Re: [qubes-users] Looking to change value of dom0_mem=max, tried finding xen-cmdline but no luck
@awokd: What on earth, so I was almost there already I was looking around grub and grub2 folders in hopes of finding some sort of startup script related to it. Now I feel so dumb hahahahahaha Many Thanks! @Claudia: Thanks for the heads' up. I have set the max memory through xen.cfg for my situation. To be honest, I couldn't comprehend completely the memory allocation in Xen/Qubes article but if I understand it right, what it heavily implies is that dom0 dynamically allocates memory from itself to AppVMs when it sees that there is a need for it. I did observe this behavior to some extent but unfortunately, it doesn't seem to react when an AppVM is in a very near-frozen state due to lack of RAM to use. I have observed this for almost over 5 times already and it sucked. Also, I could observe some minor lag hiccups whenever the browser is starting to completely exhaust the ram available to the AppVM, and that is something I would like to try to avoid. On Friday, November 22, 2019 at 3:27:07 AM UTC+8, awokd wrote: > > Sphere: > > > However, a ram stick just died on me this week and I badly need all the > RAM > > that I could get. Even right now, my dom0 is actively using just about > 940 > > MB worth of RAM... which is why I think it would be best if I could > > permanently allocate 2048M to dom0 instead of 4096M for my case. > > /boot/efi/EFI/qubes/xen.cfg > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f91ddd88-e8cf-425a-aa45-90b43e75f738%40googlegroups.com.
Re: [qubes-users] Turning a NetVM into an AppVM
On Fri, Nov 22, 2019 at 08:44:00AM +, 'awokd' via qubes-users wrote: > nanop...@tuta.io: > > Hello there, I realized that everytime I made a new Qubes VM, I have been > > checking the "provides network" option turning it into a NetVM. > > I mistakenly believed that the option of "provides network" meant that the > > VM would need connectivity (yeah, I didn't RTFM), so now they are all > > NetVMs... hehe > > > > It would be cumbersome to delete them all and start over, so I was > > wondering which commands I could use to block such functionality turning it > > effectively into an AppVM. > > Qube Settings/Advanced tab. Or 'qvm-prefs myvm provides_network false' in dom0 terminal. /Sven > > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/696875e5-a039-f92f-bf38-168a6a99da17%40danwin1210.me. -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191123003927.GA1002%40app-email-private. signature.asc Description: PGP signature
[qubes-users] How do I hide sys-net and sys-firewall from the list of available NetVMs?
Hi, I would like to hide both sys-net and sys-firewall from the list of available NetVMs when I create a new qube or when I modify a qube. The reason for this is that I sometimes create and delete many qubes within one day and this could lead to accidently choosing sys-net or sys-firewall as the NetVM of one those qubes. I already route all the traffic through sys-whonix and also have a corridor whitelisting service running. On my system I don't want any qube besides sys-net and sys-firewall ever to be connecting to the clearnet. All must go through sys-whonix. And I'm aware that there is an option for setting the default NetVM. I already set that option to sys-whonix. I'm asking this specifially because I want to decrease the risk of me making an error when I am under stress or for whatever reason. I imagine that it's probably as easy as editing 2 lines in a file on dom0 but I didn't find any documentation on this and I also don't want to break my system. Any help would be greatly appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2df5ccf2ffb2f35cfa4e32965623bc5%40firemail.cc.
Re: [qubes-users] How to navigate the Qubes OS versions and forum posts.
Greetings, Thank you for clarifying the differences between documentation and forums, letting me know where I should sent security or bug reports. Generally, Questions about how to do such and such? Should be querried in the forum while verifying the build version, before posting. So: - Periodic security updates are not always rolled into the OS point version, so I must update those entities (dom0, templateVMS, or StandaloneVMs) individually. https://www.qubes-os.org/doc/software-update-domu/#updating-software-in-templatevms - if some documentation needs to be updated, I can contribute via a pull requests from Github at https://www.qubes-os.org/doc/doc-guidelines/ and follow it’s validation process. Ok thanks, I can follow those suggestions. On Friday, November 22, 2019 at 3:55:01 AM UTC-5, Andrew David Wong wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2019-11-21 7:50 PM, Eugene Foster wrote: > > > > > > Greetings I am new to the OS and forum, > > > > > > I read thought some of the documentation and I was interested in > > knowing how to navigate the versions and bug fixes. Currently, I > > see we are 4.0.1; however, I’ve seen other mentions of stable > > versions in the forum. Is it correct to assume all the fixes > > suggested in the forum are about this (4.0.1) version and not the > > EOL versions? https://www.qubes-os.org/doc/supported-versions/ > > > > All the messages ever sent to the mailing list are stored in the > archive, so you can find messages going back years. Older messages may > be about older versions. Sometimes, there may be two supported > versions at the same time. This is why it's a good idea to specify the > version you're referring to. Currently, 4.0 (which includes point > releases like 4.0.1) is the only supported version, so that's most > likely the version others are referring to. > > > > > And, can I assume the fixes suggested in the forum will be tested > > and released in future? > > > > Not necessarily. Often, people discuss their suggestions here, and the > discussion reveals that something different should be done instead. > Not all suggestions are good ones. Just because someone makes a > suggestion here doesn't mean that the Qubes team will act on it. > Moreover, some threads are just for the sake of discussion, > theorizing, or understanding, rather than making suggestions. We need > a way to keep track of each actionable issue and organize them all by > priority, type, component, milestone, and so on. The mailing list > doesn't support this, which is why we have a separate issue tracker: > > https://www.qubes-os.org/doc/reporting-bugs/ > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl3XolYACgkQ203TvDlQ > MDBZExAAyL+TQ541MvIPzdn3vW8Q8d5E8fRBAXb4eQ8myE7XNRRYH9GRdwBbX+Ge > XHOAfeH2v+xARi+B2Eydq76cns7lKxa7X8jhPRjSRS6TlmrJPR4mp1Yz7jqa6hci > //kJUzrWLNRn/DzCdaojo6J4JETd6oy29uu9IXP1M0PJa2TnMwk0yqFjoE2sT+w1 > cJpsbv6wIzN1I3UhngpQYiaJWjKDy8cLqtrgk4JR63RzNm6NBrdVYqJr4J+pBSwl > nu7BVWinSIpFdGK/Dc2W0Wf3lqjezaDCbtFC1e2bNoejrQDC3n6v4mJIwaIW7v69 > Wm7CiwcRcQEo0awaOjI+6dDk55pe3INLP7pv80ZqddLS5KiTv9GXIWf4Ejqajvei > Mhr6BiMRGGESK0FakrcmSCjvzrQCRkNZgYa9Fz2zSdIhhB3ouOhAkRZqUVYte8lM > teUgvu5qI7uaLAMbOnOpx9shhTyM+bHIlMG5GftP7zhwKwsVrggXH+qCHvaNc8VH > Btix9q8cfA4QoM9LwojfLEzjrqItGu0AKKgmN0Xyx69SbJM7d13Kg1e0ItS0Mdla > izaPz4FdbF07BjAahZkTP8HI+UzvGh6fPNt2kiVzdFKbwwHVeEp6bScc3ska559d > ePemkv2DPXuoLWzRQ/6nJBG1E26XdAH+dhSMBT4wwQTA7m3HI7c= > =WSPt > -END PGP SIGNATURE- > > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/95c91418-3b70-4a91-b18b-360adfb08530%40googlegroups.com.
Re: [qubes-users] Looking to change value of dom0_mem=max, tried finding xen-cmdline but no luck
Sphere: However, a ram stick just died on me this week and I badly need all the RAM that I could get. Even right now, my dom0 is actively using just about 940 MB worth of RAM... which is why I think it would be best if I could permanently allocate 2048M to dom0 instead of 4096M for my case. ...Not unless there are big security-related reasons as to why 4096M has been the default on dom0. I think you're looking for /boot/efi/EFI/qubes/xen.cfg line "options=..." (UEFI) or /etc/default/grub line "GRUB_CMDLINE_XEN=..." (legacy, or UEFI+grub). I have no idea if it's effective, advisable, or safe; I'm just explaining how to do it if you want to. https://wiki.xenproject.org/wiki/Xen_Project_Best_Practices#Xen_Project_dom0_dedicated_memory_and_preventing_dom0_memory_ballooning https://wiki.xenproject.org/wiki/Xen_Project_Best_Practices#Why_should_I_dedicate_fixed_amount_of_memory_for_Xen_Project_dom0.3F - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd96a94c-63e3-b2bb-91f1-36d72db76708%40vfemail.net.
Re: [qubes-users] Looking to change value of dom0_mem=max, tried finding xen-cmdline but no luck
Sphere: https://discussions.citrix.com/topic/354913-error-increasing-dom0-memory-in-61/ So I am looking to reduce the max set on dom0_mem because a considerable amount of ram is being wasted (roughly 1500 MB) and I want to use it on my RAM heavy appvms instead I've been searching all over the place for xen configuration stuff but I haven't gotten much luck finding anything that has the parameters that define the values in "xen_commandline" that is shown whenever one types xl info I've tried doing things like "xl mem-set Domain-0 2048M" but it reverts back as soon as I start a new app vm... Anybody know the proper way to do this? I think you're looking for /boot/efi/EFI/qubes/xen.cfg I'm not sure if you can change memory limits on dom0 at runtime (i.e. using xl). Even so, it's not recommended, because the kernel makes certain decisions based on the amount of memory it sees at boot, such as size of various memory structures, which are not updated when the amount of ram changes later. So you could end up with a non-optimal configuration. It's best to set initial and max memory in xen.cfg. However I encourage you to read about memory allocation in Xen/Qubes, as Andrew mentioned, before making any changes, as they might not be necessary at all. - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54403785-5350-5f40-781a-fdb5cb6b27b4%40vfemail.net.
Re: [qubes-users] Days since last backup
On 2019-11-22 04:41, Bernhard wrote: > However, I am stuck on how to determine how many days it has actually been since the last backup. >>> >>> What you are looking for is this command: >>> >>> qvm-prefs --get $vm backup_timestamp > > Nice. In case of a "manual backup", can you also set the variable that > way? Like > > qvm-prefs --set $vm backup_timestamp 2019.11.22-00:00:00 > > (or some other time format) ? > I believe it requires the Unix timestamp as a long int, but represented as a string, so you would need to first convert your string to the Unix long int representation. The example command below is untested, but this should work to set the backup_timestamp to the time value of some archive file taken from some other non-qubes backup solution. $ backup_timestamp=`date --reference=/path/to/my_backup.tgz +%s` $ qvm-prefs --set $vm backup_timestamp $backup_timestamp Or like you asked, you can just use the date command to convert any standard time format string to the required unix timestamp value. If you are using the qvm-backuprestore command like I am, then this is always done for you for free, and you need not worry about managing the backup timestamps yourself. As a part of my backup script I also need to deal with freeing up enough removable disk space for the pending backup session. My backup target disk is managed as a set of folders, one per VM, and based on the predicted backup size I roll though all the VM folders, sort that vm's backup directory based on time, and remove only however many old backup archive files from each directory that I need in order to free up that required amount of space. This way I am guaranteed to have at least N backups of each VM and only the older archives are removed as newer ones are created. Its a great feature that Qubes keeps tabs on the previous backup timestamps in its VM database. That makes the complexity of custom backups easy to manage using very simple bash/python scripting. Steve -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c426f037-095d-c90f-6fec-4dfb14c90fbc%40jhuapl.edu.
Re: [qubes-users] Days since last backup
However, I am stuck on how to determine how many days it has actually been since the last backup. What you are looking for is this command: qvm-prefs --get $vm backup_timestamp Nice. In case of a "manual backup", can you also set the variable that way? Like qvm-prefs --set $vm backup_timestamp 2019.11.22-00:00:00 (or some other time format) ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7939b014-2605-dd43-2f14-1a33a29e0b82%40web.de.
Re: [qubes-users] How to navigate the Qubes OS versions and forum posts.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2019-11-21 7:50 PM, Eugene Foster wrote: > > > Greetings I am new to the OS and forum, > > > I read thought some of the documentation and I was interested in > knowing how to navigate the versions and bug fixes. Currently, I > see we are 4.0.1; however, I’ve seen other mentions of stable > versions in the forum. Is it correct to assume all the fixes > suggested in the forum are about this (4.0.1) version and not the > EOL versions? https://www.qubes-os.org/doc/supported-versions/ > All the messages ever sent to the mailing list are stored in the archive, so you can find messages going back years. Older messages may be about older versions. Sometimes, there may be two supported versions at the same time. This is why it's a good idea to specify the version you're referring to. Currently, 4.0 (which includes point releases like 4.0.1) is the only supported version, so that's most likely the version others are referring to. > > And, can I assume the fixes suggested in the forum will be tested > and released in future? > Not necessarily. Often, people discuss their suggestions here, and the discussion reveals that something different should be done instead. Not all suggestions are good ones. Just because someone makes a suggestion here doesn't mean that the Qubes team will act on it. Moreover, some threads are just for the sake of discussion, theorizing, or understanding, rather than making suggestions. We need a way to keep track of each actionable issue and organize them all by priority, type, component, milestone, and so on. The mailing list doesn't support this, which is why we have a separate issue tracker: https://www.qubes-os.org/doc/reporting-bugs/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl3XolYACgkQ203TvDlQ MDBZExAAyL+TQ541MvIPzdn3vW8Q8d5E8fRBAXb4eQ8myE7XNRRYH9GRdwBbX+Ge XHOAfeH2v+xARi+B2Eydq76cns7lKxa7X8jhPRjSRS6TlmrJPR4mp1Yz7jqa6hci //kJUzrWLNRn/DzCdaojo6J4JETd6oy29uu9IXP1M0PJa2TnMwk0yqFjoE2sT+w1 cJpsbv6wIzN1I3UhngpQYiaJWjKDy8cLqtrgk4JR63RzNm6NBrdVYqJr4J+pBSwl nu7BVWinSIpFdGK/Dc2W0Wf3lqjezaDCbtFC1e2bNoejrQDC3n6v4mJIwaIW7v69 Wm7CiwcRcQEo0awaOjI+6dDk55pe3INLP7pv80ZqddLS5KiTv9GXIWf4Ejqajvei Mhr6BiMRGGESK0FakrcmSCjvzrQCRkNZgYa9Fz2zSdIhhB3ouOhAkRZqUVYte8lM teUgvu5qI7uaLAMbOnOpx9shhTyM+bHIlMG5GftP7zhwKwsVrggXH+qCHvaNc8VH Btix9q8cfA4QoM9LwojfLEzjrqItGu0AKKgmN0Xyx69SbJM7d13Kg1e0ItS0Mdla izaPz4FdbF07BjAahZkTP8HI+UzvGh6fPNt2kiVzdFKbwwHVeEp6bScc3ska559d ePemkv2DPXuoLWzRQ/6nJBG1E26XdAH+dhSMBT4wwQTA7m3HI7c= =WSPt -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e3b5172-42d7-1bb6-108c-a4a5f7ab529f%40qubes-os.org.
Re: [qubes-users] Turning a NetVM into an AppVM
nanop...@tuta.io: > Hello there, I realized that everytime I made a new Qubes VM, I have been > checking the "provides network" option turning it into a NetVM. > I mistakenly believed that the option of "provides network" meant that the VM > would need connectivity (yeah, I didn't RTFM), so now they are all NetVMs... > hehe > > It would be cumbersome to delete them all and start over, so I was wondering > which commands I could use to block such functionality turning it effectively > into an AppVM. Qube Settings/Advanced tab. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/696875e5-a039-f92f-bf38-168a6a99da17%40danwin1210.me.
Re: [qubes-users] Help, I broke my Qubes...
'Zeko' via qubes-users: > > I changed autostart to False in the qubes.xml entry for sys-usb but the OS > still starts sys-usb and panicks like before. In that same file and general location, remove the line beginning with . This will remove the USB PCI controller from sys-usb. > Also if I didn't mention this earlier, when I ran the command that installed > sys-usb, it reported progress on 5-6 steps and all succeeded except one. I > believe the one that failed was editing something in /boot and I think I had > umounted /boot and removed the stick some time before running that command. OK, that's likely why you couldn't find the xen.cfg setting. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/646bd2de-0132-8c89-8e62-da525914cd77%40danwin1210.me.
