[qubes-users] Re: kali failing to start as a HVM (bootable iso)

2017-07-05 Thread andresmrm
cubit 13/01/2017 20:31:05 UTC-2:
> I'm trying to run the kali iso as a HVM but when running qvm-start in dom0  
> it just fails with the errors below.  The template being used is a standalone 
> HVM. Can anyone have pointers on how to work this?
> 
> $ qvm-start kali --cdrom work:/home/user/kali-linux-xfce-2016.2-amd64.iso
> --> Loading the VM (type = HVM)...
> Traceback (most recent call last):
>   File "/usr/bin/qvm-start", line 136, in 
>     main()
>   File "/usr/bin/qvm-start", line 120, in main
>     xid = vm.start(verbose=options.verbose, 
> preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, 
> notify_function=tray_notify_generic if options.tray else None)
>   File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", line 
> 335, in start
>     return super(QubesHVm, self).start(*args, **kwargs)
>   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 
> 1966, in start
>     self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED)
>   File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in 
> createWithFlags
>     if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', 
> dom=self)
> libvirt.libvirtError: internal error: libxenlight failed to create new domain 
> 'kali'

Any updates about this issue? I'm getting the same error trying to install 
Debian 8 or Ubuntu 16.04 as HVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b72d1815-3c9e-481f-af52-733772a7a579%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] [Arch Linux] qubes-usb-proxy

2017-03-26 Thread andresmrm
Hi!

It seems the Arch Linux Template doesn't come with qubes-usb-proxy. I couldn't 
find it using pacman/yaourt neither. So I copied the files manually from the 
repository and it worked.
https://github.com/QubesOS/qubes-app-linux-usb-proxy

Is there a package for it somewhere? Should I make one and send a PR? I never 
did an Arch Linux package, but if some one could point me the direction I could 
try.


Best regards!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22938334-0f4c-4dd9-9c92-953ac9010aa2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?

2017-03-19 Thread andresmrm
Hi!

I use an external keyboard and mouse, both currently connected to dom0.
After reading the USB doc I wanted to add an USB qube so I could "safely"
connect other devices (like untrusted pendrives, and my smartphone to an adb
qube).

Since untrusted devices will connected to this USB qube, it should be
considered untrusted. But I think I only have one USB controller...
This mean my keyboard and mouse will need to be connected to this untrusted
qube together with untrusted devices, right?

Is it worth it to create this extra USB qube this way?

Bellow are the outputs of two commands, if anyone can help me make sure I
really have only one USB controller. I pointed the devices I identified using a
">(device name)". All my 3 USB ports were in use when I ran the commands.

# lsusb
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 04f2:b2e3 >Internal Camera
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 002: ID 04e8:61b6 >External HDD
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 003: ID 0e6a:030c >External Keyboard
Bus 003 Device 006: ID 046d:c077 >External Mouse
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

# readlink /sys/bus/usb/devices/usb*
../../../devices/pci:00/:00:1a.0/usb1
../../../devices/pci:00/:00:1d.0/usb2
../../../devices/pci:00/:00:14.0/usb3
../../../devices/pci:00/:00:14.0/usb4


The most similar thread I found about this topic is this one:
https://groups.google.com/forum/#!searchin/qubes-users/usb|sort:relevance/qubes-users/a86st0lUgEw/2FH24xuBFAAJ
But in that case mojosam had 2 controllers.


Thanks for the attention!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d4b2819-e59c-4251-a0a3-3e7a046a0d72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] [Arch Linux + i3] High CPU usage after closing windows

2017-03-19 Thread andresmrm
Hello!

When I close all terminals from a VM, CPU usage for that VM goes to around 50% 
(shown by Qubes Manager) and stays there until I open another terminal to the 
same VM. The problem only happens if I close the terminal using Ctrl+d, not if 
I kill the window using i3.

This happens both with Arch Linux template or appvms based on it. Doesn't 
happens with Fedora.

Example of commands that I used to open the terminals:

qvm-run -a archlinux "xterm /bin/bash"
qvm-run -a archappvm "xfce4-terminal -x /bin/zsh"

(both bash or zsh, xterm or xfce4-terminal)

I thought it could be some zsh config, but the problem persists even commenting 
.zshrc content, or using bash (default configs).

It also happens if I open Vim with something like:
qvm-run -a archappvm "xfce4-terminal -x vim"
and close it using ":q". If I close Vim killing the window (i3 hotkey), it 
doesn't happens).

I tried to log CPU usage from inside the VM using "ps", but it doesn't seem to 
increase (no reported process started to consume more CPU). I thought it could 
be a problem with Qubes Manager (displaying false high CPU usage), but the fan 
do start to make more noise, so it must be using more CPU.

Any ideas?

Thanks for the attention!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf5292a0-dbd7-42f3-aa6e-48fb022796b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Kicking the sudoers dead horse

2017-03-10 Thread andresmrm
Hello!

The "open" root behavior seems a little strange to me too. But, thinking 
coldly, what would change in your scenario if root was protected?

The attacker would not be able to modify /usr/bin/audacious, or install 
muhbackdoorz to system. But she/he could still delete all your home data, or 
send it through web, or install something inside home and add it to .bashrc, or 
...

Considering all important data in a DomU is owned by one user, and neither root 
nor the non-root user can leave DomU, the damage caused by any of them seems 
almost the same.

More info:
https://www.qubes-os.org/doc/vm-sudo/


Regards!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd734ccd-61ca-4be7-a590-46de944a9324%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Mount different folders on same partition to different AppVMs?

2017-03-10 Thread andresmrm
Hello!

I think the answer will be no, but I want be sure before splitting my files 
into multiple partitions... Is it possible to mount folders on the same 
partition to multiple AppVMs preserving isolation?

I have an external HDD with many files, on the same partition. Now, migrating 
to Qubes, some of those files should be accessible only from AppVM "A", and 
others only from AppVM "B". Do I need to split them in 2 partitions and mount 
each one to an AppVM, or is there a way to mount folders to AppVMs preserving 
isolation?


Thanks for the attention!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77db7cf9-d5f6-413f-b1dd-98b202fbc767%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Archlinux Community Template Qubes OS 3.2

2017-03-09 Thread andresmrm
Thanks for the reply!

Olivier Médoc:
> Yes it must be built, but you can also use the prebuilt template, check
> the additional packages installed in packages.list vs
> packages_minimal.list and remove packages and dependencies that you
> don't want using pacman -Rsc packagename.
> 
> From what I understood, ITL try to not use minimal templates because
> there are too much libraries that are needed by very useful features.
> However, I often take the standard templates, check the packages that
> are installed after the qubes agents in /var/log/yum.log or
> /var/log/pacman.log and remove packages I dislike.

Ok, using non-minimal template.

> About the template not shutting down, I had this issue but I do not have
> this problem anymore. Try updating the Qubes agents by enabling the
> archlinux QubesOS repository inside your TemplateVM.

It seams to have solved by itself, maybe after upgrading Qubes dom0 or Arch 
Linux Template (for the later I had to IgnoreGroup xorg-server and pulseaudio).

There are still a few problems, but I don't know if they are related to this 
template, because I'm not using another:

- /usr/local is beeing reset at my AppVMs on every reboot.
- Sometimes an AppVM starts with /home reseted. Rebooting the AppVM seems to 
fix it. I think it happens when I made changes to the template, shutdown the 
AppVM and start it again before it had time to receive the changes.

Both my Arch AppVMs and Template are in a external hdd (followed the method at 
the wiki: https://www.qubes-os.org/doc/secondary-storage/ ), not sure if this 
can be related.


Trying to install software only at one AppVM, but not at the Template (to avoid 
exposing multiples VMs to "dangerous" software), I came up with some dirty 
lines that I would like to share. Maybe they can be usefull to someone else:

https://github.com/andresmrm/qubes_archlinux_custom_install/blob/master/custom_install.sh

Basically it downloads/builds packages to a custom folder and then symlinks the 
files to system folders. The later step needs to be repeated after every 
reboot, but it should be much faster than downloading or building everything 
everytime.
Tested with "jre" and "wine" so far.


Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7508346b-ab39-4f97-b469-8d314f429d73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Archlinux Community Template Qubes OS 3.2

2017-03-05 Thread andresmrm
Hi!

I saw in the repository some files about an Arch Linux Minimal template:
https://github.com/QubesOS/qubes-builder-archlinux/blob/master/scripts/packages_minimal.list

How should we install it? Must we build it?

I tried to install "qubes-template-archlinux-minimal", but it can't be found. 
And "qubes-template-archlinux" came only with the default template.

Also, the Arch Linux template is not shutting down normally (need to kill the 
VM). With a quick look at logs it seems qetty is not terminating. I can try to 
paste the logs here if it's an unknown bug.

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc00ac0a-31e6-4fbf-9969-4ac03bc8e856%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.