[qubes-users] disabling qubes-network and qubes-firewall serivces not supported with debian 9?
Hi, I'm in the progress to migrate a custom fedora-based proxyVM to a debian 9 template, because debian's longer support cycles. On my fedora proxyVM I simply disabled qubes-network and qubes-firewall to be in full control of the firewall rules and forwarding. When I disable these services on the debian template it does not have the same effect (i.e. /proc/sys/net/ipv4/ip_forward remains 1). Is this feature qvm-service proxyvm1 -d qubes-network qvm-service proxyvm1 -d qubes-firewall not supported on debian 9 templates or is it currently broken? I'm on R3.2. thanks, Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171221155109.C7F654FD6FD%40mta-1.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Unable to start VM after renaming in Qubes Manager
> The data is stored in the private.img file in that folder. > > You can either create a new qube, and then attach the file: > qvm-block -A dom0:/var/lib/qubes/appvms/oldname /private.img > then mount /dev/xvdi in , and extract the data from > /mnt/home/user > OR: mount the private.img file in dom0 and qvm-copy the data files to some > qube. > OR: create a new qube, and copy the private.img file to > /var/lib/qubes/appvms/new Thank you I used the last option and it worked just fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171216080902.8BAA54EB275%40mta-1.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Unable to start VM after renaming in Qubes Manager
Hello, it looks like I got hit by a severe problem that prevents me from starting an appvm I searched the bugtracker and it looks like: https://github.com/QubesOS/qubes-issues/issues/2054 I also renamed a VM and it no longer starts. The folder under /var/lib/qubes/appvms/oldname is still present. What is the easiest way to get access to the data stored in that VM? thanks! Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171214205906.22D684E772C%40mta-1.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] feedback for todays kernel-qubes-vm update (4.4.55-11)
Marek Marczykowski-Górecki: > On Tue, Apr 18, 2017 at 10:54:00AM +0000, Joonas Lehtonen wrote: > > >> Joonas Lehtonen: >>> Hi, >>> >>> just a quick notice about todays kernel update. >>> >>> After upgrading, the new kernel 4.4.55 became the new default for all >>> VMs that previously used the default kernel, but >>> VMs would no longer boot because they claim that an old kernel the one >>> that got removed during the upgrade (4.4.11?) is no longer present even >>> though the VM was configured to boot the default (4.4.55). > >> This was mainly an UI thing. qvm-ls -k displayed it correctly. These >> affected VMs used to have the now-removed kernel version 4.4.14-11. >> Qubes Manager just can not display not installed kernels. > > So, Qubes Manager shows still old kernel? Have you tried restarting it > (Qubes Manager)? Qubes Manager showed the new kernel (4.4.55-11) while qvm-ls -k showed the old (removed) kernel. Qubes Manager got restarted automatically during updating dom0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7eb3e765-5848-8a3a-e6d0-32df1879deb9%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] qvm-ls says: "WARNING: VM has corrupted files!
Joonas Lehtonen: > Hi, > > do I need to worry about that warning? (VMs work fine) > How can I fix it? This was related to the recent dom0 kernel update for VMs and fixed with: qvm-prefs -s kernel default -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd9e87d7-0fc7-3a15-2763-6c96aa6892eb%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] feedback for todays kernel-qubes-vm update (4.4.55-11)
Hi, just a quick notice about todays kernel update. After upgrading, the new kernel 4.4.55 became the new default for all VMs that previously used the default kernel, but VMs would no longer boot because they claim that an old kernel the one that got removed during the upgrade (4.4.11?) is no longer present even though the VM was configured to boot the default (4.4.55). Easy workaround: configure the VM to boot 4.4.38 and save. reopen the preferences and configure it to boot the latest default -> boot the vm regards, Joonas Installed: 1000:kernel-qubes-vm-4.4.55-11.pvops.qubes.x86_64 Updated: qubes-gui-dom0-3.2.10-1.fc23.x86_64 Installed: 1000:kernel-4.4.55-11.pvops.qubes.x86_64 Updated: qubes-mgmt-salt-dom0-qvm-3.2.1-1.fc23.noarch [..] Updated: qubes-manager-3.2.11-1.fc23.x86_64 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a98e3ee3-5808-ce2e-f231-42b5d8b1b83d%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: debian 9 kernel (needed for wifi driver) but failing to build u2mfn against 4.9.0
Reg Tiangha: > On 04/17/2017 03:45 PM, Joonas Lehtonen wrote: >> Hi, >> >> I need debian's kernel because the Qubes kernel does not provide the >> needed network driver. >> >> I'm following the steps here to install the in-VM kernel, instead of the >> one provided by dom0: >> >> https://www.qubes-os.org/doc/managing-vm-kernel/ >> >> The debian 9 template boots fine with pvgrub but qrexec does not work >> because the Qubes kernel module u2mfn fails to build on debian 9's >> kernel (4.9.0). >> >> Has anyone u2mfn running on debian 9's kernel (4.9.0)? >> >> thanks, >> Joonas > > > Update your Debian 9 template; version 3.2.4 of qubes-kernel-vm-support > was just pushed out to stable today and that should allow compiling > kernels higher than 4.8 to work. thanks, that worked. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/856b2a78-0b73-f991-5644-8439b2bd1042%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] debian 9 kernel (needed for wifi driver) but failing to build u2mfn against 4.9.0
Hi, I need debian's kernel because the Qubes kernel does not provide the needed network driver. I'm following the steps here to install the in-VM kernel, instead of the one provided by dom0: https://www.qubes-os.org/doc/managing-vm-kernel/ The debian 9 template boots fine with pvgrub but qrexec does not work because the Qubes kernel module u2mfn fails to build on debian 9's kernel (4.9.0). Has anyone u2mfn running on debian 9's kernel (4.9.0)? thanks, Joonas >From the log file /var/lib/dkms/u2mfn/3.2.3/build/make.log : DKMS make.log for u2mfn-3.2.3 for kernel 4.9.0-2-amd64 (x86_64) make: Entering directory '/usr/src/linux-headers-4.9.0-2-amd64' LD /var/lib/dkms/u2mfn/3.2.3/build/built-in.o CC [M] /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.o /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c: In function ?u2mfn_ioctl?: /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c:80:23: error: passing argument 5 of ?get_user_pages? from incompatible pointer type [-Werror=incompatible-pointer-types] (data, 1, 1, 0, _page, 0); ^ In file included from /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c:26:0: /usr/src/linux-headers-4.9.0-2-common/include/linux/mm.h:1302:6: note: expected ?struct vm_area_struct **? but argument is of type ?struct page **? long get_user_pages(unsigned long start, unsigned long nr_pages, ^~ /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c:79:9: error: too many arguments to function ?get_user_pages? ret = get_user_pages ^~ In file included from /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c:26:0: /usr/src/linux-headers-4.9.0-2-common/include/linux/mm.h:1302:6: note: declared here long get_user_pages(unsigned long start, unsigned long nr_pages, ^~ cc1: some warnings being treated as errors /usr/src/linux-headers-4.9.0-2-common/scripts/Makefile.build:304: recipe for target '/var/lib/dkms/u2mfn/3.2.3/build/u2mfn.o' failed make[3]: *** [/var/lib/dkms/u2mfn/3.2.3/build/u2mfn.o] Error 1 /usr/src/linux-headers-4.9.0-2-common/Makefile:1507: recipe for target '_module_/var/lib/dkms/u2mfn/3.2.3/build' failed make[2]: *** [_module_/var/lib/dkms/u2mfn/3.2.3/build] Error 2 Makefile:150: recipe for target 'sub-make' failed make[1]: *** [sub-make] Error 2 Makefile:8: recipe for target 'all' failed make: *** [all] Error 2 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57e825bb-9d96-bac1-8b0c-e8f00e8a72d3%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] remote code execution via UDP packets (CVE-2016-10229) in the context of Qubes // and kernel update recommendations
https://nvd.nist.gov/vuln/detail/CVE-2016-10229 > udp.c in the Linux kernel before 4.5 allows remote attackers to > execute arbitrary code via UDP traffic [...] fixed in [1] (2015-12-30) It never affected Fedora according to: https://bugzilla.redhat.com/show_bug.cgi?id=1439740#c2 > This fix was committed upstream in the 4.5 kernel merge window (Dec > 2015). It has never impacted any of the currently supported versions of > Fedora. In Debian it got fixed on 2016-01-5 https://www.debian.org/security/2016/dsa-3434 3.16.7-ckt20-1+deb8u2 https://security-tracker.debian.org/tracker/CVE-2016-10229 Since Qubes VMs depend on dom0 for kernel updates, Qubes user do not get kernel updates from upstream distros. - Qubes currently ships kernel 4.4.38 for VMs Kernel 4.4.38 has been released on 2016-12-10 so I assume it contains the fix? - Have Qubes VM kernels (provided by dom0) ever been affected (in the past of R3.2)? Since Qubes does not frequently release VM kernel updates*: Do you recommend to switch to pvgrub and in-VM kernels to be able to take advantage of regular distro kernel updates? The upcoming/planed binary packages of coldkernel probably address this topic as well. thanks! Joonas *) I know, that in-VM security is/should not be relevant for the isolation between VMs but if someone can compromise all networked VMs via vulnerabilities in the UDP/TCP/IP stack it is probably as bad as having no isolation. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/639daa54-56a6-abba-4e78-3fdd18a25518%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too
>> Once your MAC address is randomized you might also want to prevent the >> disclosure of your netvm's hostname to the network, since "sys-net" >> might be a unique hostname (that links all your random MAC addresses and >> the fact that you likely use qubes). > >> To prevent the hostname leak via DHCP option (12): >> - start the debian 9 template >> - open the file /etc/dhcpd/dhclient.conf sorry there is a typo in the file path: correct file: /etc/dhcp/dhclient.conf >> - in line number 15 you should see "send host-name = gethostname();" >> - comment (add "#" at the beginning) or remove that line and store the file >> - reboot your netvm > >> I tested the change via inspecting dhcp requests and can confirm that >> the hostname is no longer included in dhcp requests. > > > Thanks. Added as a comment: > > https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-292843628 thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/da8baa69-eefc-674a-e7d6-e44c4163dabc%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too
Hi, if you setup MAC randomization via network manager in a debian 9 template as described here: https://www.qubes-os.org/doc/anonymizing-your-mac-address/ you still leak your hostname. Once your MAC address is randomized you might also want to prevent the disclosure of your netvm's hostname to the network, since "sys-net" might be a unique hostname (that links all your random MAC addresses and the fact that you likely use qubes). To prevent the hostname leak via DHCP option (12): - start the debian 9 template - open the file /etc/dhcpd/dhclient.conf - in line number 15 you should see "send host-name = gethostname();" - comment (add "#" at the beginning) or remove that line and store the file - reboot your netvm I tested the change via inspecting dhcp requests and can confirm that the hostname is no longer included in dhcp requests. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/69a68b76-9f83-771f-da84-9448790cd4a9%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] ANN: Qubes network server
Hi, before trying it: Is it still maintained? (working with Qubes 3.2) If so: There are a few formatting errors in the readme that make it hard to read https://github.com/Rudd-O/qubes-network-server/blob/master/README.md thanks, Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eabf2a07-4471-51d6-b13c-a4c77085ebf8%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] debian 9: guid/qrexec crashes (fixed by enabling stretch-testing repo+updating)
Hi, just in case others are having similar problems: I'm running Qubes 3.2. I created a fresh debian 9 by upgrading from debian 8. Today the terminal in debian 9 started crashing (closing). In the logs I saw: U2MFN_GET_MFN_FOR_PAG: get_user_pages failed, ret=0x2 (or similar - I didn't count the 'f's) /var/log/qubes/guid.debian9.log contains: ErrorHandler: BadAccess (attempt to access private resource denied) used versions in VM: qubes-core-agent 3.2.16-1+deb qubes-gui-agent 3.2.11-1+deb (not sure if the version is truncated since it comes from 'xl console') Now I modified /etc/apt/sources.list.d/qubes-r3.list to enable the 'stretch-testing' repo, after upgrading my versions are now: qubes-core-agent 3.2.16-1+deb9u1 (not truncated anymore) qubes-gui-agent 3.2.15-1+deb9u1 It no longer appears to crash now. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/792a9840-7201-7aa7-e919-7ba8648a8118%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Qubes-Whonix DisposableVM documentation created
Are there any optimizations planed? whonix-ws-dvm takes >50 seconds to start fedora-24-dvm takes <10 seconds to start -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/29b9c740-ee69-ff50-9c64-ea47aa5e0905%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] show NetworkManager for AppVM? (aka AppVM with WiFi device in Hotspot Mode)
thank you unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e39ae5c9-5219-f23a-e9bf-a9bb87a42d6f%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] show NetworkManager for AppVM? (aka AppVM with WiFi device in Hotspot Mode)
Hi, I'd like to use the WiFi adapter in my laptop in hotspot mode. Target setup: wired-netvm <->proxyvm <-> hotspotVM (has the wifi device assigned) (hotspotVM acts as an access point to other devices) Creating a NetVM with gets the WiFi adapter assigned and using NetworkManager to create a hotspot is easy and works fine, but in that case the hotspot has no "uplink" connectivity. On the other side creating an AppVM and assigning the WiFi device to it would solve the "uplink" problem, but in that case the NetworkManager does not show up next to the clock. Is there an easy way to tell the hotspotVM to show/expose the NetworkManager icon next to the clock? thanks! Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d5ba1ef-0f87-c0fe-fa7d-d2aff4aaae7e%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Why doesn't whonix-gw run the latest 0.2.8.x tor?
cezg...@gmail.com: > My guess is lack of time and funding. Qubes definitely could need > better funding. The Qubes team are doing a great job, but they might > be limited on what they can manage to get done because there are so > many things on the to-do list. > > Maybe this will change with the new upcoming funding plans, it would > be very positive change if so. > > For the time being, I suppose you can install your own updated > Whonix? This is about the whonix repo (deb.whonix.org) not Qubes repos and the Whonix repo is managed by Whonix (Patrick). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4c81f910-28f5-93ff-2e62-8075a5affe1c%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Why doesn't whonix-gw run the latest 0.2.8.x tor?
Hi, whonix-gw apparently uses tor 0.2.8.10, the latest 0.2.8.x version being 0.2.8.12 (released 2016-12-19). Why is it not updated? I guess there is very little risk in upgrading from 0.2.8.10 to 0.2.8.12. I'm using a default whonix-gw template with deb http://deb.whonix.org jessie main >From the tor 0.2.8.12 changelog: > o Major bugfixes (parsing, security, backported from 0.2.9.8): > - Fix a bug in parsing that could cause clients to read a single > byte past the end of an allocated region. This bug could be used > to cause hardened clients (built with --enable-expensive-hardening) > to crash if they tried to visit a hostile hidden service. Non- > hardened clients are only affected depending on the details of > their platform's memory allocator. Fixes bug 21018; bugfix on > 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- > 2016-12-002 and as CVE-2016-1254. https://deb.whonix.org/dists/jessie/main/binary-amd64/Packages: > > Package: tor > Version: 0.2.8.10-1~d80.jessie+1 > Architecture: amd64 > Maintainer: Peter Palfrader> Installed-Size: 3935 [...] > Priority: optional > Section: net > Filename: pool/main/t/tor/tor_0.2.8.10-1~d80.jessie+1_amd64.deb > Size: 1422520 > SHA256: b36f5e8fc4590f6fa8431e7114fb187ce9f892f406b9bc55cdf28ef611320f89 > SHA1: afb6720c65df114b772d02554f563fdbb385b7b7 > MD5sum: 7a9c9fd5616f51eec6420d3254273ee3 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c79649b-0b96-1696-f94c-08203fdce167%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] qvm-create-default-dvm modifying initial memory value?
When I look at whonix-ws-dvm "initial memory" it says: ~2800MB >>> I changed that to 1000MB and everything works again. >>> >>> Why that high? > >> since its preset value was over 2800 I didn't want to reduce it to much >> but I just found out that something changes that value. (I did set it to >> 1000 it is now at >1500MB). > >> Is this a bug? Or can I disable this auto-adjustment? > > Ah, I forgot it's adjusted at qvm-create-default-dvm call time. Based on > memory usage inside of VM. It looks something use that much memory in > Whonix-ws based DVM... Try running 'top' there (switch to sorting by > memory with '>' key). OK I played around some more and when setting initial memory to 400MB it gets only increased to >420MB, that should be fine. When starting a xterm-dvm 'top' says only 315MB memory are used. I consider this as solved and I will reset it to 400MB from time to time. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dfb65df7-990a-b340-901a-b58efa31ff09%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] qvm-create-default-dvm modifying initial memory value?
Andrew David Wong: > I don't understand. Isn't the target TemplateVM shut down when > qvm-create-default-dvm is called? How could it be using any memory > while it's shut down? This is not about the initial memory of the used templateVM (in this case whonix-ws) but about whonix-ws-dvm. (qubes manger -> show interal VMs) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5b4d6550-be8c-25ab-c39c-906ef6519539%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] qvm-create-default-dvm running out of space
>> I haven't encountered this before, but it sounds like the Tor Browser >> update might've pushed you over the default 2 GB size limit. Maybe try >> increasing the size of your DVM template? > > Storing savefile in /dev/shm (tmpfs - stored in RAM only) is an > optimization to load it faster. Normally this file takes about > 300-400MB, so should be well below 2GB limit... It's size depends on > memory amount used in DispVM. > > First I'd check what other files you have there and in /tmp - maybe some > old unused stuff. /tmp is basically empty (avail: 2GB) I also tried to increase it to 3GB via mount /tmp -o remount,size=3G but that did not help. When I look at whonix-ws-dvm "initial memory" it says: ~2800MB I changed that to 1000MB and everything works again. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e7220893-513a-b8e6-0890-1ea52b73669f%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] qvm-create-default-dvm running out of space
Hi, when trying to recreate the dvm after the latest torbrowser update I get: qvm-create-default-dvm whonix-ws [...] DVM savefile created successfully. cp: error writing '/dev/shm/qubes/current-savefile': No space left on device And DVM starting fails after that obviously. Do I have to resize /tmp to work around that problem? (2GB by default) thanks, Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ef15b350-f4ca-96cf-f66f-92f8f108564c%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: "What does "supported" mean"? was: Re: [qubes-users] Fedora 24 Template for Qubes 3.1?
Marek Marczykowski-Górecki: > So, expect Fedora 24 template being supported in R3.1 soon too :) Thank you! Looking forward to the announcement. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc4ed7bf-7a05-ee23-6730-5bbe9094c584%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] Fedora 24 Template for Qubes 3.1?
Hi, since Qubes 3.1 is supported until 2017-03-29 according to https://www.qubes-os.org/doc/supported-versions/ does that mean we will see a Fedora 24 template for R3.1 before Fedora 23 reaches EOL? thanks, Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ca965017-c5c4-52a4-4d35-0211c994ca40%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Trying to do an in-place upgrade from 3.1.17 to 3.2
Richard: > I'm trying to upgrade my Qubes 3.1.17 to 3.2 I've followed the steps > outlined here: https://www.qubes-os.org/doc/upgrade-to-r3.2/ However, when I > run... > >sudo qubes-dom0-update --releasever=3.2 qubes-release > > I receive: > Nothing to do > I'm also following steps in https://www.qubes-os.org/doc/upgrade-to-r3.2/ but having the same problem ("Nothing to do."). Maybe because there are simply no packages in http://yum.qubes-os.org/r3.2/current/dom0/fc20/rpm/ ? There is a package here http://yum.qubes-os.org/r3.2/current-testing/dom0/fc20/rpm/ (as mentioned by Holger) (just in http://yum.qubes-os.org/r3.2/current/dom0/fc23/rpm/) What are the recommended steps? Will the package in r3.2/current-testing move one day into r3.2/current? thanks, Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72241e73-947a-6d13-b4c6-894a86a71be7%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Security announcement mailing list? [and others]
>> I'm not sure if it worth it. There is not much such announcements. On >> the other hand, this may be exactly the reason for having a separate >> mailing list for this. I would also love to see a QSB-announce mailing (especially because qubes-users is quite active, and only subscribing to qubes-users to filter for "[qubes-users] Announcing QSB #" is not the best way to handle the current lack of QSB-announce). I guess it is not a big effort for you to create one more list and send the QSB's to one more recipient. Looking forward to be able to subscribe to QSB-announce :) > For now, we have already some non-email channels >> for announcements: >> - @QubesOS on twitter - every security and release announcement is >>duplicated there >> - https://www.qubes-os.org/news/, with its RSS/Atom feed; but we don't >>link security announcements there - maybe we should start? > >> If you think additional ML channel would be useful, then sure, we can >> create one. Thanks for considering it! Joonas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/66816335-e97f-c4f4-b289-03386692d149%40openmailbox.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature