Re: [qubes-users] Re: files disappearing
On 08/21/2016 03:11 PM, J.M. Porup wrote:
On Sat, Aug 20, 2016 at 07:05:10PM -0400, Chris Laprise wrote:
* Download the Equation Group files from Mega to report on them
* qvm-copy-to-vm --> new fedora 23 based appvm
* open terminal in new vm, files are there
* shutdown, reboot--files are gone
One avenue to investigate is to reproduce the problem and then see if
another vm can manually mount that filesystem and access the files:
1. Start the appvm in question ("VM1") - private data files do not appear
2. Pause VM1
3. Start a testing appvm ("VM2").
4. Use qvm-block in dom0:
$ qvm-block -A --ro VM2 dom0:/var/lib/qubes/appvms/VM1/private.img
5. In VM2, run:
$ mkdir data
$ sudo mount /dev/xvdi data
$ ls data/home/user
6. Look for your data files
Thanks for this suggestion. I tried last night, but mounting
/dev/xvdi gave me a fs/superblock error, and non-useful output in dmesg.
I tried again this morning, and was able to mount /dev/xvdd (not xvdi,
although that probably doesn't make a difference).
For that test, you are definitely interested in xvdi not xvdd.
Taking a good look around the 4.1.24-10.pvops.qubes.x86_64/ dir, but not
finding anything that looks like a home directory, much less my files.
I'm probably doing something wrong.
Perhaps related: Last week my .bash_history disappeared in dom0,
replaced, bizarrely, by the attached text. Difficult to avoid the
suspicion this is someone trolling.
jmp
The error you got does indicate the vm filesystem got corrupted--and
that is probably because your dom0 root filesystem was corrupted,
considering what happened to your dom0 .bash_history. I would say the
level of corruption, which resembles file cross-linking errors, is great
enough to consider dom0 isolation to be degraded and the OS damaged in
general.
The best course of action would be to start with Andrew's suggestion:
Most recent laptops have disk and memory tests built into the firmware,
accessible from the power-on screen. On completion you should see a
short assessment as to whether your memory and drive are healthy or not.
You could also use 'smartctl -a' on your drive to look for specific
failure indicators.
After addressing any hardware problems (such as replacing RAM modules or
SSD), I suggest reinstalling Qubes and restoring from your backups. You
may wish to first try backing up what's left of your current data before
reinstalling and restoring from an older backup, in case you want to try
recovering your most recent data later on.
If you have specific questions I'd be happy to try answering them for you.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f1db4593-bbf6-40d6-89b3-19710a989a27%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: files disappearing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-08-21 12:11, J.M. Porup wrote:
> On Sat, Aug 20, 2016 at 07:05:10PM -0400, Chris Laprise wrote:
>>> * Download the Equation Group files from Mega to report on them *
>>> qvm-copy-to-vm --> new fedora 23 based appvm * open terminal in new vm,
>>> files are there * shutdown, reboot--files are gone
>>
>> One avenue to investigate is to reproduce the problem and then see if
>> another vm can manually mount that filesystem and access the files:
>>
>> 1. Start the appvm in question ("VM1") - private data files do not
>> appear 2. Pause VM1 3. Start a testing appvm ("VM2"). 4. Use qvm-block in
>> dom0: $ qvm-block -A --ro VM2 dom0:/var/lib/qubes/appvms/VM1/private.img
>> 5. In VM2, run: $ mkdir data $ sudo mount /dev/xvdi data $ ls
>> data/home/user 6. Look for your data files
>>
>
> Thanks for this suggestion. I tried last night, but mounting /dev/xvdi gave
> me a fs/superblock error, and non-useful output in dmesg. I tried again
> this morning, and was able to mount /dev/xvdd (not xvdi, although that
> probably doesn't make a difference).
>
> Taking a good look around the 4.1.24-10.pvops.qubes.x86_64/ dir, but not
> finding anything that looks like a home directory, much less my files. I'm
> probably doing something wrong.
>
> Perhaps related: Last week my .bash_history disappeared in dom0, replaced,
> bizarrely, by the attached text. Difficult to avoid the suspicion this is
> someone trolling.
>
> jmp
>
A hardware problem could be the common cause. I recommend running SMART checks
on your drives and memtest if you haven't already.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJXugU/AAoJENtN07w5UDAwmywP/RcY/0plpaXOr6pOadQ9qP+j
Xa2l5NwRs27u3N9KwX3BPuiETfpDLIlsrPYToccpttndypu8MvWvtrA8SOP2lDNd
qLkIFRAF5YUt+T9fCiB3cK3kbc2HVmXnELXx534WcF52Juo6yXk+FalJXe7uQCru
QL9nMADE08DJhPapYgcjnNmQ4h+kSq6eIF9Rjnyt4dFvLrbKgWcxovyA1dl6Pgy0
nYX9VW6cZKl7u5rqbbpp/tDeNUXFaWYCYlXkZBydLwk2LqfgVT6CEvIeFz9ZX4Lq
7g3NOb+u8fvKZx/6OGhLjKbjbzsWnD53E2907/q01qfSmCusXTblIdGKC6H369C4
/l3To4R+kmVqbuONLpkghPtkolOU3b3dwNQ05o88F8IuHy8U5neKiG+hqc1kibGs
my6sGPJiI3eivI4oPJolpntQDpEhBF0ZL1+dU6arHhQIktEJul3aPtwA3pJIcuuR
OCnHsCN5/5nLDtREcmw2z/2NtDqXpJ94Q0CW556o494gRVfEQrItr/p2lpI5WCr6
3xWIvjydeMLRoc+DuqbNY+MoXNpybBO8SlItSrpPbQQsz9/taQ0nHgmbe6aTKKNm
ZY8A/tE+fHAbYtAyZ9yd8kg19J0envsiTY0kEYvtmN/O4anKy2zqaAKj3DrbR+Ok
fm+ntxkEQPfRwVc7QpZV
=DHc4
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/b9981419-f5a4-2fde-ffd4-2e5e04ecf3ee%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: files disappearing
On Sat, Aug 20, 2016 at 03:55:47PM -0700, Andrew David Wong wrote: > $ ll /var/lib/qubes/appvms// > > (If you have unaffected AppVMs, see if there is any pattern in differing > permissions.) Thanks for the suggestion, but a close look at the permissions doesn't reveal any difference with other vms, including ones that appear to be working correctly. jmp -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160821005046.GA1180%40fedora-21-dvm. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: files disappearing
On 08/20/2016 06:00 PM, J.M. Porup wrote: On Sat, Aug 20, 2016 at 05:56:39PM -0400, J.M. Porup wrote: On Sat, Aug 20, 2016 at 05:29:19PM -0400, J.M. Porup wrote: files in three different vms have disappeared in the last week. In one case I lost work. previously I've seen a vm start without local data, somehow it doesn't "catch", usually a shutdown and restart solves the problem. In this case multiple restarts over multiple days is not working. what can I investigate to discover the cause of the missing data? assuming, for the sake of argument, accident and not adversary. I can reproduce this with appvms based on debian 8, but not fedora 23. * create new appvm * open a terminal, 'touch foo' * shutdown vm * restart vm, file is gone fedora 23 based appvms persist, but the debian 8 based appvms did not, at least in this test. I have not checked all my vms yet. Additional data point. * Download the Equation Group files from Mega to report on them * qvm-copy-to-vm --> new fedora 23 based appvm * open terminal in new vm, files are there * shutdown, reboot--files are gone jmp If you have modified your debian 8 template a lot, another thing you could try is to create a bare/unmodified debian template and switch your appvm to use the latter. Then see if the problem persists. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68206fac-e059-97a6-9073-6e04f515ea60%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: files disappearing
On 08/20/2016 06:00 PM, J.M. Porup wrote:
On Sat, Aug 20, 2016 at 05:56:39PM -0400, J.M. Porup wrote:
On Sat, Aug 20, 2016 at 05:29:19PM -0400, J.M. Porup wrote:
files in three different vms have disappeared in the last week.
In one case I lost work.
previously I've seen a vm start without local data, somehow it doesn't
"catch", usually a shutdown and restart solves the problem. In this case
multiple restarts over multiple days is not working.
what can I investigate to discover the cause of the missing data?
assuming, for the sake of argument, accident and not adversary.
I can reproduce this with appvms based on debian 8, but not fedora 23.
* create new appvm
* open a terminal, 'touch foo'
* shutdown vm
* restart vm, file is gone
fedora 23 based appvms persist, but the debian 8 based appvms did not,
at least in this test. I have not checked all my vms yet.
Additional data point.
* Download the Equation Group files from Mega to report on them
* qvm-copy-to-vm --> new fedora 23 based appvm
* open terminal in new vm, files are there
* shutdown, reboot--files are gone
jmp
One avenue to investigate is to reproduce the problem and then see if
another vm can manually mount that filesystem and access the files:
1. Start the appvm in question ("VM1") - private data files do not appear
2. Pause VM1
3. Start a testing appvm ("VM2").
4. Use qvm-block in dom0:
$ qvm-block -A --ro VM2 dom0:/var/lib/qubes/appvms/VM1/private.img
5. In VM2, run:
$ mkdir data
$ sudo mount /dev/xvdi data
$ ls data/home/user
6. Look for your data files
If you can see your data in VM2, then the problem may be due to some bug
in the boot sequence for the template used by VM1. But that doesn't
necessarily rule out foul play... You may want to use VM2 to inspect
vulnerable files in 'data' such as home/user/.bashrc and
home/user/.profile to see if they've been tampered with.
To undo the above attach+mount, run 'sudo umount data' in VM2 then
shutdown VM2. Finally, un-pause VM1.
Chris
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d4f40f95-c58e-48ae-14ce-efe69dab42bd%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: files disappearing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-20 15:40, J.M. Porup wrote: > On Sat, Aug 20, 2016 at 03:15:33PM -0700, Andrew David Wong wrote: >> Does this mean the the files are gone from the source VM or the >> destination VM? > > the destination vm. > >> Which version of Qubes are you using? > > 3.1. > > thanks jmp > > Ok, so this means that you're now able to reproduce the issue on fedora-23-based AppVMs, as well, right? What are the permissions on the affected AppVMs' files in dom0? You can see this in the output of: $ ll /var/lib/qubes/appvms// (If you have unaffected AppVMs, see if there is any pattern in differing permissions.) P.S. - Please keep the list CCed. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXuN/xAAoJENtN07w5UDAwST0P/iD1+g0o2rINPjZF1j/S6fqg aJcENoqgCL6YfjhGijNZ2CAhsPruR4S1/2H+SDynQy8atYXXeTmcogFm7WUBXmBA Ju3z1owV1nNDw2POQcoPT5SRmZknBPRgxGnVVGs52qHYwfMqezQEdYdsJkt5WzSD fp/baEcMX7m8AUT3du7jr819d2FBtnFlq4Xq0rFawWTw599MzQXgHUrUDkQK/y5P pl2srsKmuEOuM2+uRnFWi4MJ8WKDG8/yrQ39CGrTE/Q6CwC3YDzkwbjjZPHbFJDW HDoEUx5Q+8ckLLgy6h2UbQM1Wrx4P/7S7L3Btgz68pjksDr9J2gsY4zeYNIDks66 YjZlDjmg27JdUhLy0l+fBpw4i8D7oFQ13Ge3tcseFUSFebg6M/glD56uW6RiTHA3 5tBJLZHUBN62n8vNwAatvVtQN2kXY/n29cPQOFCJvoAmrTvHwnfcIw9aYryd6OqS g7sXiknzLX7ZUlbkGFMJhoL6AXxZq52Sryk58WhSpJDzxctq/aqYVmqYaXGZrIQ2 lXVZCRPgwMirVxBeGGsjJS/mrMllcHtAMv9h61uNqLcn2AkAz4TP4gX4BQH4C0nd vtlmciODbogtaaWpYfpj1pFEPFZhJPUZWbcXG3Psyun6nuE5iD/4lpVHkiUenCC/ Fli/ItCPnustiAz0MkNg =vIFW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/44106119-2986-bcc8-79f1-446c0013d215%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: files disappearing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-20 15:00, J.M. Porup wrote: > On Sat, Aug 20, 2016 at 05:56:39PM -0400, J.M. Porup wrote: >> On Sat, Aug 20, 2016 at 05:29:19PM -0400, J.M. Porup wrote: >>> files in three different vms have disappeared in the last week. In one >>> case I lost work. >>> >>> previously I've seen a vm start without local data, somehow it doesn't >>> "catch", usually a shutdown and restart solves the problem. In this >>> case multiple restarts over multiple days is not working. >>> >>> what can I investigate to discover the cause of the missing data? >>> assuming, for the sake of argument, accident and not adversary. >> >> I can reproduce this with appvms based on debian 8, but not fedora 23. >> >> * create new appvm * open a terminal, 'touch foo' * shutdown vm * restart >> vm, file is gone >> >> fedora 23 based appvms persist, but the debian 8 based appvms did not, at >> least in this test. I have not checked all my vms yet. > > Additional data point. > > * Download the Equation Group files from Mega to report on them * > qvm-copy-to-vm --> new fedora 23 based appvm * open terminal in new vm, > files are there * shutdown, reboot--files are gone > Does this mean the the files are gone from the source VM or the destination VM? Which version of Qubes are you using? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXuNZ8AAoJENtN07w5UDAwtgEP/2ydyC6kMqVqous3aPgbpU1J R+F8buyr9CzS8ocTXN6Vm8LZjQBCrosUcWADrEjqpqdgzJ74aiXE6VDk5jewy2dg Hwju0jO67hUqhwNX6cvmUCRecCR0dw5gk05x2GNbQSZS0mPPUmotLy3S/ZCy3MZ4 xx26wYX/16bjRQs/GR7xqFdDmQdHutrH05udbI2ata9tvS+itkk2D9FidRgPqp9P j8Y6Vcf5RSg+lVBRE962k3i5I61pSWGPPO70dbvanj898Acy82cmPF+e+uo46dXW iZNQuddYeZkLKwcPbGt2oFyMpkOscPiJ59LT6TVvwnRXWOGOa2LAi86CQawlxI6x HB7next7mKPtilKtrGJwr7t1EDl2WYiHpVyEelsjX9HWztiTH46l6yfRlftNWwcs EspVazziR8MZP7eLO718sa7RTU1mt1qkeiYbrERQLwVV751XwHi18xECbvU8h/N2 pVQ8G19zhBDRzEZ4+n5TnjUteudU6Utnota6qa3qkS8x4fu0x2DCtrZD5DtA7BHK OIBsiH2clgUVd1lSzSJ7gnj5f4oBl/cBS2Jsq/HCcEFWb8Nx27sTiwZUaty9rQjL i2HKxSAPnTXKG744aws67bb2B0DFr1DHVJObl6jD+DbO5vboUOpBGhQIxr9dxgm7 ZXIooa0HavsxCFYafwTe =JVUA -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/35d471ed-f45e-9460-82c8-e5b9a7ef1822%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: files disappearing
On Sat, Aug 20, 2016 at 05:56:39PM -0400, J.M. Porup wrote: > On Sat, Aug 20, 2016 at 05:29:19PM -0400, J.M. Porup wrote: > > files in three different vms have disappeared in the last week. > > In one case I lost work. > > > > previously I've seen a vm start without local data, somehow it doesn't > > "catch", usually a shutdown and restart solves the problem. In this case > > multiple restarts over multiple days is not working. > > > > what can I investigate to discover the cause of the missing data? > > assuming, for the sake of argument, accident and not adversary. > > I can reproduce this with appvms based on debian 8, but not fedora 23. > > * create new appvm > * open a terminal, 'touch foo' > * shutdown vm > * restart vm, file is gone > > fedora 23 based appvms persist, but the debian 8 based appvms did not, > at least in this test. I have not checked all my vms yet. Additional data point. * Download the Equation Group files from Mega to report on them * qvm-copy-to-vm --> new fedora 23 based appvm * open terminal in new vm, files are there * shutdown, reboot--files are gone jmp -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160820220019.GE1127%40fedora-21-dvm. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: files disappearing
On Sat, Aug 20, 2016 at 05:29:19PM -0400, J.M. Porup wrote: > files in three different vms have disappeared in the last week. > In one case I lost work. > > previously I've seen a vm start without local data, somehow it doesn't > "catch", usually a shutdown and restart solves the problem. In this case > multiple restarts over multiple days is not working. > > what can I investigate to discover the cause of the missing data? > assuming, for the sake of argument, accident and not adversary. I can reproduce this with appvms based on debian 8, but not fedora 23. * create new appvm * open a terminal, 'touch foo' * shutdown vm * restart vm, file is gone fedora 23 based appvms persist, but the debian 8 based appvms did not, at least in this test. I have not checked all my vms yet. jmp -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160820215638.GD1127%40fedora-21-dvm. For more options, visit https://groups.google.com/d/optout.
