Re: [qubes-users] Re: Is it possible to build any BSD template on QubesOS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Jun 07, 2022 at 05:34:10PM -0700, J Holsapple wrote: > Yeah, a more integrated BSD OS would be nice. Something like Windows tools. > The only gui I'd be interested in though is macos. > > In this case, I'm just running the cli and using the webapp for management. > Sure it's a HVM and is more isolated and more resource hungry. Yet it's a > lot like my stand alone pfSense box. It just works. And over the months > I've gone back to my integration guide/script and refined it. > > Keep in mind that I answered the OP's question for the use case where "any" > means a HVM with a CLI and using a webapp for "gui" management. The > integration guide/script is optional for people wanting to replicate my > implementation of pfSense/OPNsense. > > BTW, could you expound a little on your concern for xnf(4) (netfront) and > xbf(4) (blkfront) drivers? Or point me to a reference? I wish to better > understand your concern for threat vectors. Right now, the OpenBSD netfront and netback drivers are not hardened against malicious backends, so they can be attacked by malicious backends. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKj3gYACgkQsoi1X/+c IsHgQRAAqFGBEd8zJCSZ4W8+qbIzbs8/rMojEqrqcZIjBo1PtW4JHgNbl42/PEAc yRs1FNVu7TVELibYle0INnTVR6emm89P5s3r/ym4x0tghfuUAM3yQeZV8g+g5ivQ +UP/7kLN+Gu6gPa4YNANMctRs3FP5Y7KwuIyzvO3yhBgEC4cS10sjM3KYaO80Ue4 ZFjjyg504ZvllbOjgid2LR18j4mC4BUe1f/Lf/IviUggfK/ZCAW3rExqlMU5KbGr i8/3XXRl4YFLXsbrCm20vUvQlW844GkKuECW8OMbjt2gkt3f/2gSeT+Xl8FVd8TD oAMijumqmRKlsm2dd3i58blQjJ5c1T5Hzfwb0VJybN9YUOCjil+oxGOL9nJqkTig bUh6eojSDi65Ld8WwE1KL2vYKO7JiXZ0la9whZeUG6bFs68Gx7AWcfZ+xfJ4k9Ga +FV89WiM79R+HJvVpZphxT1xRdNaVP73rHKIpar88pyUOorZHfM71ANfj1FfOuCY v8FAU9ByLiwgO4Hv3eS6XXAUsTi9NMlWFNeO/Zg9Pc/1Au0sglBR1+LIOmq/iRtF N7j0fPoA0Fp5ZnDOgq2iQ45SzPY3IqEw9ra4dTiBlP5Q7l9RG2Nu5aTyWmjtE55x ASeeo379ZVvPFhDdq8DBzUElTFxURa5zrOWZJoTvltQf2TO66wI= =5I/r -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YqPeBkmp21FXJaE9%40itl-email.
Re: [qubes-users] Re: Is it possible to build any BSD template on QubesOS?
Yeah, a more integrated BSD OS would be nice. Something like Windows tools. The only gui I'd be interested in though is macos. In this case, I'm just running the cli and using the webapp for management. Sure it's a HVM and is more isolated and more resource hungry. Yet it's a lot like my stand alone pfSense box. It just works. And over the months I've gone back to my integration guide/script and refined it. Keep in mind that I answered the OP's question for the use case where "any" means a HVM with a CLI and using a webapp for "gui" management. The integration guide/script is optional for people wanting to replicate my implementation of pfSense/OPNsense. BTW, could you expound a little on your concern for xnf(4) (netfront) and xbf(4) (blkfront) drivers? Or point me to a reference? I wish to better understand your concern for threat vectors. On Tuesday, May 17, 2022 at 1:35:52 PM UTC-4 Demi Marie Obenour wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Sun, May 08, 2022 at 08:01:08PM -0700, J Holsapple wrote: > > I have pfSense (BSD) installed, and working fine for over 6 mos now, as > my > > network IDPS on the external interface. Went OCD and created a complete > > installation guide and integration script. > > It's a bit long and detailed but it works like a charm: > > https://github.com/jcholsap/freemod/issues/1#issue-1016495279 > > I managed to get an OpenBSD template sort of working a while back. I > was able to get networking and storage to work, and X11 worked via > emulated VGA, but I ultimately gave up because of some clashes on the > OpenBSD mailing lists. A proper integration would require substantial > additions to the OpenBSD kernel: > > - - nullfs (BSD version of bind mounts) for /home and /usr/local. The > workaround (a loopback NFS mount) is not something I would be okay > with for production use. > - - Hardened xnf(4) (netfront) and xbf(4) (blkfront) drivers. The current > drivers are not safe in the presence of malicious backends. > - - Userspace access to Xen event channels and grant tables, so that > libvchan and gui-agent can work. > > Additionally, a Xen-aware bootloader would be needed if booting other > than in HVM mode is desired. > - -- > Sincerely, > Demi Marie Obenour (she/her/hers) > Invisible Things Lab > -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKD3PIACgkQsoi1X/+c > IsFFlA/+P76WfNwmIKDoTdoP3J9SQ1e5PQ+fMDF+phjeQmli4AB3MErGMUn0LcOX > kTT+8E0o/+OiUmEjKpPTlxhVWsXqDDwsbqqiipSg9mZBygWzoECXMP6g6Rd3I38F > WQV0Hpm2W0ha7a/oqPdlE5Kklnk76VTAdr6DhIlXvcAc31hEZklUdfUifRNAMmpQ > prKiNdwYBcC+k+PUMwITgzvwP2CgiUc+Hf8wDt7Hj+CjVoi9uVkg0lv4KSRQI9Dj > w3Dxvt6S59P86fPqfce7DwBnGM+hBHem/brkV+mrH+ZTmhSZLxW4DyT28x7/65JM > hgggZxiZ9Z6pfiavZ1CKQaArX+Yc7WzUpigLEZnv6dMZHysbEf44v4uD3T1tz77k > EPv4qtyEXGyKQplmuLWo+eoK8eJxDCHBly2fKef3QEtji+F9HWLs66oVpWyaT6r0 > IP5k8ew+oWTcLhgvu0mSKwztJWFaWzw4vmKD0X2vikGybXlKmICffD14OOPuVpL4 > gCbh/aU615glPMn+u1vhIYjGrbFZLi8/wCQCfI1rp4rX/ElzoVpA7SvCmc5Cy5b2 > oE+ylbLkxe5opfkkJICpCUNRbWDe0Do+54aKdJCQn4pl6qhAGMwI3nYPQ0jbM30y > /0lOYqwqYTlwiZFASIxATZYftUZMzddeNmFoV4fSUN14FCQ8tIU= > =gLNM > -END PGP SIGNATURE- > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4aab4e5d-c2e1-41dd-9d63-e9c3f04ffce4n%40googlegroups.com.
Re: [qubes-users] Re: Is it possible to build any BSD template on QubesOS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, May 08, 2022 at 08:01:08PM -0700, J Holsapple wrote: > I have pfSense (BSD) installed, and working fine for over 6 mos now, as my > network IDPS on the external interface. Went OCD and created a complete > installation guide and integration script. > It's a bit long and detailed but it works like a charm: > https://github.com/jcholsap/freemod/issues/1#issue-1016495279 I managed to get an OpenBSD template sort of working a while back. I was able to get networking and storage to work, and X11 worked via emulated VGA, but I ultimately gave up because of some clashes on the OpenBSD mailing lists. A proper integration would require substantial additions to the OpenBSD kernel: - - nullfs (BSD version of bind mounts) for /home and /usr/local. The workaround (a loopback NFS mount) is not something I would be okay with for production use. - - Hardened xnf(4) (netfront) and xbf(4) (blkfront) drivers. The current drivers are not safe in the presence of malicious backends. - - Userspace access to Xen event channels and grant tables, so that libvchan and gui-agent can work. Additionally, a Xen-aware bootloader would be needed if booting other than in HVM mode is desired. - -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmKD3PIACgkQsoi1X/+c IsFFlA/+P76WfNwmIKDoTdoP3J9SQ1e5PQ+fMDF+phjeQmli4AB3MErGMUn0LcOX kTT+8E0o/+OiUmEjKpPTlxhVWsXqDDwsbqqiipSg9mZBygWzoECXMP6g6Rd3I38F WQV0Hpm2W0ha7a/oqPdlE5Kklnk76VTAdr6DhIlXvcAc31hEZklUdfUifRNAMmpQ prKiNdwYBcC+k+PUMwITgzvwP2CgiUc+Hf8wDt7Hj+CjVoi9uVkg0lv4KSRQI9Dj w3Dxvt6S59P86fPqfce7DwBnGM+hBHem/brkV+mrH+ZTmhSZLxW4DyT28x7/65JM hgggZxiZ9Z6pfiavZ1CKQaArX+Yc7WzUpigLEZnv6dMZHysbEf44v4uD3T1tz77k EPv4qtyEXGyKQplmuLWo+eoK8eJxDCHBly2fKef3QEtji+F9HWLs66oVpWyaT6r0 IP5k8ew+oWTcLhgvu0mSKwztJWFaWzw4vmKD0X2vikGybXlKmICffD14OOPuVpL4 gCbh/aU615glPMn+u1vhIYjGrbFZLi8/wCQCfI1rp4rX/ElzoVpA7SvCmc5Cy5b2 oE+ylbLkxe5opfkkJICpCUNRbWDe0Do+54aKdJCQn4pl6qhAGMwI3nYPQ0jbM30y /0lOYqwqYTlwiZFASIxATZYftUZMzddeNmFoV4fSUN14FCQ8tIU= =gLNM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YoPc8pybMUv0leba%40itl-email.
[qubes-users] Re: Is it possible to build any BSD template on QubesOS?
I have pfSense (BSD) installed, and working fine for over 6 mos now, as my network IDPS on the external interface. Went OCD and created a complete installation guide and integration script. It's a bit long and detailed but it works like a charm: https://github.com/jcholsap/freemod/issues/1#issue-1016495279 On Thursday, May 14, 2020 at 12:57:00 PM UTC-4 onelov...@tuta.io wrote: > Hello, Qubes Community. > > In PHV mode like Fedora-31 or Debian-10. > Is the Qubes-builder capable of this? > > I once did it on 3.1 version, but now this is no longer relevant. > https://www.qubes-os.org/doc/netbsd/ > and I could only get there through "xl console" > > > -- > Securely sent with Tutanota. Get your own encrypted, ad-free mailbox: > https://tutanota.com > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a9f959f-1e1b-4e82-904d-d433799c2b26n%40googlegroups.com.
