Re: [qubes-users] Does Qubes Use GrSecurity?
On Saturday, August 29, 2015 at 7:11:41 AM UTC-7, Marek Marczykowski-Górecki wrote: > Actually VM template doesn't have anything to say about kernel there. It is > provided independently from dom0. If you want some custom kernel (for > example grsec patched), you'll need place it in dom0 in > /var/lib/qubes/vm-kernels/SOME_NAME/ > > Some docs, links: > 1. Expected files in /var/lib/qubes/vm-kernels/SOME_NAME/: > https://www.qubes-os.org/doc/TemplateImplementation/#modulesimg-xvdd > 2. Kernel packaging repo: > https://github.com/qubesos/qubes-linux-kernel > 3. qubes-prepare-vm-kernel - tool for preparing VM kernel based on one > already installed in dom0. Part of `qubes-kernel-vm-support` package > (not installed by default). > https://github.com/QubesOS/qubes-linux-utils/blob/master/kernel-modules/qubes-prepare-vm-kernel > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? Can I please feature request dom0 getting grsecurity patches upstream from Qubes? Coming from someone who tried patching it myself once or twice, I still don't know how to configure the kernel with the new patch. I tried once, and I spent all day picking configurations to match my hardware, and I know I didn't get it all right because there were a lot of acronyms that I didn't understand even after googling them for tens of minutes. However, I just noticed this in the grsecurity instructions that might not have been there last time I tried it myself (I had to contact the developer of grsecurity to update their instructions before on gpg verification which were outdated, I spent enough time googling how to properly use gpg to tell the developer exactly what they needed to change in the instructions which he did), "It is recommended that you start by setting the Configuration Method option to Automatic." Will setting it to automatic mean I won't have to manually configure the hardware, so I can just focus on configuring grsecurity? If so, the grsecurity instructions don't say how to configure grsecurity. So even if I tried doing grsecurity on my own again, I would at least know how to configure (automatically) the hardware, but I still wouldn't know how to configure grsecurity. Or is that automatic too??? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad21a22d-f474-4221-a160-0d18b35b4175%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall Rules for Printer Access?
On Thursday, January 19, 2017 at 11:57:30 PM UTC-8, Jarle Thorsen wrote: > > in meantime you can use the up arrow in a terminal to use your last > > commands, instead of retyping. > > or use the "history" command, followed by: > $! to execute previous command corresponding to in the > output from history. Very good ideas, thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f5f7d87-ee9b-4cfe-9342-8b2a5d72853a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to Make Firefox Changes in Disposable VMs Peristent?
Hi, How do I do I make Disposable VM Firefox extensions I installed stay installed after I close the Disposable VM and open a new one, and how do I also keep changes to the default search engine and privacy options after I close the Disposable VM and open a new one? I actually uninstalled Qubes because I don't know how to change the persistent state of Disposable VMs. Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ac9fc4f-0896-4b1c-9b2e-346d18b5798b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall Rules for Printer Access?
On Thursday, December 29, 2016 at 11:13:58 PM UTC-5, Andrew David Wong wrote: > On 2016-12-29 15:13, superlative wrote: > I wish qvm-usb was available through the GUI Qubes > > VM Manager. Since it's not I have to save a Firefox bookmark to the > > page https://www.qubes-os.org/doc/usb/ so I don't forget the commands > > I need to use to attach my printer to another disposable VM next time > > I need to print. > > > > Added a note about that here: > https://github.com/QubesOS/qubes-issues/issues/2132#issuecomment-269730375 > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org Thank you Mr. Andrew. You're the best! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe08b955-9536-4361-a8ce-fb5b95bc8e0b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall Rules for Printer Access?
On Thursday, December 22, 2016 at 7:34:55 PM UTC-8, raah...@gmail.com wrote: > you will have to print from a sys-usb qubes then most likely if using usb. > the template you install printer drivers to is that one. You can try to add > single usb device instead if using latest qubes. > https://www.qubes-os.org/doc/usb/ > > Scroll to "Attaching a single USB device to a qube (USB passthrough)" > > Then you can attach the single usb device to an appvm and possibly print to > it? No idea though I've never tried it, maybe someone with more experience > can chime in. Actually I have dont it with an android phone and its worked. > Before I would have to transfer files from the usbvm. So maybe it works for > printers too I would give it a shot. > > Though, most people use network printer from a disposable vm using a whole > separate template. cause printer drivers is untrusted. first virus i ever > got as a young child was from a printer driver disk straight from factory. That worked. I opened a terminal on Fedora-23 template VM, ran "sudo dnf install qubes-usb-proxy" without quotes, opened a XTerm from the System Tools Xfce start menu, ran "qvm-usb", found my printer listed, then ran "qvm-usb -a disp[#] sys-usb:[#-#]" replacing # with whatever number the disposable app VM I had open that I wanted to print from and the other #s replaced with the numbers listed next to my printer with the previous command "qvm-usb" and no brackets or quotes. Printed just fine. I wish qvm-usb was available through the GUI Qubes VM Manager. Since it's not I have to save a Firefox bookmark to the page https://www.qubes-os.org/doc/usb/ so I don't forget the commands I need to use to attach my printer to another disposable VM next time I need to print. Thanks for all your help you guys. My printer now works! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/22918ce0-a635-4bf0-9354-9ea887ca7dbc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fedora-23 Software only shows already installed apps
On Wednesday, December 28, 2016 at 8:02:14 PM UTC-8, Andrew David Wong wrote: > I've never tried the GUI package manager interface. Can you try just > using dnf from the command-line? For example: > > $ sudo dnf install > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org That worked thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d905bf56-46a3-4345-9ed0-0247ab733a6c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall Rules for Printer Access?
Thanks for suggesting a network printer. That might be what I have to end up doing. But before I try that, I want to keep trying USB printer. I'll try the USB passthrough method as soon as I figure out how to install qubes-usb-proxy on my Fedora-23 template VM Software app. I created a new thread in this forum to figure that out. It's called "Fedora-23 Software only shows already installed apps". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4bb662d1-c91a-45f4-a986-eec17102841a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fedora-23 Software only shows already installed apps
Hi, I can install packages from Debian-8 template VM Packages app just fine. But Fedora-23 template VM doesn't have any packages available in the Software app that I don't already have installed. The only Software Sources that show up in Fedora-23 template VM Software app is "Qubes OS Repository for VM (updates)". But in Debian-8 template VM Packages app Package Sources are "Jessie (main)", "Jessie (main contrib non-free)", and "Jessie updates (main contrib non-free)". Is it supposed to be like that? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de7bfc2f-68e5-4816-ad67-98f0106c5c99%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firewall Rules for Printer Access?
On Sunday, December 18, 2016 at 9:18:53 PM UTC-8, Andrew David Wong wrote: > If it's a network printer, then you probably want to allow access to > whichever IP address it has on your local network, e.g., 192.168.1.102. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org It is a USB printer, not a network printer. So I assume I don't need to mess with the firewall, and it should show up in the attach/detatch context menu on Qubes VM Manager. But it doesn't! What do I do if it doesn't show up there? I'd assume I need to install HPLIP package. But I'm not sure which template to install it on in order for the Qubes VM Manager to pick it up? In other words, what template does the Qubes VM Manager use? Thanks for everyone who responded to me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bda5ed4d-c584-473c-9039-fdfe8aa31eab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Firewall Rules for Printer Access?
Hi, I read the instructions to configure a printer here https://www.qubes-os.org/doc/network-printer/ . It says to configure the Firewall to allow printer access. But when I get to the template VM firewall rules, it asks for an URL or IP Address, and I'm not sure how to add an address for my printer which is not on the Internet. How do I "allow network access from the template VM to [my] printer"? Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c129c20c-f88a-4960-a003-871f1658188e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Custom AMD APU build
On Thursday, December 15, 2016 at 1:12:29 AM UTC-8, Andrew David Wong wrote: > It's just a matter of your personal privacy needs. There might be > unique serial numbers associated with your physical hardware. For > most people, this isn't a problem, but if you're a human rights > activist living under a totalitarian regime who communicates online > under a pseudonym, for example, then it's conceivable that the regime > might use this information to link the psuedonym under which you > submit the .cpio.gz file to the identity under which you purchased the > hardware. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org Thanks for letting me know. I wonder if installing a script to run such a command to find serial numbers is how governments deanonymize Tor users? I'll definitely not be submitting that information. Thanks for letting me know how much of a risk it is. Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/caf8ecda-b120-43bf-a512-902b52d9f532%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Custom AMD APU build
On Saturday, December 10, 2016 at 1:44:58 PM UTC-8, superlative wrote: > I got Tor browser on Whonix vm to work by updating the whonix-ws template vm I'm considering adding the HCL support files .cpio.gz, but it the instructions say there are risks with adding the serial number in them. Can someone please tell me what are those risks before I post them? By the way, I thought I updated the Whonix template before saying it didn't work, but apparently I only updated the Whonix-gw template, and I really needed to update the Whonix-ws template. Once I did that I got anon-whonix Tor Browser to work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d782a37e-81fb-4cba-a445-d0fd0cb93c56%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Custom AMD APU build
> Plus I forgot to mention that my Tor browser in the Whonix app vm doesn't > work even though I did the Whonix check. It told me to update things through > the command line. So I did. Now it shows green on all checks. But it still > can't load a web page. Any help please? I got Tor browser on Whonix vm to work by updating the whonix-ws template vm -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/79565e2b-d471-4f62-9353-607008674255%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Custom AMD APU build
On Saturday, December 10, 2016 at 12:20:08 AM UTC-8, superlative wrote: > Web, web videos, and audio of web videos work in all the App VMs on Firefox; > except the Tor browser does not work in the Whonix App Vm yet. When I full screen a web video, my app vm freezes and I have to restart it. Plus I forgot to mention that my Tor browser in the Whonix app vm doesn't work even though I did the Whonix check. It told me to update things through the command line. So I did. Now it shows green on all checks. But it still can't load a web page. Any help please? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6bfe6ecb-ca4c-4612-b26f-638e4fde860d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Custom AMD APU build
On Saturday, December 10, 2016 at 1:40:13 AM UTC-8, Foppe de Haan wrote: > Check out (dom0) ~/.gnome/apps/, ~/.config/menus/ and ~/.local/share/ Thank you. I cd into those directories and rm the old app vm files. It no longer shows up in my Xfce menu. Thanks again! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bd50eb4e-ff74-4ed7-b766-e71e7562fdee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Custom AMD APU build
apg now works in app vms based on the template I installed apg from. I remember trying it before. I guess I just needed a reboot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/71753e05-803e-4049-b61a-9cb2516517f2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Custom AMD APU build
Web, web videos, and audio of web videos work in all the App VMs on Firefox; except the Tor browser does not work in the Whonix App Vm yet. I installed apg in the Debian template, but the apg command line utility only works in the Template VM, not app VMs based on the template even after it's all updated and restarted. Suspend to RAM works. Shutting down takes a couple minutes unfortunately. Sometimes if I rename an App VM more than once, it can't be renamed again. So I have to delete the App VM, cloning it doesn't work. App VMs I've deleted still show up in the Xfce start menu. How do I get rid of those? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/99da6ea1-e6c7-4199-8245-321ce6523b56%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-ASRock-A75M_ITX-20161209-235836.yml Description: Binary data
