Re: [qubes-users] No wired internet (Intel I219-LM) on new 4.1 install
On 5/24/22 08:36, M wrote: sys-firewall - limit traffic to * on TCP port 443. I tried ping google from sys-net and sys-firewall terminal. From sys-net domain+ip went through, sys-firewall only ip. * ping uses ICMP which the firewall will always let through unless you use qvm-firewall * DNS queries are routed by Qubes OS to the netvm, which is in your case sys-firewall * once you allow UDP port 53 in the firewall settings in sys-firewall DNS should work Updates are also not working. Well, they need DNS. ;-) ... and also Fedora will try to contact some HTTP URLs If you don't want to allow HTTP in sys-firewall, you can 1. clone it to sys-update 2. set sys-update as updatevm and in the policy for updates 3. allow HTTP for sys-update 4. set "provides networking" to false for sys-update That means sys-update will be used as update proxy but no other qube can use it as network (netvm). /Sven -- public key: https://www.svensemmler.org/2A632C537D744BC7.asc fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbe90e79-6db5-544a-e990-53233d641193%40SvenSemmler.org. OpenPGP_signature Description: OpenPGP digital signature
[qubes-users] Failing Salt code: out of ideas and wrong error
Can any one point me to why the following fails? I have been banging my head against this for a while ... --- SNIP --- create bind dirs config file: file.managed: - name: /rw/config/qubes-bind-dirs.d/50_user.conf - makedirs: True - mode: 644 - dir_mode: 755 {% set binddirs = ['/usr/local'] %} {% for binddir in binddirs %} configure '{{ binddir }}' to be persistent: file.replace: - name: /rw/config/qubes-bind-dirs.d/50_user.conf - pattern: "^binds+=( '{{ binddir }}' )$" - repl: "binds+=( '{{ binddir }}' )" - append_if_not_found: True {% endfor %} --- SNIP --- The corresponding error ("State 'create bind dirs config file' in SLS 'custom_dom0.sys-vpn-mpihlr_assert_vpn_setup' is not formed as a list") is a complete red herring, as the so called first part by itself works just fine and only fails when I add the latter (jinja) part ... How do I properly deal with the single quotes in `pattern` and `repl`? Thanks for any pointers. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eb5ea5103d373739332790182caa3cec24049cdf.camel%40graumannschaft.org.
Re: [qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, May 24, 2022 at 10:37:18AM +0200, Qubes OS Users Mailing List wrote: > https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable > states: > > To do this [make a particular application open everything in a > > disposable VM], enable a service named app-dispvm.X in that qube, > > where X is the application ID. > > and invokes `app-dispvm.thunderbird` as an example. > > How would you do that for an application installes and run through > flatpak? Flatpak-installed applications still have an application ID, which is what gets passed to qubes.StartApp to launch the application. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKNCU4ACgkQsoi1X/+c IsEMuA//VFfRexOsdHC7jd1eb7tZOCsBgeXlX6e/jU84XDvwCETveFUWrP0jRjva cZshRg3AilVXQVuLfLQMyqTP2w5izlsXQByFdTo5/V3vWiHIvO1ohl+Ugrkg7sZc albGEfGnOoNheGjGhdCWX4XLmteR79DR8tyjhTyP3hc6KvHAKmrT4ighPFVI+hRn 6XZbP5BWQOZ1QSva9wwa6bXJh2/7ZujsNrMOR5V+vLXa/wEc/Xwx4Hwv83UljD8E BkccHrp3nfEuorV9PTiBVavVKHZfaPbZu1wxkA9ws2Hh0Akse1PyRtABk1TJAQgT 2hZwHs0mbjstrgTjSb8SgG/oXwkyIxubLljBcRpbU1XRSmOZzr8QbGd3Mh3JU2xx mDZs7i1qTM+Vbb4SyTMfN8gKtv9TyREOGdKNP247g3SxzRUw4u/ZJ2OthUH1+vwC 4o8ohCSfVgvMBcM3BhQN7i3jr0wD38KCdJHSL6OkxVdPn7H2DWZorhfm6Ov14qr7 UKX1/tErPMbv6GTlwBjVHx9X1WSkCrzWOZNxssXs6e4OoDA+LF8PJuLFiIMT89as DAu/PKwD0cyBPM+91weSRgp3XgI8gETPLTAxRC9WwIBpPBjQ3Yf/H6mHWkH76rBU +BLIE5mOwBCqawxb4azFF0Ww0fgd8NXzZ3TISK2H86hdTPFxheM= =1FBd -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Yo0JTb%2Bzm3cYGmtI%40itl-email.
[qubes-users] No wired internet (Intel I219-LM) on new 4.1 install
Everything is default with the exception of: 1. devices in sys-net is only with ethernet one. The other one, which was listed as unknown (guess wifi, disabled from bios) was removed. 2. sys-firewall - limit traffic to * on TCP port 443. 3. Disabled TOR. It said that I will not have internet (don’t know if it is connected, or mean only for whonix VMs) The internet icon does not have an X. I tried ping google from sys-net and sys-firewall terminal. >From sys-net domain+ip went through, sys-firewall only ip. Updates are also not working. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8661d76-b087-4e03-86c4-9f64c57f69c7n%40googlegroups.com.
[qubes-users] Force a flatpaked application to open attachments, links etc. in a dismVM?
https://www.qubes-os.org/doc/how-to-use-disposables/#making-a-particular-application-open-everything-in-a-disposable states: > To do this [make a particular application open everything in a > disposable VM], enable a service named app-dispvm.X in that qube, > where X is the application ID. and invokes `app-dispvm.thunderbird` as an example. How would you do that for an application installes and run through flatpak? Thanks for any pointers. Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a5cb7e4937d4dc24f095a9fa263c773e8f0e447.camel%40graumannschaft.org.