Please consult
https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/
https://www.qubes-os.org/news/2017/10/03/core3/
for more information about admin possibilities and how they’re supposed to
work. There are simple demo examples as well.
--
You received this message because you are subscribe
you probably ticked update over Tor option when installing.
templates do not connect to network directly, they use an updates proxy.
I' not sure it can be changed in GUI, but you can find the appropriate rpc
policy in /etc/qubes-rpc
alternatively you can temporarily set template vm's network provi
sudo xl console -t serial Work
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qube
The official templates use nftables so shouldn’t be mixed with iptables. I
didn’t have time to learn about nftables, so just removed nftables package from
debian 9 template. YMMV.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe f
Hmmm, this kind of makes qvm-pci useless... I think this should be enabled in
vm kernels and then users who want hotplug enabled could just add that kernel
flavour to their grub.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe fr
I’ll disagree with comparison of btrfs to lvm. there is a very significant
difference between btrfs and lvm. btrfs is like a namespace and lvm volumes are
block devices. one can put a namespace on a block device. but yes, layers and
layers of metadata processing required.
BTW, has anyone starte
sudo lvcreate -L --type thin-pool --thinpool
qvm-pool --add lvm_thin -o
volume_group=,thin_pool=
qvm-create -P ...
or
qvm-clone -P
set desired private image size using standard tools.
this will put the private volume in the new thin pool. private volumes are
mounted in /rw
btrfs m
I agree with Chris. Data specific to a qube should be stored on one of that
qube’s volume. Backups work then.
so in short, first create a qubes storage pool
qvm-pool --add
qvm-create -P
if you go for a thin pool, create it first and use volume group and thin pool
names as options for qvm
Please refer to Qubes issue #3118 which spells it out.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this g
I hope you do understand that there is no encryption in what you propose.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com
did you update it in R4 before cloning and upgrading?
templates establish a connection to a proxy running in some netvm defined in
dom0 over a vchan.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiv
did you update it in R4 before cloning and upgrading?
templates establish a connection to a proxy running in some netvm defined in
dom0 over a vchan.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiv
There are more critical problems than lack of gui frontend at the moment.
Still, backup ui is on the devs' list. See issue #3354
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, sen
AFAIK fn does not emit a code and bios will process it only in combinations
with predefined keys. other keys can probably be remapped. but from my
exprience I failed to swap fn and ctrl.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubs
qvm-create-default-dvm fedora-25
Try that to check if it fails. If not then starting dvms won't be a problem
anymore. If it does then there's something wrong with your template.
I use a heavily customized F25 template for dvms and it never fails, but I
always run qvm-create-default-dvm after any
On Thursday, February 2, 2017, Chris Laprise wrote:
> On 02/01/2017 07:36 PM, Connor Page wrote:
>
>> actually I think that reliance on mangle can be avoided since routing
>> table selection can be done by source address rather than firewall marks.
>> marks are good to
I guess you need to install any firmware packages for your network devices
first.
IIRC it's called iwl7260-firmware or something like that.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails
qvm-backup has a different syntax and vms are excluded from rather than
included in a backup.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubsc
On Monday, 5 June 2017 01:42:40 UTC+1, Drew White wrote:
>
> So PFSense is NOT the first line of defense then?
> It is behind another guest?
It was the first line of defense from Internet threats. But at the same time it
was connected to bridges in Fedora netvms that themselves were only connec
I don't do hotplugging to pfSense. I've created separate Fedora based netvms
with bridges named LAN and DMZ and connected pfSense to those at start. Then
other VMs can use those netvms and connect either to a bridge or do the usual
Qubes routing. Physycal NIC's can be added to tjose vms and brid
I've encountered some problems myself. Out of two identical standard Realtek
cards only one is recognised. :(
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qub
Drew, as I've said my wifi card is not supported . Perhaps, yours isn't either.
I need to test something that pfsense can talk to.
all I changed in VM config was to do with virtual interfaces. those are
correctly recognised as xn0 and xn1.
--
You received this message because you are subscribed
I've managed to install pfSense as a HVM. not sure if it makes sense to run it
as a trusted firewall but that is possible. I created 2 netvms called LAN and
DMZ and created bridges in those. i made a copy of pfSense HVM config and
changed interface type to bridge, added a second virtual interfac
you can create a debian-based sys-net and assign network cards to that. hope
you can get Qubes working for you.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to q
if you're afraid of cameras, just cover it all when entering sensitive
information like citizen four did.
don't ever enter LUKS passphrase if someone else had an opportunity to boot
your laptop without your direct supervision.in that case yes, a live USB drive
is your friend until it is safe to
if you're afraid of cameras, just cover it all when entering sensitive
information like citizen four did.
don't ever enter LUKS passphrase if someone else had an opportunity to boot
your laptop without your direct supervision.in that case yes, a live USB drive
is your friend until it is safe to
I have successfully castrated ME firmware on 2 Haswell laptops so I'd go for
something more recent but well supported by Linux, reflash and put a non-Intel
network card for peace of mind.
ideally a free BIOS would be desirable but that restricts the selection to
quite old generations of chips wh
actually I think that reliance on mangle can be avoided since routing table
selection can be done by source address rather than firewall marks. marks are
good to differentiate different types of traffic but in our case all traffic
should be trated the same.
there is difference in how traffic fro
Rudd-O's solution uses a separate routing table thus ensuring that all traffic
from VMs go either to VPN or a "blackhole". This is more robust than relying on
the main routing table that can be messed up. However, that requires relaxing
the reverse path filter and I don't remember any mitigation
I guess qubes tools need to be recompiled against new libraries but userspace
pulseaudio version is not a problem.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
t
I've been using only f25 for about a month now. the upgrade was smooth. just
needed to tweak qt5 styles and scaling.
looks like now there is a version conflict. qubes-gui-vm requires pulseaudio 9
but I guess f25 has moved on to version 10.
--
You received this message because you are subscribed
Linux HVMs don't get network settings from stub domains so all the IPs have to
be set manually. When network topology is changed, new addresses have to be
entered.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group a
you can specify your modified config copy in qvm-start
--custom-config=/path/to/config vm-name
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubs
thank you for the link. I have successfuly tried it on a Haswell notebook. it
doesn't disable ME but (supposedly) limits it's functionality by removing all
modules but 2.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this
you would have to create a new VM, configure it properly and then copy the
private image from the source VM.
same limitation apply to proxyvms :(
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving e
Sorry Drew, you asked what needs to be installed to make another dom0, not the
bare minimum that is required. Every Qubes specific package provides a list of
prerequisites and version conflicts. For instance,
Name: qubes-core-dom0
Version:%{version}
Release:1%{dist}
Summ
why wouldn't you consult the list of actually installed packages?
https://github.com/QubesOS/qubes-installer-qubes-os/blob/master/conf/comps-qubes.xml
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receivi
On Monday, 14 November 2016 19:24:06 UTC, Unman wrote:
> qvm-block -A allows you to attach an image file to a qube.
BTW, what's the correct way to detach one image file? it's not mentioned in the
man page :(
--
You received this message because you are subscribed to the Google Groups
"qubes-u
On Monday, 14 November 2016 18:52:27 UTC, pixel fairy wrote:
> how do you attach an image file to an appvm?
qvm-block -A :
for your purpose the file or volume can be in the backupvm.
>
> what would you recommend for for resizable, or ideally, automatically
> resizing volume for this?
lvm or b
the filename of the colour profile .icc-file is stored in the X atom
_ICC_PROFILE. perhaps, if that is available then the correct profile can be
selected by gnome settings manager which currently says there are no colour
managed devices in vms. I think colord service would need to be enabled as
darktable and firefox can use a defined profile without colord. the profile has
to be in a specific place and selected as the display profile (with colord
option switched off). for firefox the full path to the profile should be
entered in some property that I don't remember exactly right now but
On Friday, 28 October 2016 12:19:56 UTC+1, Laszlo Zrubecz wrote:
> Can you please describe in more details what and how you achieved?
>
Found this in bash history backup:
dispcal -H -y l -R
(this is to adjust the brightness to the recommended level)
dispcal -v -m -y l -q l -t 6500 -g 2.2 leno
On Friday, 28 October 2016 12:19:56 UTC+1, Laszlo Zrubecz wrote:
> On 09/03/2016 12:49 AM, Connor Page wrote:
> > I have calibrated my yellow screen using argyllcms.
> > I don't attach usb devices to dom0 so installed it in sys-usb as well.
> > used
> > https:/
контроллер usb должен быть в той же виртуальной машине.
please use English on this mailing list.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsub
so effectively your disk is not encrypted. try adding dracut module crypt-gpg,
encrypt the key and use it with .gpg extension in the CMDLINE. if that works
delete the weak passphrase, otherwise there's no benefit for doing all this.
--
You received this message because you are subscribed to th
Thanks Rusty. People should be aware of this. I think I did reclaim all space
but fiddled too much with the settings. Anyway, it was a good excercise, I
learned about btrfs, LUKS and dracut, that wouldn't happen otherwise.
--
You received this message because you are subscribed to the Google Gr
In fact, I think the right question is "Will Qubes 4 be compatible with btrfs
root if vm storage is expected to reside on a LVM thin pool?"
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails
I have root, home and var as subvolumes on a btrfs volume. I intended to create
snapshots before updates. The tricky bit was to put it on a LUKS partition as
somehow the installer encrypted only the swap partition. Maybe it was my fault,
not sure now. Anyway, if you do it check that it is on top
world writable script executed as root is the worst advice I've ever seen on
this mailing list.
please don't do that!
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
I once managed to add a line break before the shebang. Took me a bit of time to
figure it out why vm services did not start.
I can't see what could fail in your script other than $PATH being incomplete or
unset.
--
You received this message because you are subscribed to the Google Groups
"qube
the source code of qvm-run is your best documentation of how applications are
run without logging in :)
here is the session that is started in vms. I like the hangman :)
https://github.com/QubesOS/qubes-gui-agent-linux/blob/master/appvm-scripts/usrbin/qubes-session
--
You received this message b
would you mind posting the whole script?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send ema
try Presentation mode in the power manager panel plugin.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this
https://www.kernel.org/pub/linux/utils/boot/dracut/dracut.html#_crypto_luks_key_on_removable_device_support
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-
does it start with this?
#!/bin/sh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to
technically the user "user" is not logged in so the profile files are not
sourced. use .bashrc if you want to modify terminal sessions.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from
no. it looks exactly as acpi problem. have you tried a Fedora live dvd/usb? If
it doesn't work then the problem is not specific to Qubes. please try.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receivi
with such a fairly fresh kernel you probably should make sure you also have the
latest bios. some people also claim that resetting bios settings miraculously
makes their wifi work in Linux.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To un
does it work in plain Fedora?
your problem most probably is not directly related to the network card itself.
it could be caused by bios settings and wrong acpi config in kernel. I used to
have the same problem when I first tried Qubes R2 on Lenovo Yoga 2 13.
ideapad_laptop module back then would
it's on the front page:
"All software runs on ports that have been deliberately chosen to make
simplistic port blocking unrealistic without causing massive collateral damage.
OpenVPN, for example, does not run on its default port of 1194, but instead
uses port 636, the standard port for LDAP/SSL
Think of Whonix as a possible compartment of your digital life that gives more
anonymity online. It would be more or less securely separated from other
compartments. In order to save space and admin effort common parts of these
compartments (i.e., the root filesystem, kernels, modules) are made
agree, when I looked at it some time ago I could not imagine why I would need
all of that. too large an attack surface for my taste. however, I did
investigate what individual elements are capable of and borrowed some ideas,
like using port 636 and tls-auth for openvpn.
--
You received this me
and forgot to mention, I followed the documentation for upgrade from 21 to 23,
i.e. used an additional disk image for cache and modules. otherwise it would
fail with my densely populated templates.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group
I upgraded all fedora-based vms to 24 about a month ago when I noticed a qubes
repo for that. all upgrades went smooth but I suggest backups first because of
different versions of software. things may break if you switch back to 23. I
had this problem with remmina, it couldn't work properly with
volumed and mixer are not maintained by xfce team anymore [1]
since audio relies on pulseaudio it would make sense to use pulseaudio plugin
and key bindings in dom0.
[1] http://www.xfce.org/about/news/?post=1425081600
--
You received this message because you are subscribed to the Google Groups
they should be connected to the same firewallvm, not netvm. iptables in netvms
are set up differently.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-user
are you trying to login or unlock? the documentation covers only unlocking the
screensaver.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr.
I think nowadays many live installers that have capability to install on
encrypted partitions give possibility use the tools in a terminal window. For
instance, when I realised that somehow only a swap partition got encrypted in a
fresh Qubes install I launched Manjaro live ISO, dd root partitio
it makes an evil maid's mission a bit more complicated
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this g
I have calibrated my yellow screen using argyllcms. I don't attach usb devices
to dom0 so installed it in sys-usb as well. used
https://encrypted.pcode.nl/blog/2013/11/24/display-color-profiling-on-linux/ as
a rough guide. to get the calibration done you just need to run dispcal and
then transf
No. 4 makes sense. sys-usb shouldn't know the encryption keys. encrypted block
device can be attached to a server vm where it would be appropriately decrypted
and mounted, possibly from dom0 via qvm-run (you can start a vm, attach
storage, decrypt and mount it by a short script using qvm-* comma
just a word of caution, your network cards and thunderbolt devices will have
access to all memory they can address and at least one USB controller will be
in dom0 as the keyboard is USB. that controller actually has an external port.
don't count on Qubes to prevent hardware attacks or keep it sa
after giving it a thought I decided keep usb devices out of dom0. the solution
for debian is real 2FA but ykfde is for lazy people. I gave it as an example of
dracut hooks. theoretically you can rearrange hooks so that yubikey
authentification happens before rd.qubes.hide_all_usb is processed bu
this is an interesting idea. initramfs is generated by dracut. read this
https://github.com/nj0y/ykfde/blob/master/README-dracut.md
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
this is not a universal approach but should work fine for gnome apps. you
should type them in terminal applications in each vm.
a more comprehensive approach to cover all bases is to set proper dpi for X
server, Xft, gsettings (if gnome-settings-daemon runs), xsettings (IIRC Debian
template nee
you should use the drive as normal in sys-usb. just make the private image
large enough and copy whatever it is you want to burn to that vm.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails
you can install dunst for minimalist notifications.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this grou
The reality of life is that you can't clone netvms and proxyvms in
qubes-manager. However, if you create a separate template with all
customisation saved in /rw and /etc then you will be able to create many copies
as /rw will be inherited.
--
You received this message because you are subscrib
Read the last part at https://www.qubes-os.org/doc/usb/
This should solve your problem unless you want to mix sound from multiple vms.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from i
I used to run samba server on Archlinux inside Qubes. Actual data was stored on
a separate volume group and mounted in the server vm on boot. The main
difficulty was to do routing and firewalling properly on every change of
network topology. The main risk was that eventually many vms had to be
I played full HD videos on youtube yesterday after a full update without a
problem. Have you updated both the template AND dom0?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, se
use arp to see ip and mac addresses of vms connected to interfaces. lookup ip
in qvm-ls -n or qubes-manager
mac addresses are visible in qvm-prefs. assuming your vms don't spoof these
addresses ;)
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
Thank you Marek. I guess the setting should be greyed out same as root image
size.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@google
I've noticed that there is no private image mounted in /rw in disposable vms.
1. What is the point of private image size setting in Qubes Manager then?
2. Is there an easy way to expand dvm storage without affecting it's template?
3. Am I missing something?
I need to load large files in dvm, check
84 matches
Mail list logo
