViEjj136Eg9V O2ZZI2mKYKP8ZRSpG+8RX58GjFHAJe/umlgPdNxsP2SJXuiysVzDJslPzsb5DHMd ksOOEnPi5qR/of2e3rFBlt/hfk2aeFzpNJcSFSNN5f7OB0RrI7jOg5C5ICcSGk9H pfEk+muCG6J4Tn8uoIbO4IWi79erb7W+iPXo6hDYMMckopXCGZOFhRKHDW+BRdS0 nB0IzFxYQNtRNR9fg2sJ =6k39 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4c742dfb-0ffe-5f0d-9c63-9aa2a21b20af%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: can we have debian-minimal?
On Sun, Mar 19, 2017 at 12:24:52PM -0600, Reg Tiangha wrote: > On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote: > > On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote: > >> hi there, > >> > >> fedora minimal is great idea to have inside Qubes, i wonder why we dont > >> have debian minimal as well inside Qubes ? > >> > >> (debian-qubes has many packages which r not necessary to be installed e.g > >> printing packages. tho, it will be nice to install the needed packages > >> from the user pleasures not by default.) > >> > >> Thanks > > > > This would be wonderful. I tried to create one by removing some package but > > not a big impact on space or memory usage. > > > > I will follow this thread with interest! > > > > Dominique > > > > You can create one yourself using qubes-builder ( > https://github.com/QubesOS/qubes-builder ); I just did it myself a > couple of days ago, and it's great! I tried to do do a stretch-minimal > but it failed somewhere in the middle, but jessie-minimal worked fine > and I've switched all of my service vms to use that with coldkernel. > I'll probably get to creating a Thunderbird-only VM using that template > soon. > > I've noticed that there have been a lot of requests for debian-minimal > templates come through; it'd be nice if one could be made and put up in > the Qubes repository (even if it was templates-community) for > convenience sake. I hadn't realised that there wasn't one in the repository. We'll fix this. In the meantime it is fairly simple to build one yourself, as Reg says. The instructions are at www.qubes-os.org/doc/qubes-builder/ If they look intimidating, dont be put off for the build. In the new template install the packages you need: sudo dnf install gpg git createrepo rpm-build make wget rpmdevtools python-sh dialog rpm-sign dpkg-dev debootstrap PyYAML: Close down the template. Create a qube based on that template: doesn't hurt to give it some extra space in private storage Start the new qube. Clone the build repository: 'git clone git://github.com/QubesOS/qubes-builder.git qubes-builder ' 'cd qubes-builder ' Run the setup file: './setup' Follow the defaults for the first three screens, and then select the builder-debian plugin on the 4th, Builder plugin screen. Select YES to download sources On the template selection page deselect fc23 and select jessie+minimal. Then build the template: 'make qubes-vm' 'make template' You will have to copy the template in to dom0 but there is a handy script at the end of the build log to help you do this. The build logs are in the build-logs directory. You can also turn on verbose output by putting VERBOSE=1 in builder.conf file instead of VERBOSE=0. If you like to mess around with the build, the relevant bits are in qubes-src/builder-debian/template_debian. That's where the package lists are. If you're going to do this more than once I would strongly recommend use of a caching proxy - it will save you a huge amount of time and bandwidth. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170319213147.GA15867%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Arch Linux + i3] High CPU usage after closing windows
Hi, guys. Can you help me with this error ? Curl: (22) The requested URL returned error: 404 non found sudo pacman -Suy :: Synchronizing package databases... % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 4030 100 40300 0 8968 0 --:--:-- --:--:-- --:--:-- 8975 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 287 100 2870 0641 0 --:--:-- --:--:-- --:--:-- 640 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 123k 100 123k0 0 367k 0 --:--:-- --:--:-- --:--:-- 368k % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 404 Not Found % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 1678k 100 1678k0 0 1225k 0 0:00:01 0:00:01 --:--:-- 1226k % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 404 Not Found % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 3859k 100 3859k0 0 2373k 0 0:00:01 0:00:01 --:--:-- 2375k % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 404 Not Found % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 176k 100 176k0 0 516k 0 --:--:-- --:--:-- --:--:-- 517k % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 404 Not Found % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 51620 100 516200 0 51919 0 --:--:-- --:--:-- --:--:-- 51879 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 566 100 5660 0965 0 --:--:-- --:--:-- --:--:-- 964 % Total% Received % Xferd Average Speed TimeTime Time Current Dload Upload Total SpentLeft Speed 100 15756 100 157560 0 59804 0 --:--:-- --:--:-- --:--:-- 59908 :: Starting full system upgrade... there is nothing to do archlinux% -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/91bb9a21-9e46-4261-b55d-14b03b6bcf21%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?
Hi! I use an external keyboard and mouse, both currently connected to dom0. After reading the USB doc I wanted to add an USB qube so I could "safely" connect other devices (like untrusted pendrives, and my smartphone to an adb qube). Since untrusted devices will connected to this USB qube, it should be considered untrusted. But I think I only have one USB controller... This mean my keyboard and mouse will need to be connected to this untrusted qube together with untrusted devices, right? Is it worth it to create this extra USB qube this way? Bellow are the outputs of two commands, if anyone can help me make sure I really have only one USB controller. I pointed the devices I identified using a ">(device name)". All my 3 USB ports were in use when I ran the commands. # lsusb Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 04f2:b2e3 >Internal Camera Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 004 Device 002: ID 04e8:61b6 >External HDD Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 003 Device 003: ID 0e6a:030c >External Keyboard Bus 003 Device 006: ID 046d:c077 >External Mouse Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub # readlink /sys/bus/usb/devices/usb* ../../../devices/pci:00/:00:1a.0/usb1 ../../../devices/pci:00/:00:1d.0/usb2 ../../../devices/pci:00/:00:14.0/usb3 ../../../devices/pci:00/:00:14.0/usb4 The most similar thread I found about this topic is this one: https://groups.google.com/forum/#!searchin/qubes-users/usb|sort:relevance/qubes-users/a86st0lUgEw/2FH24xuBFAAJ But in that case mojosam had 2 controllers. Thanks for the attention! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d4b2819-e59c-4251-a0a3-3e7a046a0d72%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: can we have debian-minimal?
On 2017-03-19 2:26 PM, Reg Tiangha wrote: > On 2017-03-19 2:08 PM, cooloutac wrote: >> On Sunday, March 19, 2017 at 2:25:17 PM UTC-4, Reg Tiangha wrote: >>> On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote: On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote: > hi there, > > fedora minimal is great idea to have inside Qubes, i wonder why we dont > have debian minimal as well inside Qubes ? > > (debian-qubes has many packages which r not necessary to be installed e.g > printing packages. tho, it will be nice to install the needed packages > from the user pleasures not by default.) > > Thanks This would be wonderful. I tried to create one by removing some package but not a big impact on space or memory usage. I will follow this thread with interest! Dominique >>> >>> You can create one yourself using qubes-builder ( >>> https://github.com/QubesOS/qubes-builder ); I just did it myself a >>> couple of days ago, and it's great! I tried to do do a stretch-minimal >>> but it failed somewhere in the middle, but jessie-minimal worked fine >>> and I've switched all of my service vms to use that with coldkernel. >>> I'll probably get to creating a Thunderbird-only VM using that template >>> soon. >>> >>> I've noticed that there have been a lot of requests for debian-minimal >>> templates come through; it'd be nice if one could be made and put up in >>> the Qubes repository (even if it was templates-community) for >>> convenience sake. >> >> welp my brain just melted trying to figure this out. Searching in >> qubes-users I just see unman telling people its easy, but can you link me to >> the actual instructions for building the template? apparently I;m too dumb >> to find them. I'm at that github page wanting to shoot myself right now. >> maybe i need git instructions too lol. >> >> I've always compiled gresc on baremetal debian maybe I should just skip to >> coldkernel attempt? But I;ve already failed trying to compile a basic >> kernel in Qubes so I think I'm probably just gonna pass man. :( >> > > You can follow the Archlinux instructions, but when you get to the step > where you have to select your template, choose jessie-minimal rather > than Archlinux: > > https://www.qubes-os.org/doc/building-archlinux-template/ > > The coldkernel instructions ( http://github.com/coldhakca/coldkernel ) > for Debian templates just work; you should have no problems if you > follow them exactly. You can take the linux-image and linux-header deb > files that it makes and copy/install them on other Debian templates as well.. > > Compiling kernels for Qubes using qubes-linux-kernel ( > https://github.com/QubesOS/qubes-linux-kernel ) can be tricky. Upgrading > the 4.4 version of the kernel works well; I just did it a few days ago > to upgrade the dom0 kernel 4.4.54. All you had to do was switch into the > 4.4 branch (git checkout stable-4.4) and then change the text in the > version file to download the latest version (today, it's 4.4.55) and > then run make rpms (one of the patches will fail because it's already > been integrated into the kernel code, so you can just delete the one > that fails in series.conf; I don't remember which one off the top of my > head). If you want to do a newer kernel (ex. 4.9 or 4.10), it's a bit > more involved. I just compiled 4.10.4 for dom0 and it's running fine, > but you have modify the xen and rpmify patches in their various patch > directories to work with the new kernel. It's not hard; they all still > work, it's just that their locations are different so the patches need > to be updated and that's the part that takes a bit of work. I don't have > time to write a how-to for that though, but for those who are wondering, > it *is* possible to run kernels newer than 4.4 using the Qubes build > scripts. > Oh, one more thing: If you were thinking about trying to compile a kernel newer than 4.4, use @marmarek's repository at https://github.com/marmarek/qubes-linux-kernel and run git checkout devel-4.8 and work off of that. In fact, you can probably just sub in 4.8.17 in the version file to get the last 4.8 kernel and it should just work (I can't remember if I had to make any other modifications on top of that; I don't think I did). It should be easier to migrate up to 4.9 or 4.10 off of that repository, rather than the master Qubes repository that only goes as high as 4.4. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oampsr%24jjr%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: can we have debian-minimal?
On 2017-03-19 2:08 PM, cooloutac wrote: > On Sunday, March 19, 2017 at 2:25:17 PM UTC-4, Reg Tiangha wrote: >> On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote: >>> On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote: hi there, fedora minimal is great idea to have inside Qubes, i wonder why we dont have debian minimal as well inside Qubes ? (debian-qubes has many packages which r not necessary to be installed e.g printing packages. tho, it will be nice to install the needed packages from the user pleasures not by default.) Thanks >>> >>> This would be wonderful. I tried to create one by removing some package but >>> not a big impact on space or memory usage. >>> >>> I will follow this thread with interest! >>> >>> Dominique >>> >> >> You can create one yourself using qubes-builder ( >> https://github.com/QubesOS/qubes-builder ); I just did it myself a >> couple of days ago, and it's great! I tried to do do a stretch-minimal >> but it failed somewhere in the middle, but jessie-minimal worked fine >> and I've switched all of my service vms to use that with coldkernel. >> I'll probably get to creating a Thunderbird-only VM using that template >> soon. >> >> I've noticed that there have been a lot of requests for debian-minimal >> templates come through; it'd be nice if one could be made and put up in >> the Qubes repository (even if it was templates-community) for >> convenience sake. > > welp my brain just melted trying to figure this out. Searching in > qubes-users I just see unman telling people its easy, but can you link me to > the actual instructions for building the template? apparently I;m too dumb to > find them. I'm at that github page wanting to shoot myself right now. maybe > i need git instructions too lol. > > I've always compiled gresc on baremetal debian maybe I should just skip to > coldkernel attempt? But I;ve already failed trying to compile a basic kernel > in Qubes so I think I'm probably just gonna pass man. :( > You can follow the Archlinux instructions, but when you get to the step where you have to select your template, choose jessie-minimal rather than Archlinux: https://www.qubes-os.org/doc/building-archlinux-template/ The coldkernel instructions ( http://github.com/coldhakca/coldkernel ) for Debian templates just work; you should have no problems if you follow them exactly. You can take the linux-image and linux-header deb files that it makes and copy/install them on other Debian templates as well. Compiling kernels for Qubes using qubes-linux-kernel ( https://github.com/QubesOS/qubes-linux-kernel ) can be tricky. Upgrading the 4.4 version of the kernel works well; I just did it a few days ago to upgrade the dom0 kernel 4.4.54. All you had to do was switch into the 4.4 branch (git checkout stable-4.4) and then change the text in the version file to download the latest version (today, it's 4.4.55) and then run make rpms (one of the patches will fail because it's already been integrated into the kernel code, so you can just delete the one that fails in series.conf; I don't remember which one off the top of my head). If you want to do a newer kernel (ex. 4.9 or 4.10), it's a bit more involved. I just compiled 4.10.4 for dom0 and it's running fine, but you have modify the xen and rpmify patches in their various patch directories to work with the new kernel. It's not hard; they all still work, it's just that their locations are different so the patches need to be updated and that's the part that takes a bit of work. I don't have time to write a how-to for that though, but for those who are wondering, it *is* possible to run kernels newer than 4.4 using the Qubes build scripts. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oamphi%242u2%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: can we have debian-minimal?
On Sunday, March 19, 2017 at 2:25:17 PM UTC-4, Reg Tiangha wrote: > On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote: > > On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote: > >> hi there, > >> > >> fedora minimal is great idea to have inside Qubes, i wonder why we dont > >> have debian minimal as well inside Qubes ? > >> > >> (debian-qubes has many packages which r not necessary to be installed e.g > >> printing packages. tho, it will be nice to install the needed packages > >> from the user pleasures not by default.) > >> > >> Thanks > > > > This would be wonderful. I tried to create one by removing some package but > > not a big impact on space or memory usage. > > > > I will follow this thread with interest! > > > > Dominique > > > > You can create one yourself using qubes-builder ( > https://github.com/QubesOS/qubes-builder ); I just did it myself a > couple of days ago, and it's great! I tried to do do a stretch-minimal > but it failed somewhere in the middle, but jessie-minimal worked fine > and I've switched all of my service vms to use that with coldkernel. > I'll probably get to creating a Thunderbird-only VM using that template > soon. > > I've noticed that there have been a lot of requests for debian-minimal > templates come through; it'd be nice if one could be made and put up in > the Qubes repository (even if it was templates-community) for > convenience sake. welp my brain just melted trying to figure this out. Searching in qubes-users I just see unman telling people its easy, but can you link me to the actual instructions for building the template? apparently I;m too dumb to find them. I'm at that github page wanting to shoot myself right now. maybe i need git instructions too lol. I've always compiled gresc on baremetal debian maybe I should just skip to coldkernel attempt? But I;ve already failed trying to compile a basic kernel in Qubes so I think I'm probably just gonna pass man. :( -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8996d3b8-0182-449c-b16b-9c2d05836b27%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: can we have debian-minimal?
> On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote: >> On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote: >>> hi there, >>> >>> fedora minimal is great idea to have inside Qubes, i wonder why we dont >>> have debian minimal as well inside Qubes ? >>> > You can create one yourself using qubes-builder ( > https://github.com/QubesOS/qubes-builder ); I just did it myself a > couple of days ago, and it's great! I tried to do do a stretch-minimal > but it failed somewhere in the middle, but jessie-minimal worked fine > and I've switched all of my service vms to use that with coldkernel. > I'll probably get to creating a Thunderbird-only VM using that template > soon. Since I am one of the "very interested people", I followed your link. AT first glance I do not know how to use that to get a debian-minimal. Would you have time to explain the procedure a bit more ? That would be really nice & helpful. You could even add a paragraph to the qubes-pages to immortalize your effort :) Thank you, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37747fbb-7759-6836-672d-6346f7643dcd%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] SSD and normal HDD as RAID1 (HW-Raid LSI)
Hi, I think about improving speed of my box. I have SAS-Disks of 698GB as RAID1 on my LSI SAS-RAID-Controller. So what about replacing one of the Disks with an SSD by SAMSUNG e.g. 850 series? So if the SSD drops some electrons the HDD will keep up with data and the SSD will be quicker then the HDD while reading. Will this work? Are there any people who tried such a raid1? Cheers, Ludwig -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/beaf5c4e-286b-4a6f-af59-8404b2e0ab49%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: can we have debian-minimal?
On Sunday, March 19, 2017 at 2:25:17 PM UTC-4, Reg Tiangha wrote: > On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote: > > On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote: > >> hi there, > >> > >> fedora minimal is great idea to have inside Qubes, i wonder why we dont > >> have debian minimal as well inside Qubes ? > >> > >> (debian-qubes has many packages which r not necessary to be installed e.g > >> printing packages. tho, it will be nice to install the needed packages > >> from the user pleasures not by default.) > >> > >> Thanks > > > > This would be wonderful. I tried to create one by removing some package but > > not a big impact on space or memory usage. > > > > I will follow this thread with interest! > > > > Dominique > > > > You can create one yourself using qubes-builder ( > https://github.com/QubesOS/qubes-builder ); I just did it myself a > couple of days ago, and it's great! I tried to do do a stretch-minimal > but it failed somewhere in the middle, but jessie-minimal worked fine > and I've switched all of my service vms to use that with coldkernel. > I'll probably get to creating a Thunderbird-only VM using that template > soon. > > I've noticed that there have been a lot of requests for debian-minimal > templates come through; it'd be nice if one could be made and put up in > the Qubes repository (even if it was templates-community) for > convenience sake. I still have to try this out ty. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f440bb7e-d6cc-4e19-99ec-cc281aaea1ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: can we have debian-minimal?
its difficult to remove the packages inside debian-qubes , because most of the time u will end up on crashing/destroying it. but i wonder if the developer of debian-qubes can make a minimal one , which is way better than the current one. > On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, > tnt_b...@keemail.me> wrote: >> hi there, >> >> fedora minimal is great idea to have inside Qubes, i wonder why we dont have >> debian minimal as well inside Qubes ? >> >> (debian-qubes has many packages which r not necessary to be installed e.g >> printing packages. tho, it will be nice to install the needed packages from >> the user pleasures not by default.) >> >> Thanks > > This would be wonderful. I tried to create one by removing some package but > not a big impact on space or memory usage. > > I will follow this thread with interest! > > Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/KfbtmHt--3-0%40keemail.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Validating (DNSSEC) name resolver
Starting point -- - Qubes v3.2 - validation of the resolved names takes place at DNS that LAN router gets from ISP Ending point - same Qubes 3.2 - validation of the resolved names takes place in one of the VMs. - dnscrypt is not involved Few years ago Alex Dubois did a great job by posting http://bowabos.blogspot.ca/2013/11/how-to-set-up-dnscrypt-proxy-on-qubes-os.html I tried to follow his guidelines and got lost. In particular: 1) What VM is better suited for running validating name resolver, i.e. 'unbound'? _ I guess that ProxyVM is good enough to isolate the validation process _ from both AppVMs and FirewallVM. Is it a reasonable guess? 2) I copied /etc/unbound/unbound.conf to /rw/config/unbound following the guideline. _ Then I got lost. _ a) What value should be used instead of 'x' in the following setting? _ interface: 10.137.2.x _ Is it the IP address of eth0 interface in ProxyVM? _ Running "ifconfig" in ProxyVM terminal yields inet 10.137.2.21. _ Is this address stays always the same between reboots of the entire Qubes OS? _ b) What value should be used in the following setting? _access-control: 10.137.2.0/24 allow _ access-control: 10.138.2.0/24 allow _ Are they IP addresses of vif interfaces in the ProxyVM? _ Running "ifconfig" in ProxyVM terminal yields inet 10.137.5.1 _ Or they are IP addresses of eth0 interfaces in AppVMs that are configured _ to use this Proxy VM as NetVM? _ Running "ifconfig" in these AppVMs yields inet 10.137.5.9 and 10.138.5.6 (DispVM) _ c) What value should be used instead of 'x' and 'y'? _ access-control: x.x.x.x/y allow _ d) I left _val-permissive-mode: yes _ as shown in the guideline. I will be using it for debug purposes. Once I _ confirm that everything up and running, I will change it to 'no'. _ Let me know if it will have devastating effect on AppVMs. _ e) I left it _ do-not-query-localhost: no _ f) Is this setting going to work given that no dnscrypt is listening on 127.0.0.1@53? _ If not, what should it be set to so that name is eventually resolved by _ DNS that LAN router gets from ISP (same way how it was working at the starting point)? _forward-zone: _ name: "." _ forward-addr: 127.0.0.1@53 3) According to the guidelines, rc.local should have INPUT rules _ /usr/sbin/iptables -I INPUT 3 -j ACCEPT -d 10.137.2.x -p udp --sport 1024:65535 --dport 53 -m conntrack --ctstate NEW _ /usr/sbin/iptables -I INPUT 3 -j ACCEPT -d 10.137.2.x -p tcp --sport 1024:65535 --dport 53 -m conntrack --ctstate NEW _ What value should be used instead of 'x' _ Is it the IP address of eth0 interface in ProxyVM? I hope, it will get easier to set up Validating (DNSSEC) Name Resolver after https://github.com/QubesOS/qubes-issues/issues/2344 is addressed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/374093626.4280608.1489949096487%40mail.yahoo.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: can we have debian-minimal?
On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote: > On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote: >> hi there, >> >> fedora minimal is great idea to have inside Qubes, i wonder why we dont have >> debian minimal as well inside Qubes ? >> >> (debian-qubes has many packages which r not necessary to be installed e.g >> printing packages. tho, it will be nice to install the needed packages from >> the user pleasures not by default.) >> >> Thanks > > This would be wonderful. I tried to create one by removing some package but > not a big impact on space or memory usage. > > I will follow this thread with interest! > > Dominique > You can create one yourself using qubes-builder ( https://github.com/QubesOS/qubes-builder ); I just did it myself a couple of days ago, and it's great! I tried to do do a stretch-minimal but it failed somewhere in the middle, but jessie-minimal worked fine and I've switched all of my service vms to use that with coldkernel. I'll probably get to creating a Thunderbird-only VM using that template soon. I've noticed that there have been a lot of requests for debian-minimal templates come through; it'd be nice if one could be made and put up in the Qubes repository (even if it was templates-community) for convenience sake. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oamidf%249pf%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: can we have debian-minimal?
On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote: > hi there, > > fedora minimal is great idea to have inside Qubes, i wonder why we dont have > debian minimal as well inside Qubes ? > > (debian-qubes has many packages which r not necessary to be installed e.g > printing packages. tho, it will be nice to install the needed packages from > the user pleasures not by default.) > > Thanks This would be wonderful. I tried to create one by removing some package but not a big impact on space or memory usage. I will follow this thread with interest! Dominique -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c2165f0-065c-4dfe-b1b9-2acba0a339fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [Arch Linux + i3] High CPU usage after closing windows
Thanks for the fast reply, Olivier! But no, I don't think it's related. The problem seems indeed to be with zsh cofig, but it only showed up after VM reboot. Sorry for the confusion. It seems the command that was causing the problem was "xset r rate 200 45". (no reason for running it in a VM since it should be configured in dom0, right?) And, yes, I know such command shouldn't be placed in .zshrc, but .xinitrc is not being run at X startup... Any ideas about where to place a "xmodmap ~/.Xmodmap"? rc.local seems not to work for this (maybe it is run before X startup? Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/148993515432.807.7757520650894350868%40localhost.localdomain. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [Arch Linux + i3] High CPU usage after closing windows
On 03/19/2017 02:18 PM, andres...@gmail.com wrote: > Hello! > > When I close all terminals from a VM, CPU usage for that VM goes to around > 50% (shown by Qubes Manager) and stays there until I open another terminal to > the same VM. The problem only happens if I close the terminal using Ctrl+d, > not if I kill the window using i3. > > This happens both with Arch Linux template or appvms based on it. Doesn't > happens with Fedora. > > Example of commands that I used to open the terminals: > > qvm-run -a archlinux "xterm /bin/bash" > qvm-run -a archappvm "xfce4-terminal -x /bin/zsh" > > (both bash or zsh, xterm or xfce4-terminal) > > I thought it could be some zsh config, but the problem persists even > commenting .zshrc content, or using bash (default configs). > > It also happens if I open Vim with something like: > qvm-run -a archappvm "xfce4-terminal -x vim" > and close it using ":q". If I close Vim killing the window (i3 hotkey), it > doesn't happens). > > I tried to log CPU usage from inside the VM using "ps", but it doesn't seem > to increase (no reported process started to consume more CPU). I thought it > could be a problem with Qubes Manager (displaying false high CPU usage), but > the fan do start to make more noise, so it must be using more CPU. > > Any ideas? > > Thanks for the attention! > Is it related to https://github.com/QubesOS/qubes-issues/issues/2702 ? Try running as root: # echo core > /proc/sys/kernel/core_pattern When shutting down a VM, some service is apparently crashing, causing a high CPU usage. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3874f6e-af67-7920-aa38-7ff00a70aa3e%40yahoo.fr. For more options, visit https://groups.google.com/d/optout.
[qubes-users] [Arch Linux + i3] High CPU usage after closing windows
Hello! When I close all terminals from a VM, CPU usage for that VM goes to around 50% (shown by Qubes Manager) and stays there until I open another terminal to the same VM. The problem only happens if I close the terminal using Ctrl+d, not if I kill the window using i3. This happens both with Arch Linux template or appvms based on it. Doesn't happens with Fedora. Example of commands that I used to open the terminals: qvm-run -a archlinux "xterm /bin/bash" qvm-run -a archappvm "xfce4-terminal -x /bin/zsh" (both bash or zsh, xterm or xfce4-terminal) I thought it could be some zsh config, but the problem persists even commenting .zshrc content, or using bash (default configs). It also happens if I open Vim with something like: qvm-run -a archappvm "xfce4-terminal -x vim" and close it using ":q". If I close Vim killing the window (i3 hotkey), it doesn't happens). I tried to log CPU usage from inside the VM using "ps", but it doesn't seem to increase (no reported process started to consume more CPU). I thought it could be a problem with Qubes Manager (displaying false high CPU usage), but the fan do start to make more noise, so it must be using more CPU. Any ideas? Thanks for the attention! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bf5292a0-dbd7-42f3-aa6e-48fb022796b3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Tip: How to speed up QubesOS shutdown
W dniu niedziela, 19 marca 2017 00:28:18 UTC+1 użytkownik Andrew David Wong napisał: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2017-03-18 09:24, Grzegorz Chodzicki wrote: > > > > > > On 03/18/2017 05:21 PM, Unman wrote: > >> On Sat, Mar 18, 2017 at 08:59:29AM -0700, Grzesiek Chodzicki wrote: > >>> W dniu sobota, 18 marca 2017 15:08:35 UTC+1 użytkownik Unman napisał: > On Sat, Mar 18, 2017 at 03:41:49AM -0700, Grzesiek Chodzicki wrote: > > I've experienced this issue myself and I saw some people complaining > > about it on the mailing list. Sometimes Qubes takes forever to poweroff. > > > > The issue is caused by the fact that for some unknown reason machines > > with PCI devices attached take forever to shutdown and sometimes need > > to be manually killed from within VM Manager. After manually killing > > them, the system will shutdown normally. > > > > So, here's the fix: > > > > In Dom0 run qvm-prefs -s sys-net pci_e820_host false > > > > Repeat that for sys-usb and any other machine that holds a PCI device. > > > > Your system should shut down normally after this. > > > > No, I don't know how or why this works but I know that it solved the > > issue on my machine. Explanation welcome. I'll add this to > > documentation once we have a confirmation that this is 100% > > reproducible. > > > I'd be reluctant to propose this as a tip as is, because it will almost > certainly break networking for some users. > We specifically set pci_e820 to address user problems. I don't know what > the intersection is between those for whom this is a fix and those for > whom shutdown is slow/doesn't happen. > > Have you tried the solution suggested here before of shutting down other > vms first, then sys-usb and sys-net? Andrew, I think, posted a simple > script that he uses. > > Yeah, here it is: > > https://github.com/QubesOS/qubes-issues/issues/1581#issuecomment-266266876 > > (And also in the ML archives.) > > I suspect that that will have more impact with > fewer consequences than this proposal, but user experience will be key > here: comments ? > >>> Yes, I did try that, this is how I found out that on my system it is not > >>> possible to cleanly shut down VMs that hold PCI devices. If I try > >>> shutting down sys-net the VM Manager hangs for a few minutes, then the > >>> entire system stops responding then the machine gets killed, then VM > >>> manager throws an exception and then system becomes responsive again. > >>> After setting pci_e820_host to False I can cleanly shutdown sys-net and > >>> sys-usb just like any other VM. > >>> > >> So that sounds very system specific. Why not put together a tip > >> incorporating Andrew's script ( which will help on almost all > >> machines), and then yours as a special case to be used where that > >> doesnt help? > > That's the point, I don't know whether this is specific to my machine > > but I don't have another PC to test so I posted this here so other > > people can try it and see if that alleviates the issue. > > > > What if you just qvm-kill sys-net? > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJYzcKAAAoJENtN07w5UDAw/78P/3CXZeKbMtD4LGNu4e6VAuKV > tkzTmEXSZq/cWDLuYPuAlWhwfpHD5y4bOkfLUsswkHQSju4StP83iG1Yahpec6u1 > ZNcrGJ0JLCJbqsSSOwLq/xJT9tw5Q0KCju7xOyhG3QkQw2ZdtVkFZEewzn3f/pLS > E/cVqOcZkCw77WkaDX0OM+qwlNN6wzCQemy4HfEhXx+l3rt8I9/OVLNS2PE0Daf6 > bcykBIy70Ytdtzou+sU1yFC21e32kqwixJpgwYuIe0qMSWNRoJiBqc7nxZn1y495 > 21IMMpDnDOWbHyY9jH+7E+PbQ3WfusZze8QcqegQ3afGz/WquMByFHnVJ9Xm8Y0U > ewEdea8ceJ9WdZM2MWx8jD80DlPA43rUChGWAm53blEd7Mu9Z512s2i2SoVWilQS > OE3XMFLWlgAgM9WTuMXLn0yi4UFbHK7+ptT3P9PBRbITbEwkRtvlgZmZ2H2m9G+Q > OwTcNS6g17kqF5sYgTuc+MKY/b44v96UgDWtDhnELbIaImmrxyOkhrZAWy+gwEqk > sGNp2zy3CDMgYo/AMgZMWr0TVzDa1qNPmWNR+hfDZDFUkS/klxh87sQttXIkQ0o9 > ckgsWjdnXHP8OncGp5e/5TGIk0CisaERwDH8944pkuYWhj32S1UKdMyKKYIYNSkt > A4nScFTSJttZX9ybEkg9 > =iv32 > -END PGP SIGNATURE- It gets killed as usual, no error messages. It's the qvm-shutdown that doesn't work properly. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f729221e-5eb9-4e62-b34c-d8aba3faa3bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Question to Mirage OS firewall users
Stable so far. (Current uptime 12h, it crashed well before that when it wasn't.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4fae0a9c-0d29-4b72-b82b-1f47cc4d64af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Tip: How to speed up QubesOS shutdown
On 03/19/2017 01:40 AM, Jean-Philippe Ouellet wrote: > On Tue, Mar 14, 2017 at 7:11 PM, haaber wrote: >> I dont't have any e820 pci device as far as I know, but shutdown is >> definitely a problem. xfce shuts down, and then I have a black screen >> with a blinking cursor, and, afaik unless I brutally remove electricity. >> No clue if this is related to Grzesiek's problem ... Bernhard > > e820 does not refer to a device, but rather a table containing memory > layout information provided by the bios [1]. > > [1]: > http://wiki.osdev.org/Detecting_Memory_(x86)#BIOS_Function:_INT_0x15.2C_EAX_.3D_0xE820 > Oups :) ! That is funny. So my shutdown pb could be related that I added a second 8G mem bar? At least both occured approx. simultaneously. I just never made the link. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/371db135-5a51-be7c-a650-53f7ab9179a4%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] can we have debian-minimal?
hi there, fedora minimal is great idea to have inside Qubes, i wonder why we dont have debian minimal as well inside Qubes ? (debian-qubes has many packages which r not necessary to be installed e.g printing packages. tho, it will be nice to install the needed packages from the user pleasures not by default.) Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Kf_yef4--3-0%40keemail.me. For more options, visit https://groups.google.com/d/optout.
