Re: [qubes-users] Easy way to copy files from dom0 to VM?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2019-10-18 1:01 PM, Guerlan wrote: > Currently when I take a screenshot I need to open dom0's terminal > and use qvm-copy-to-vm which is painful. Isn't there a way to use > Nautilus in dom0 to easily copy to a VM? Os better, isn't there a > way to save screenshots directly to a VM? Maybe by mounting this VM > to dom0 (not a security risk I guess, because dom0 already has > access to everything) > You might find this helpful: https://github.com/QubesOS/qubes-issues/issues/953 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl2qmLMACgkQ203TvDlQ MDCNrBAAjoS7FFwaTtL+UBeds4aTxGyvoL50EhelHLXbZq5FG+NRpfgAwcAoGrNM X6IrIwszLauYimV4e6Mw6VMrb9X8yMfQ8SuKspX//Rm82Ob311hCDzFR2+POjHax M5DEelBZ5GoH/VDGfjJJq3m8sHk61N2hS+DmQ1utr1C/TXTl4N75kA7AJLiLm5Nz DLpM2wYVxH5M9TRT4hz8qoUR7QLHAKcVTunWuCnPVH6eBjCVwuvyu47AblIYFrGK u52+vCD69dIq10o4V5n2uXL04yR1kI3fIA915RppMwH9piwGE4L50ZmtirHOpxGf Ojirt7uutEzf4+vJ99HveMi4SY5ZElK/E2RsAym6VzRL6Kil7zVqvJ0SqjMAKv+o 3vN4Oe44FbBEfnGestkU3JyoD5IFBuWs6bXx+bvGt6auj73/Wd7J5JOMfAN6NfL0 Gnwmp8S98Lvhee94xVnl+BH7WvJNPqQ2tRt0G8yaIUV/ozvMqltu/ABc5/SO5Moo iwU58ksRJAg9w48XkK8KxEpmaUgq3PIhDoNyQokVyaZOf5W+NYjQP+KOdH0nDfcJ dt0ZZwx5CHVX2YxpUcddG8BsFXW62yF0Jd7l9euT93N5mbCgW4Zvi+IZFrG4qWwU RF2cgHFTxnOeckzhBmBUSQd82YOyuG4NJO0wnGv1JQbW+wn9rL8= =kxU2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/14643934-62c2-65ad-7923-02f69277d671%40qubes-os.org.
Re: [qubes-users] Fixing a VM's botched grub install
On Thu, Oct 17, 2019 at 01:24:00PM -0700, Jin-oh Kang wrote: The escape sequence crippling is caused by https://github.com/QubesOS/qubes-vmm-xen/blob/xen-4.8/patch-tools-xenconsole-replace-ESC-char-on-xenconsole-outp.patch , which is reasonable given the Qubes security model. For interactive console you could use `qvm-console-dispvm ` provided by the qubes-core-admin package. I wish I had seen that tool earlier! Here's a PR for the community docs: https://github.com/Qubes-Community/Contents/pull/74 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191019044205.GB1016%40danwin1210.me.
Re: [qubes-users] Fixing a VM's botched grub install
On Thu, Oct 17, 2019 at 01:06:24PM -0700, Jin-oh Kang wrote: This is what I see from your output: https://asciinema.org/a/2sMvgiISVELkjTxAjDlfoNP5Z That's really cool! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191019035452.GA1016%40danwin1210.me.
[qubes-users] Customizing Firefox in dispVMs (brand new profile on every dispVM startup)
Problem === Firefox can leak various IDs from a profile to websites, so different sessions can be correlated across different qubes, including DispVMs. See e.g. [this bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1372288) and possibly many other bugs. (Partial) solution === On every DispVM startup, we start without a Firefox profile, so a fresh one with random ID is created. However, the default settings are not very privacy friendly (and annoying), so we need to change some and we also need to auto install some extensions. (e.g. ad blocker) We do this by deploying a Firefox `policies.json` file into `/usr/lib/firefox-esr/distribution/policies.json` _before_ FF starts, so it pulls these settings onto itself at startup. We use the Qubes `/rw/config/rc.local` script to deploy the FF policy, as it runs immediately after VM startup. Limitations === There are still plenty opportunities to fingerprint the firefox+OS+HW combo, e.g. the classic [EFF panopticlick](https://panopticlick.eff.org/) (see fingerprint section after test) or the more advanced leak tests at [browserleaks](https://browserleaks.com). For a whole list of leak test sites check this GitHub page of [ghacks-user.js](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-A---Test-Sites) No bookmarks (perhaps also deployable by script), no history. Qubes setup === Docs for the setup: - [mozilla/policy-templates](https://github.com/mozilla/policy-templates/blob/master/README.md) - [Qubes: running script on VM startup](https://www.qubes-os.org/doc/config-files/) In a TemplateVM of DispVMs (DVM Template) put your settings in `/rw/config/firefox_policies.json`, e.g.: ``` $ cat
[qubes-users] Easy way to copy files from dom0 to VM?
Currently when I take a screenshot I need to open dom0's terminal and use qvm-copy-to-vm which is painful. Isn't there a way to use Nautilus in dom0 to easily copy to a VM? Os better, isn't there a way to save screenshots directly to a VM? Maybe by mounting this VM to dom0 (not a security risk I guess, because dom0 already has access to everything) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b30209f2-2c3c-4a71-bdae-8f77125b1be5%40googlegroups.com.
[qubes-users] yggdrasil somebody run it on qubes?
Hello, Somebody successfully run yggdrasil under Qubes? It's network like i2p/tor. I install it as rpm and service runinng. It's easy, but when I try to access resources at this network it not work. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7abb5715-b68e-4a0c-b7f4-78f8f025fe11%40googlegroups.com.
[qubes-users] VM-individual Apps: Google Chrome flatpak? eos repos?
Hello, I'm experimenting with a more "one app - one VM" paradigm using a minimal template with flatpak installed and then VMs based on it that pull in individual apps int flatpak's --user local installs. I just don't want to have a plethora of templates with different software subsets, but rather a base template and then VM-specific app installs ... I'm running this for signal and different mail accounts accessed with evolution (all present in flathub.org), but am also looking into doing this for media replay/chrome. There's an option here https://gist.github.com/cho2/a9c20556e0585943624208c3ca1a5af7 , but the "institutionally controlled" first option using EndlessOS' flatpak repos is not working for me. Has anyone done this? Thanks for any pointers, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cba93e9da42e5e3fed4ffe9696510d42%40graumannschaft.org.
Re: [qubes-users] Salt Questions
On 2019-10-09 20:43, Brian C. Duggan wrote: On 10/8/19 6:45 AM, Johannes Graumann wrote: 2) I'm unclear about whether the fedora-/debian-X-minimal template VMs require additional packages to be managed through salt. https://www.qubes-os.org/doc/templates/minimal/ appears to indicate so: Also, there are packages to provide additional services: ... qubes-mgmt-\*: If you want to use salt management on the template and qubes. If that's indeed the case, it's actually not possible to manage minimal template installation/customization entirely through salt, which I consider suboptimal. Qubes does not require that these packages be installed on target VMs to manage them. The disposable management VM applies states through salt-ssh over qrexec. So target VMs only need the qrexec agent installed: https://www.qubes-os.org/doc/salt/#configuring-a-vms-system-from-dom0 I believe qubes-mgmt-salt packages will let a user-controlled management VM use the AdminAPI through Salt. But I'm not sure whether the AdminAPI is mature enough for that to work fully, yet. Folks on this list have only talked about using Salt from dom0. 3) I so far have managed to setup `*.sls` files for updating all templates as well as dom0 (THANKS unman for the example repo posted a while ago). Now I'm trying to get a defined package installed in a minimal template and fail: flatpak.sls: install_flatpak: pkg.installed: - pkgs: - flatpak I was able to apply this state to a clone of fedora-30-minimal like this: # qubesctl --show-output --skip-dom0 \ # --target=fedora-30-minimal-flatpak state.sls flatpak Try getting the state to work by itself before using it in a top file. What do you get when you try that command? Brian -- Brian C. Duggan he/him/his Thank you for chiming in - I can indeed configure all official templates (minimal or not) using salt without installing anything special. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b3dd1452c5b70b17d30d7aeafc0d760%40graumannschaft.org.
[qubes-users] How does a dispVM know to shut down when program called in it closes?
Hello, What's the mechanism behind the fact that if I start firefox in a standard dispvm (as installation-provided) and terminate the program. the VM shuts down along with it? Thank for any hints. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e597553f059ec53b7313f1f376fb3a83%40graumannschaft.org.
