Re: [qubes-users] Re: Qubes 4.1 qrexec issue?
unman: On Wed, Mar 09, 2022 at 11:20:53AM +, 'taran1s' via qubes-users wrote: taran1s: I have an issue with Split GPG as well as with opening files in the disposable VMs and with the qrexec in the guide How to use Monero CLI/daemon with Qubes + Whonix too. https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html Split GPG Opening Thunderbird, I get following errors in the notification popup: Denied: whonix.NewStatus Denied whonix.NewStatus+status from work-email to sys-whonix I have to as well make every gpg action confirm in the Dom0 Operation Execution with Target GPG backend. Using dispVMs from within AppVM When trying to convert file or open it in the disposable VM from within the normal AppVM, I get an error popuplike : Denied: qubes.PdfConvert Denied qubes.pdfConvert from work-email to @dispvm Any advice appreciated! Is this mailing list still active or one needs to better go to a different place? Still active, but the Forum has more traffic, although it's often low grade and noisy. On your questions, the first looks like a Whonix issue - Patrick has asked that Qubes-Whonix questions be put in the Whonix forums, where they will get better oversight. The second looks like permissions - look in the policy file at /etc/qubes-rpc/policy/qubes.PdfConvert The /etc/qubes-rpc/policy/qubes.PdfConvert has allowed anyvm to run PdfConvert $anyvm $dispvm allow I already asked on the whonix forum and followed the improved version of the guide for Split Monero on Whonix website, but got another error that seems like the monero-wallet-ws AppVM doesnt see the monerod-ws AppVM. Monero GUI cannot connect and monero-wallet-cli returns this error: Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or change the daemon address using the ‘set_daemon’ command. Background refresh thread started The monerod-ws is syncing albeit it gets quite a lot Socks errors here and there and sometimes freezes Also in connection with the error related to the PdfConvert, I am not sure if the issue wiht the Split Monero is whonix specific or it is linked to the general qubes qrexcec setup and permissions of my Qubes. Qubes 4.1 I use is vanilla and whonix-ws-16 is full vanilla too. It would be really helpful if someone more experienced could have a look into it and provide help. I am cut off from the monero usage now if I don't want to use the remote node which I would like to avoid. Tried to find an answer on the net but didn't succeed. Thanks in advance to anyone that can help us solve the issue! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a0b67fc-a975-cd5b-5410-fd5c32492ce3%40mailbox.org.
Re: [qubes-users] QSB-078: Linux kernel PV driver issues and LVM misconfiguration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Mar 13, 2022 at 08:13:39PM +, 'awokd' via qubes-users wrote: > Demi Marie Obenour: > > > > + # "r|.*|" ] > > > > > I see how it allows crypt-luks volumes in general, along with nvme, sata, > > > and raid. What does that last line allow? > > > > /dev/md.* matches devices provided by the Linux Multiple Device (RAID) > > driver. > > Thanks; I should have specified what does "r|.*|" cover? It is a generic deny-all. LVM sadly defaults to allow-all. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIvvdoACgkQsoi1X/+c IsHd0BAAq9qJP3HO21+RLlblBb6o0f9s4QB2G048HHv0bYNRJQ3Ndexp/qurTWaj LRMaMG8wAAAJQ+1eR5cfsBHpbPSid3h/wby6TTQEyL3rZDoF3EQCzqbv3IilCePq 5r07JXAOnXHna4X2iqlGgliCIf5tBAIpN0ARs013wWi28Gb8v5+/9KiXUNniwacE y9VbyTZF9mrNO1QR/8TjZCNXSwue1qqvNTH54c5d+U6nilnJDHdYxNCvno96apPQ XWtE9wBTCPFaHEstHXUlxU3Z1ocf5B5U/6utYgP25u8mstTnY/FY3f8JWQUKfxAn t7Vg7LfZ/dEXgg3ptRlNV3q379ZWJF+OnNuM/oZgOTbjEAXjzPyf1RkzadZukO1E 4+3u/6IRQbSPmNbPYdfkiMuLMqNi0IbRT3NXWVvVtJ81lXbG42psIj7cFvIHTvvd 7CaDy3G7GqkmY/yE+G2dM/Rx+JYF+ySYs25xSDCq7QNgOHnFGcbwwT8LGurbnmd5 pxRAss6PfoNXQe+//rpiBhb+oT0wlVfez3ZTdKl21gLWmZ9+kQhyX5hDLY5ymZD6 dvw52AqH3+YVcQbrRUmZtEgbo+ZqiIs9EdE6BJvyRMhySpYoMoW06xZeI8JmbzZo 3xifBwTVOLv/DYW2V8sso8qHMEhSAI5EMc0KF18ZZgYH4yQww9o= =S/o6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi%2B92ow7Fdcywdmh%40itl-email.
Re: [qubes-users] QSB-078: Linux kernel PV driver issues and LVM misconfiguration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Mar 14, 2022 at 06:53:29PM -0400, Demi Marie Obenour wrote: > On Mon, Mar 14, 2022 at 06:12:44PM -0400, Demi Marie Obenour wrote: > > On Sun, Mar 13, 2022 at 08:13:39PM +, 'awokd' via qubes-users wrote: > > > Demi Marie Obenour: > > > > > > > > + # "r|.*|" ] > > > > > > > > > I see how it allows crypt-luks volumes in general, along with nvme, > > > > > sata, > > > > > and raid. What does that last line allow? > > > > > > > > /dev/md.* matches devices provided by the Linux Multiple Device (RAID) > > > > driver. > > > > > > Thanks; I should have specified what does "r|.*|" cover? > > > > It is a generic deny-all. LVM sadly defaults to allow-all. > > Marek, should we patch LVM to add a trailing "r|.*|" if none is present? I don't like changing how config file is interpreted - is rather unfriendly and confusing for those who know what they are doing and change their lvm.conf. The specific filter syntax is describe in the comment just above the this option. The great majority of users do not need to change it (unless we missed some common device? but then we should update the default filter), so the risk of messing it up by novice user is minimal. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmIvyX4ACgkQ24/THMrX 1yxSRQf+IXT1L2UnZCKmlMKljo5U2xIjcErQ6HsvE9KtsdktXQsV2bK/pNJhCxkl rNcTRQVWnB6dZ2rAOMYzBcoDW8JImLTNpK/BCrXyGyBgGWlnQ0QFZSm5QYXgWDkU sV6xyK24x5ubfB1rD1Svbq1vaN/nxT6ajccr/ZYm0zHi2BgB0suwW+x1yzHLyiS/ AGjGAOMxo9/Rc4jcKKZHR0GH2vO6Iu40mAezS4DGZWtIBY2qt0NloxIvcVVw8cEN Yc4gr0XC3uB1cfCs6sfaWbXPVjXCPfoc1Z8bb0zh69xRB1BQsjpc+imzdO+KCddS 64v2+9RsqMIaH79hNbCGBuRjOIJpfw== =m7a2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi/Jfo/nVmGTF2OE%40mail-itl.
Re: [qubes-users] QSB-078: Linux kernel PV driver issues and LVM misconfiguration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Mar 14, 2022 at 06:12:44PM -0400, Demi Marie Obenour wrote: > On Sun, Mar 13, 2022 at 08:13:39PM +, 'awokd' via qubes-users wrote: > > Demi Marie Obenour: > > > > > > + # "r|.*|" ] > > > > > > > I see how it allows crypt-luks volumes in general, along with nvme, > > > > sata, > > > > and raid. What does that last line allow? > > > > > > /dev/md.* matches devices provided by the Linux Multiple Device (RAID) > > > driver. > > > > Thanks; I should have specified what does "r|.*|" cover? > > It is a generic deny-all. LVM sadly defaults to allow-all. Marek, should we patch LVM to add a trailing "r|.*|" if none is present? Not having it creates a vulnerable system, which is bad. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIvx2oACgkQsoi1X/+c IsFd5RAAk8Vi3MeA/J3uEgRwfFdZDhUBTO7e17dRl0IP4oIjNXW70axe12n4mGGE ddByGs1dFF2efilzesm1A6GBjQeUNWqO1wKNO3lRvrtFuct8oHeWcPMZer15Kyjo BHBzok2vCT//HJ2atSG1tlB9u7LQ3EcDl42NwPBLtntUtQyV+blOBg2wHqfIcdQV Wca80Ev20t9YhxrerFsDkFIHyvEEkXjvI1hQVKQq8NtXQq1DziIyvAHgkLlMhtr8 8aHFthIbG30pp7m5e83jLqcLk1TKamliQZNIQvjbx0GeZxExEW/ob/f2xp4jXz7Z HYAjxBUc8+fsCKy5sa3uZHtHx091nakjAH7CDKZopR1PJzWzgmGIVTaoHksNzqZh sVrxeQ+OvSQwcTJgltHnAUDEx85DZrGt+0GMBCTc64dSD6oVas45CWKITkuXU97v LYChsyqxUb1vJBmxUjm0ZkaFEzShDHu+tEkfl8RpNQ9W/B9hKpbdRYY7c+xYnzXr mGp3GzrwjKsUTcEuZrinFJaxlMaryQuWknSUQ+YznuH0GTcPfNk7TgUAug1O0CvH Irzbzx1XUVRXCv2n734JFD+NjZm6HxN/7hyuRchi+prJFPjwv6QHD8BJcRWIVDKP vgvbf3ymEIF9SxjTbIz5MLAs+2YJBlA0cmNgtxgWH8RRZp1j/iI= =woZS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yi/HaXRXKMWxcZcA%40itl-email.
