usbvm and internet access
93 views
Skip to first unread message
Niels Kobschätzki
May 25, 2016, 6:40:09 AM5/25/16
to qubes...@googlegroups.com
Hi,
I hope for the last time today ;)
For online P&P-role playing sessions and for podcasting I need to use a usb-webcam and usb-microphone. If I understand it correctly the only way to get those working is to use a usbvm. So I activated it and Cheese and Audacity are showing the expected results.
But I would need to use both in Chrome as well for Hangouts and WebRTC-sessions. But the usbvm doesn't seem to have access to the internet. In the VM settings I cannot choose a NetVM (probably because it is a NetVM itself if I understand it correctly). There is the NetworkManager to check though in Services. When I do an "ip addr list" in the usbvm there is only a loopback-interface.
What would be the best way to approach my problem?
Niels
P.s.: Is there some sort of documentation wiki? I can only find the "Docs" which are ok-ish for the beginning and the archive of this mailing list. I.e. is there a place where I could add the stuff I found out so far by myself or asking in this mailing list, so it is easier to find for others?
Andrew David Wong
May 25, 2016, 8:20:16 AM5/25/16
to Niels Kobschätzki, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-05-25 03:40, Niels Kobschätzki wrote:
> Hi,
>
> I hope for the last time today ;)
>
> For online P&P-role playing sessions and for podcasting I need to
> use a usb-webcam and usb-microphone. If I understand it correctly
> the only way to get those working is to use a usbvm. So I
> activated it and Cheese and Audacity are showing the expected
> results.
>
> But I would need to use both in Chrome as well for Hangouts and
> WebRTC-sessions. But the usbvm doesn't seem to have access to the
> internet. In the VM settings I cannot choose a NetVM (probably
> because it is a NetVM itself if I understand it correctly). There
> is the NetworkManager to check though in Services. When I do an
> "ip addr list" in the usbvm there is only a loopback-interface.
>
> What would be the best way to approach my problem?
>
Any AppVM can be a USBVM (by adding the USB controllers in the
"Devices" tab in "VM settings"), so if a USBVM-as-NetVM doesn't work
(can't test this myself at the moment), then a USBVM-as-AppVM should
be able to get network access by assigning sys-firewall as its NetVM.
> Niels
>
> P.s.: Is there some sort of documentation wiki? I can only find the
> "Docs" which are ok-ish for the beginning and the archive of this
> mailing list.
All of our documentation is here:
https://www.qubes-os.org/doc/
I'm not sure what you mean by "for the beginning." As you can see,
some pages go quite in depth, and there's also a section for
developers, most of which is here:
https://www.qubes-os.org/doc/system-doc/
> I.e. is there a place where I could add the stuff I found out so
> far by myself or asking in this mailing list, so it is easier to
> find for others?
Yes, there's an "Edit This Page" button on every page of the
documentation. It's all written in Markdown, managed under Git, and
hosted on GitHub. We happily accept pull requests containing quality
contributions. :)
If you'd prefer just to send out some informal notes, then this
mailing list is the right place to do it (and would also be
appreciated!).
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXRZhxAAoJENtN07w5UDAwQTsP/jmkGZGBr6OWrs6QUaBwy5Hs
rz7S4+CzLgj+webC2wyJcd4X8z/Y+ErSToou5It6DHWQx9gLf6k5ts1cc3RdFbGP
uA2x8WoHePX7lXDFg2A2a+xgVQJLuBm9kMQne90lEw+onzcJUGDy4SXo6225ztis
23YkyRK6fXjUYPV1TuMClu7tp5v/UtAW1qljD9wBQsMHlOlYm/3YT98ozlXCBX6z
GS8Ud1yOm1IEgYUDEFBGuXcofGdmz1Y2YhJhXw8t32IBwT8tni/CRA9qBkN7nTEA
9QGEi1btoCCQ+bYA+DC8S6es8E1CiRV1L95emxqBvmK+bwIUgLv7IWK+cs6m9O02
Qr3WtCnYKCc6+0ZaMHYlBCszzrsAZL7Dbt/Ruuj8fHDxoFphABSpzHXGdcXW3QI1
lCN6YcgxDixTYCPMSQ8zp0RRaLe5NT+jYqWTegTpxwM7EaigkD93u9MlEJrxC7am
QmnLVU5akImROJnKMUKTvl+RFIq8zbagr17ynjIV3MraNvxdxypidz1AoTqQoBQR
5zoTXDu7E/k4WqB9iH6v6kjsA9BBh4Ypzirox6HF+nNOqFzLVyvJzOo6Vwx4wYcK
3t/oAl9mRF82U3qHCukfbJl/BEWiKeEVVL5+2djUi0YUJU59hvBu+BcKxExv8DTJ
ctizN8pDKbyNA4Ul1Xvb
=CndT
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-05-25 03:40, Niels Kobschätzki wrote:
> Hi,
>
> I hope for the last time today ;)
>
> For online P&P-role playing sessions and for podcasting I need to
> use a usb-webcam and usb-microphone. If I understand it correctly
> the only way to get those working is to use a usbvm. So I
> activated it and Cheese and Audacity are showing the expected
> results.
>
> But I would need to use both in Chrome as well for Hangouts and
> WebRTC-sessions. But the usbvm doesn't seem to have access to the
> internet. In the VM settings I cannot choose a NetVM (probably
> because it is a NetVM itself if I understand it correctly). There
> is the NetworkManager to check though in Services. When I do an
> "ip addr list" in the usbvm there is only a loopback-interface.
>
> What would be the best way to approach my problem?
>
"Devices" tab in "VM settings"), so if a USBVM-as-NetVM doesn't work
(can't test this myself at the moment), then a USBVM-as-AppVM should
be able to get network access by assigning sys-firewall as its NetVM.
> Niels
>
> P.s.: Is there some sort of documentation wiki? I can only find the
> "Docs" which are ok-ish for the beginning and the archive of this
> mailing list.
https://www.qubes-os.org/doc/
I'm not sure what you mean by "for the beginning." As you can see,
some pages go quite in depth, and there's also a section for
developers, most of which is here:
https://www.qubes-os.org/doc/system-doc/
> I.e. is there a place where I could add the stuff I found out so
> far by myself or asking in this mailing list, so it is easier to
> find for others?
documentation. It's all written in Markdown, managed under Git, and
hosted on GitHub. We happily accept pull requests containing quality
contributions. :)
If you'd prefer just to send out some informal notes, then this
mailing list is the right place to do it (and would also be
appreciated!).
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXRZhxAAoJENtN07w5UDAwQTsP/jmkGZGBr6OWrs6QUaBwy5Hs
rz7S4+CzLgj+webC2wyJcd4X8z/Y+ErSToou5It6DHWQx9gLf6k5ts1cc3RdFbGP
uA2x8WoHePX7lXDFg2A2a+xgVQJLuBm9kMQne90lEw+onzcJUGDy4SXo6225ztis
23YkyRK6fXjUYPV1TuMClu7tp5v/UtAW1qljD9wBQsMHlOlYm/3YT98ozlXCBX6z
GS8Ud1yOm1IEgYUDEFBGuXcofGdmz1Y2YhJhXw8t32IBwT8tni/CRA9qBkN7nTEA
9QGEi1btoCCQ+bYA+DC8S6es8E1CiRV1L95emxqBvmK+bwIUgLv7IWK+cs6m9O02
Qr3WtCnYKCc6+0ZaMHYlBCszzrsAZL7Dbt/Ruuj8fHDxoFphABSpzHXGdcXW3QI1
lCN6YcgxDixTYCPMSQ8zp0RRaLe5NT+jYqWTegTpxwM7EaigkD93u9MlEJrxC7am
QmnLVU5akImROJnKMUKTvl+RFIq8zbagr17ynjIV3MraNvxdxypidz1AoTqQoBQR
5zoTXDu7E/k4WqB9iH6v6kjsA9BBh4Ypzirox6HF+nNOqFzLVyvJzOo6Vwx4wYcK
3t/oAl9mRF82U3qHCukfbJl/BEWiKeEVVL5+2djUi0YUJU59hvBu+BcKxExv8DTJ
ctizN8pDKbyNA4Ul1Xvb
=CndT
-----END PGP SIGNATURE-----
ni...@kobschaetzki.net
May 25, 2016, 12:05:28 PM5/25/16
to Andrew David Wong, qubes...@googlegroups.com
> On May 25, 2016 at 2:20 PM Andrew David Wong <a...@qubes-os.org> wrote:
>
> On 2016-05-25 03:40, Niels Kobschätzki wrote:
> > Hi,
> >
> > I hope for the last time today ;)
> >
> > For online P&P-role playing sessions and for podcasting I need to
> > use a usb-webcam and usb-microphone. If I understand it correctly
> > the only way to get those working is to use a usbvm. So I
> > activated it and Cheese and Audacity are showing the expected
> > results.
> >
> > But I would need to use both in Chrome as well for Hangouts and
> > WebRTC-sessions. But the usbvm doesn't seem to have access to the
> > internet. In the VM settings I cannot choose a NetVM (probably
> > because it is a NetVM itself if I understand it correctly). There
> > is the NetworkManager to check though in Services. When I do an
> > "ip addr list" in the usbvm there is only a loopback-interface.
> >
> > What would be the best way to approach my problem?
> >
>
> Any AppVM can be a USBVM (by adding the USB controllers in the
> "Devices" tab in "VM settings"), so if a USBVM-as-NetVM doesn't work
> (can't test this myself at the moment), then a USBVM-as-AppVM should
> be able to get network access by assigning sys-firewall as its NetVM.
Ok, I got that to work. When I tried it the first time I could add only one controller but ran into the problem that the AppVM wouldn't start with an error that the device driver is already in use by xendlight. I didn't get that in the end the pci_strictreset False would be the solution to that problem. The reason was that sys-usb worked with both controllers but the appvm didn't work with just one (after fiddling around, it worked with both). I ran into one wall after another. Now it seems to work.
>
> On 2016-05-25 03:40, Niels Kobschätzki wrote:
> > Hi,
> >
> > I hope for the last time today ;)
> >
> > For online P&P-role playing sessions and for podcasting I need to
> > use a usb-webcam and usb-microphone. If I understand it correctly
> > the only way to get those working is to use a usbvm. So I
> > activated it and Cheese and Audacity are showing the expected
> > results.
> >
> > But I would need to use both in Chrome as well for Hangouts and
> > WebRTC-sessions. But the usbvm doesn't seem to have access to the
> > internet. In the VM settings I cannot choose a NetVM (probably
> > because it is a NetVM itself if I understand it correctly). There
> > is the NetworkManager to check though in Services. When I do an
> > "ip addr list" in the usbvm there is only a loopback-interface.
> >
> > What would be the best way to approach my problem?
> >
>
> Any AppVM can be a USBVM (by adding the USB controllers in the
> "Devices" tab in "VM settings"), so if a USBVM-as-NetVM doesn't work
> (can't test this myself at the moment), then a USBVM-as-AppVM should
> be able to get network access by assigning sys-firewall as its NetVM.
P.s.: Is there some sort of documentation wiki? I can only find the
> > "Docs" which are ok-ish for the beginning and the archive of this
> > mailing list.
>
> All of our documentation is here:
>
> https://www.qubes-os.org/doc/
>
> I'm not sure what you mean by "for the beginning." As you can see,
> some pages go quite in depth, and there's also a section for
> developers, most of which is here:
>
> https://www.qubes-os.org/doc/system-doc/
The problem I have that when I google for errors, you might find the mailing list. In the documentation problems are described but typical concrete error messages are not mentioned that occur in those cases, thus throwing error messages into google do not lead to the documentation.
> > I.e. is there a place where I could add the stuff I found out so
> > far by myself or asking in this mailing list, so it is easier to
> > find for others?
>
> Yes, there's an "Edit This Page" button on every page of the
> documentation. It's all written in Markdown, managed under Git, and
> hosted on GitHub. We happily accept pull requests containing quality
> contributions. :)
> If you'd prefer just to send out some informal notes, then this
> mailing list is the right place to do it (and would also be
> appreciated!).
I will learn the ways of this community :) So far you all are very helpful and this is a real delight after my experiences in the Arch-community :)
Niels
raah...@gmail.com
May 25, 2016, 1:09:08 PM5/25/16
to qubes-users, a...@qubes-os.org
Curious though why you couldn't add a netvm to the usbvm.
ni...@kobschaetzki.net
May 25, 2016, 4:53:21 PM5/25/16
to raah...@gmail.com, qubes-users, a...@qubes-os.org
1: qubesctl top.enable qvm.sys-usb
2: qubesctl state.highstate
sys-usb is a NetVM and thus doesn't use sys-net or sys-firewall for the virtual interfaces. At least that's how I understand it. And it didn't have its own interfaces and when I activated NetworkManager, I saw in the kde panel suddenly a second network manager, but the wifi-device was already connected to another NetVM (and I couldn't figure out how or if it is even possible to get a virtual interface into sys-usb and maybe route the traffic through sys-firewall).
Niels
Andrew David Wong
May 25, 2016, 4:54:15 PM5/25/16
to ni...@kobschaetzki.net, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-05-25 09:05, ni...@kobschaetzki.net wrote:
>> On May 25, 2016 at 2:20 PM Andrew David Wong <a...@qubes-os.org>
>> wrote:
>>
>> On 2016-05-25 03:40, Niels Kobschätzki wrote:
>
> [...]
>> On May 25, 2016 at 2:20 PM Andrew David Wong <a...@qubes-os.org>
>> wrote:
>>
>> On 2016-05-25 03:40, Niels Kobschätzki wrote:
>
>
>>> P.s.: Is there some sort of documentation wiki? I can only find
>>> the "Docs" which are ok-ish for the beginning and the archive
>>> of this mailing list.
>>
>> All of our documentation is here:
>>
>> https://www.qubes-os.org/doc/
>>
>> I'm not sure what you mean by "for the beginning." As you can
>> see, some pages go quite in depth, and there's also a section for
>> developers, most of which is here:
>>
>> https://www.qubes-os.org/doc/system-doc/
>
> Yes, I know that documentation and I mean exactly that. It is not
> very beginner friendly imho but maybe I am just spoiled by the
> Arch- and FreeBSD-documentation. The problem I have that when I
> google for errors, you might find the mailing list. In the
> documentation problems are described but typical concrete error
> messages are not mentioned that occur in those cases, thus throwing
> error messages into google do not lead to the documentation.
>
Fair enough. The documentation is largely written and edited by
>>> P.s.: Is there some sort of documentation wiki? I can only find
>>> the "Docs" which are ok-ish for the beginning and the archive
>>> of this mailing list.
>>
>> All of our documentation is here:
>>
>> https://www.qubes-os.org/doc/
>>
>> I'm not sure what you mean by "for the beginning." As you can
>> see, some pages go quite in depth, and there's also a section for
>> developers, most of which is here:
>>
>> https://www.qubes-os.org/doc/system-doc/
>
> Yes, I know that documentation and I mean exactly that. It is not
> very beginner friendly imho but maybe I am just spoiled by the
> Arch- and FreeBSD-documentation. The problem I have that when I
> google for errors, you might find the mailing list. In the
> documentation problems are described but typical concrete error
> messages are not mentioned that occur in those cases, thus throwing
> error messages into google do not lead to the documentation.
>
volunteers (including yours truly). Much more work could be done to
improve it, but that requires people's time and labor, and the project
is currently limited in funds to pay for it.
> [...]
>
>> If you'd prefer just to send out some informal notes, then this
>> mailing list is the right place to do it (and would also be
>> appreciated!).
>
> Yeah, that's the thing. I am not sure where I put something like:
> "For getting the teamviewer-client to work, don't use the offered
> packages but use the tar.gz and start the binary" (in a a bit more
> detailled way for people who do not know tar-options by heart).
> The documentation kind of looks that such a thing doesn't fit there
> and a mailing list is also nothing where short how-tos should be
> posted because of discoverability.
>
I think discoverability is mostly taken care of by searchability. At
>> If you'd prefer just to send out some informal notes, then this
>> mailing list is the right place to do it (and would also be
>> appreciated!).
>
> Yeah, that's the thing. I am not sure where I put something like:
> "For getting the teamviewer-client to work, don't use the offered
> packages but use the tar.gz and start the binary" (in a a bit more
> detailled way for people who do not know tar-options by heart).
> The documentation kind of looks that such a thing doesn't fit there
> and a mailing list is also nothing where short how-tos should be
> posted because of discoverability.
>
least, that's the idea. :)
> I will learn the ways of this community :) So far you all are very
> helpful and this is a real delight after my experiences in the
> Arch-community :)
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
fucjLjoZZZMfOpkefko8Zw/0AbzthgjIpii7HypHr7/+LgqQNXO9dvgpsn9pmntr
D70s8bG/or1ywWMejoUNXd6pXx2LhduCEM3i2hDjpTiAbmv9gWIHOYTLMP6tZdpR
s8xETbDo+o7MUy4SdOEzgCrbEeBOEqEuNV1Cpz8zX/KSpPD5p6nADj4LmxmcTB1/
HjnAS70bvu696iggOvFw/Bq1qo4pGZIFXBaNgV5dCDjD0WKD7PlOlFTu01lA5ZeL
tjqnEK39RnyBBgds8mI4lCHoi51jYp/JCzo0+B+xajGzJsdfb6dGtYS9ovbSnz8X
9Lg9EDmES4YAh3TMILYrXsDd2Rqknxz3EeiYDteq3k0609dQ8resOKK/1FNngGOY
9XeTGc/FzwZnA998Kqsfi9JIPMUCZwRdVyI6kqi/a94gHHSux2XXQGlF96Mdu5Bz
6bEjsTp7rWbvDjGrNfHzrvUcbz2Lr6HcF8NNMQzoH89S4svvPgGWNfc4HyJvnbEH
/jD/ojmrPHcVhwAlANOVRdUauE8AWcoaa62Q9H7wDAAiyAPMmFNSlF+PLf+k9UPx
jl8cCO8TSSgXC5bPVh4eS/p4JHGS1S57byjUhwoSRbMZLPdJCL5bdis9ymbwht3c
qdWXIK3vJiuqPsAamQ/Z
=9Ahp
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
May 25, 2016, 5:58:18 PM5/25/16
to ni...@kobschaetzki.net, raah...@gmail.com, qubes-users, a...@qubes-os.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
sys-usb is a NetVM itself to ease usage of USB network devices (wifi
dongles, bluetooth connection through a phone etc). Which indeed makes
it impossible to assign other NetVM to it. Maybe it would be better to
have sys-usb as a ProxyVM... That would work, but would be somehow
confusing.
Anyway, there are two options what to do now (to have access to both
network and USB):
1. Have one VM for both network and USB devices
2. Have separate USB VM, but with different type than "NetVM"
The first one should be easy, as there is already configuration for
this:
qubesctl top.enable qvm.sys-net-with-usb
qubesctl top.disable qvm.sys-usb
qvm-remove sys-usb
qubesctl state.highstate
(Yes, this include removing sys-usb, as it would be useless now)
The second option requires either creating new USB VM manually, or
modifying mgmt configuration to change its type:
/srv/formulas/dom0/virtual-machines-formula/qvm/sys-usb.sls
- remove "flags: \n -net" (for ApPVM), or change "net" to "proxy"
(for ProxyVM)
In both cases, you'll need to remove sys-net, and then either create
manually, or call management stack again (qubesctl state.highstate).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXRh/vAAoJENuP0xzK19cs9ngH/35JmMUTViQVdUB5cqFk5cm0
NLzcFaw/OK/JPf1S9KpNktpNH5zaw8mO1Tew2nizhxLIAA+EillhGBJ5/CcQwCtz
MWZqWIFIo2bRVg6UuW/6FcQrxvyBmJqyQKq8IES1eoFhCBbDYNCkDhlgybeaW8E3
HqZ2vkjd6pXM4R2ZsI/GLHqCP5jRoz7JKBfpIC+8QAlIxRchKLGbuBTAdXZmbOYa
qEBO1hQhvxtCSC+1/aovJWx08sWX3F0zCFuKrixebA500te+W7YxoIBi1kTZIVxn
mO563taZo4yXJCz1ELaZv7ad554FJQPZVCRtw8kkYAKFAK/P3d2ouW0/m726+IA=
=11nr
-----END PGP SIGNATURE-----
Hash: SHA256
dongles, bluetooth connection through a phone etc). Which indeed makes
it impossible to assign other NetVM to it. Maybe it would be better to
have sys-usb as a ProxyVM... That would work, but would be somehow
confusing.
Anyway, there are two options what to do now (to have access to both
network and USB):
1. Have one VM for both network and USB devices
2. Have separate USB VM, but with different type than "NetVM"
The first one should be easy, as there is already configuration for
this:
qubesctl top.enable qvm.sys-net-with-usb
qubesctl top.disable qvm.sys-usb
qvm-remove sys-usb
qubesctl state.highstate
(Yes, this include removing sys-usb, as it would be useless now)
The second option requires either creating new USB VM manually, or
modifying mgmt configuration to change its type:
/srv/formulas/dom0/virtual-machines-formula/qvm/sys-usb.sls
- remove "flags: \n -net" (for ApPVM), or change "net" to "proxy"
(for ProxyVM)
In both cases, you'll need to remove sys-net, and then either create
manually, or call management stack again (qubesctl state.highstate).
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXRh/vAAoJENuP0xzK19cs9ngH/35JmMUTViQVdUB5cqFk5cm0
NLzcFaw/OK/JPf1S9KpNktpNH5zaw8mO1Tew2nizhxLIAA+EillhGBJ5/CcQwCtz
MWZqWIFIo2bRVg6UuW/6FcQrxvyBmJqyQKq8IES1eoFhCBbDYNCkDhlgybeaW8E3
HqZ2vkjd6pXM4R2ZsI/GLHqCP5jRoz7JKBfpIC+8QAlIxRchKLGbuBTAdXZmbOYa
qEBO1hQhvxtCSC+1/aovJWx08sWX3F0zCFuKrixebA500te+W7YxoIBi1kTZIVxn
mO563taZo4yXJCz1ELaZv7ad554FJQPZVCRtw8kkYAKFAK/P3d2ouW0/m726+IA=
=11nr
-----END PGP SIGNATURE-----
raah...@gmail.com
May 27, 2016, 2:11:42 PM5/27/16
to qubes-users, raah...@gmail.com, a...@qubes-os.org
Reply all
Reply to author
Forward
0 new messages