Re: [qubes-users] Btrfs (file-reflink): Why is the CoW on a volatile.img enabled?

2023-03-04 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Disabling CoW and hence checksums (besides being specific to Btrfs - > file-reflink is filesystem agnostic) Although for volatile volumes in particular it might be possible to get away with (optionally, configured per-

Re: [qubes-users] Modifying /etc/hosts in dispVM

2023-04-20 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > The line "10.1.1.1 myhost.example.com" is appended to > /etc/hosts. But when I open a disposable terminal and type 'host > myhost.example.com', I get the DNS address, not 10.1.1.1. 'host' isn't suitable for testing this, because it never looks

Re: [qubes-users] Injecting configuration files into appVM when it's created/started for the first time

2023-04-30 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Qubes: > I am sure I have read this somewhere here on the list or in the > [documentation](https://www.qubes-os.org/doc/) that it is possible to inject > configuration files into an appVM when it gets created. Can someone maybe > remind me how to do

Re: [qubes-users] dom0 backup/restore

2023-05-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Qubes: > However, when I use the Qubes backup tool it shows the size of the dom0 > backup is going to be 7.1 GB, but other than about 20 MB of screenshots in > `/home/Pictures/` I don't have anything in `/home/`. It's a bug in the GUI backup tool's

Re: [qubes-users] Issuing the command 'qvm-run --user=user some-dom kill -9 some-pid' on dom0 returns a message...

2023-07-22 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Boryeu Mao: > of ``some-dom: command failed with code: 137``, which I have been ignoring > since the job with ``some-pid`` did get killed. What could be the meaning > of the code 137 and its significance? 137 == 128 + (signal) 9 https://www.gnu.o

Re: [qubes-users] sys-usb needs more than default RAM to mount LUKS encrypted backup volume

2018-05-20 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Bernhard: > > You shouldn't mount encrypted drives on sys-usb. Use qvm-block to attach > > the partition to a different VM, then mount it there. > > > This is a good question, I think. Since we distrust sys-usb I agree that we > should not do the cr

Re: [qubes-users] What exactly is 'private-cow.img' in appvms?

2018-08-03 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Stickstoff: > there is documentation about 'root-cow.img' online [1], but nothing > about 'private-cow.img'. > Am I right to assume that the 'private.img' is the writable part the VM > sees, with the changes the VM wrote saved on 'private-cow.img' [.

Re: [qubes-users] What exactly is 'private-cow.img' in appvms?

2018-08-03 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Stickstoff: > > there is documentation about 'root-cow.img' online [1], but nothing > > about 'private-cow.img'. > > Am I right to assume that the 'private.img' is the writable part t

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

2018-08-15 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sphere: > https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/ > > There are other vulnerabilities disclosed along with this today and > if possible, I would like to confirm th

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

2018-08-16 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sphere: > I have hyperthreading disabled on my BIOS, do I still have to add > that option to Xen command line? Disabling it in the BIOS is okay too, according to the XSA. > By pull request you mean, it's still being grabbed for use and > installati

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

2018-08-16 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Chris Laprise: > On 08/15/2018 08:40 AM, Rusty Bird wrote: > > To me as a layman, it looks like Qubes is indeed vulnerable to the > > XSA-273 data leak, and that fixing it involves > > > > 1. disabling hyperthreading (b

Re: [qubes-users] Questions about non-standard services & selective start

2018-08-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 trueriver: > Chris L recently showed me how to touch files in a VM to enable a > standard service to start, in that case NetworkManager > > https://groups.google.com/forum/#!topic/qubes-users/0_LUn4ha8Jg > > I now want to do something similar with

Re: [qubes-users] How to use the raw vchan library - no Qrexec

2018-08-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 nicholas roveda: > I want to experiment a bit with the vchan library and develop a > program that make unprivileged VMs communicate without using the > network and without Qrexec or any Qubes specific framework. I'd imagine this is supposed to be fo

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

2018-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 odindva0...@gmail.com: > I am using version R 4.O and recently decided to set up a new Vpn connection . > But when I try to select the type is only giving me AppVM and > Standalone option so obviously I can't move forward . I am attaching > picture o

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rob Fisher: > I'm wondering when we can expect information on the impact of XSA-273 (1) on > Qubes R4? I'd guess early next month: https://groups.google.com/d/msg/qubes-users/Isn_hko7tQs/PcqIuUleEQAJ > what are the best options for a Qubes user rig

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'awokd' via qubes-users: > > Rob Fisher: > >> what are the best options for a Qubes user right now? ^ > Get Qubes running on non-x86 architectures less prone to > vulnerabilities! Don't hold yo

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-26 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Ivan Mitev: > On 08/26/2018 12:50 AM, Rusty Bird wrote: > > Rob Fisher: > >> what are the best options for a Qubes user right now? > > > > - - Add smt=off as a Xen boot parameter (which disables hyperthreading) >

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

2018-08-26 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > To me as a layman, it looks like Qubes is indeed vulnerable to the > XSA-273 data leak, and that fixing it involves > > 1. disabling hyperthreading (by adding smt=off to the Xen command line) > 2. AND upgrading Int

Re: [qubes-users] sys-net turning on itself

2018-08-27 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Daniil Travnikov: > I turned off auto-start of sys-net when laptop starting, and all is > ok with this moment. > > But if my laptop will be turned on some while and I will be just in > Qubes Manager with turned off all of the VM's, after some time I

Re: [qubes-users] systemd replacement for dom0

2018-09-03 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Marcus Linsner: > I'm mainly asking because I fail to make certain services stop in a > certain order at reboot/shutdown. Hmm, maybe I should focus on > starting them in a certain order? then maybe shutdown will do it in > reverse order [...] Yes, t

Re: [qubes-users] Symlinks for "some" AppMVs to other partition in Qubes 4.x?

2018-09-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Teqleez Motley: > I want to store only some AppVMs (and some custom TemplateVMs) on a > different ext4 partition. See , with the exception that if you want to store your VMs in files on ext4, you'd us

Re: [qubes-users] Re: Dom0 (System tools) shortcuts suddenly disappeared

2018-09-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Patrick: > Hello, on my 4.0 platform somehow I'm now missing the "Display" > shortcut. I'm thinking I may have accidentally dragged it into the > desktop and then deleted it. I found this thread and tried a couple > things but still not there. > > H

Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy

2024-02-13 Thread 'Rusty Bird' via qubes-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Boryeu Mao: > > For R4.1.2 I had some RPC calls with + and - characters in the file > > name. These are considered as invalid characters to be part of service > > names in the new qrexec policy format (e.g. in > > /etc/qubes/policy.d/30-user.poli

Re: [qubes-users] 'locking' a vm possible? (to prevent accidental shutdown)

2024-04-15 Thread 'Rusty Bird' via qubes-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Boryeu Mao: > An attempt to shutdown `sys-firewall` in `Qube Manager` receive a warning > about running processes in the qube; similarly on command line > `qvm-shutdown sys-firewall` fails with an error. Is it possible to > designate an appVM to

Re: [qubes-users] 'locking' a vm possible? (to prevent accidental shutdown)

2024-04-15 Thread 'Rusty Bird' via qubes-users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rusty Bird: > Boryeu Mao: > > An attempt to shutdown `sys-firewall` in `Qube Manager` receive a warning > > about running processes in the qube; similarly on command line > > `qvm-shutdown sys-firewall` fails with an erro

<    1   2