Disposable VMs are not disposed of
43 views
Skip to first unread message
Alex
Nov 14, 2016, 7:34:23 PM11/14/16
to qubes...@googlegroups.com
This is the second time I encounter this freaky issue on R3.1:
Start a DispVM Firefox, login to a website, close Firefox, observe the disposable VM is gone from the VM manager. Fine so far.
Launch a new disposable Firefox which creates a new VM with a different name (dispN) - notice with horror that you are already logged on to the website you had logged on to from the terminated VM.
Surely this is not supposed to happen. How to troubleshoot?
Cheers
Alex
Start a DispVM Firefox, login to a website, close Firefox, observe the disposable VM is gone from the VM manager. Fine so far.
Launch a new disposable Firefox which creates a new VM with a different name (dispN) - notice with horror that you are already logged on to the website you had logged on to from the terminated VM.
Surely this is not supposed to happen. How to troubleshoot?
Cheers
Alex
Sec Tester
Nov 14, 2016, 8:10:44 PM11/14/16
to qubes-users
Concerning. Its not the same website is it? Remembering you by IP?
Marek Marczykowski-Górecki
Nov 14, 2016, 8:15:06 PM11/14/16
to Alex, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I believe you've hit this issue:
https://github.com/QubesOS/qubes-issues/issues/2200
The issue is fixed in R3.2, but it hasn't been yet backported to R3.1...
For now, make sure that files in /var/lib/qubes/appvms/fedora-23-dvm (or
other - depending on what template you use for DispVM) are owned by your
user. Then recreate DispVM savefile with qvm-create-default-dvm.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYKmGUAAoJENuP0xzK19csebUH/RBjQDt6qbUTkHj8IOR7UiMm
b+0+Uud7k6nRve36OxM+/TCs12erIfjdCVd8NcEyMTkz1IAw7ze55WCgrh2/e5rC
f92gcICJmYX+DyWrO8/9iqmBSuv2kgI2DqzxkfDP58BYXeX2QyWu7CjOqWFvULaZ
AkA79GJ7PTBIb72hHpjpdn6YVnWkt7KXlCpY+vr7dcmFH9h7n3Za0uFp2jnGii6U
qvZpUH6oWdrmQ3j5s3NDb0iQ/Gk5eZM7/6BdcB0Cl785qNh9/QMv51efxyQMw82B
GnU2I69wUN57RkTPPKL9kqWpSTgqf6T3xciI2eIniW5687aSOqILrGGyGQYcY9Y=
=CBNV
-----END PGP SIGNATURE-----
Hash: SHA256
https://github.com/QubesOS/qubes-issues/issues/2200
The issue is fixed in R3.2, but it hasn't been yet backported to R3.1...
For now, make sure that files in /var/lib/qubes/appvms/fedora-23-dvm (or
other - depending on what template you use for DispVM) are owned by your
user. Then recreate DispVM savefile with qvm-create-default-dvm.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYKmGUAAoJENuP0xzK19csebUH/RBjQDt6qbUTkHj8IOR7UiMm
b+0+Uud7k6nRve36OxM+/TCs12erIfjdCVd8NcEyMTkz1IAw7ze55WCgrh2/e5rC
f92gcICJmYX+DyWrO8/9iqmBSuv2kgI2DqzxkfDP58BYXeX2QyWu7CjOqWFvULaZ
AkA79GJ7PTBIb72hHpjpdn6YVnWkt7KXlCpY+vr7dcmFH9h7n3Za0uFp2jnGii6U
qvZpUH6oWdrmQ3j5s3NDb0iQ/Gk5eZM7/6BdcB0Cl785qNh9/QMv51efxyQMw82B
GnU2I69wUN57RkTPPKL9kqWpSTgqf6T3xciI2eIniW5687aSOqILrGGyGQYcY9Y=
=CBNV
-----END PGP SIGNATURE-----
IX4 Svs
Nov 15, 2016, 9:37:17 AM11/15/16
to Marek Marczykowski-Górecki, qubes...@googlegroups.com
On Tue, Nov 15, 2016 at 1:14 AM, Marek Marczykowski-Górecki <marm...@invisiblethingslab.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Nov 15, 2016 at 12:34:19AM +0000, Alex wrote:
> This is the second time I encounter this freaky issue on R3.1:
>
> Start a DispVM Firefox, login to a website, close Firefox, observe the disposable VM is gone from the VM manager. Fine so far.
>
> Launch a new disposable Firefox which creates a new VM with a different name (dispN) - notice with horror that you are already logged on to the website you had logged on to from the terminated VM.
>
> Surely this is not supposed to happen. How to troubleshoot?
I believe you've hit this issue:
https://github.com/QubesOS/qubes-issues/issues/2200
The issue is fixed in R3.2, but it hasn't been yet backported to R3.1...
For now, make sure that files in /var/lib/qubes/appvms/fedora-23-dvm (or
other - depending on what template you use for DispVM) are owned by your
user. Then recreate DispVM savefile with qvm-create-default-dvm.
All files in /var/lib/qubes/appvms/fedora-23-dvm are owned by my user, group qubes - but volatile.img is -rw-r--r-- while all other files are -rw-rw-r-- (so, group can't write to it). I changed this with chmod 664 volatile.img but on running qvm-create-default-vm the permissions are reset to their earlier state - and volatile.img is not group-writeable.
Should people on R3.1 just chmod 664 volatile.img right after recreating the DVM?
Thanks
Alex
Marek Marczykowski-Górecki
Nov 15, 2016, 5:54:44 PM11/15/16
to IX4 Svs, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
group writable does not matter. Maybe it was owned by root during
previous qvm-create-default-dvm call, but now is ok?
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Raz6H3WRRRGCytN0Jfri+QiGWhQdugclWH2tyn9uUlzKFeNA4AE3GD7oT/bUc5Zf
8XJYV4JTWOEQN4TnfprDwksRQGyuPyfLAUUuiOyRqE2e2AaexXg7ZDTKNrQGG8qq
X0+pV3nE1U7Fw4WclGIohFb6PCtUR8ILvJ4fzODnH97V2K65qP3+/LqmryeEMTMu
2rr1VsI+y2CDjp3b6vOQQdyeWbaMa/OrkK7rXG+TS2SCV2g6C8UhCWBCMZ8OSWZZ
GEVrSH8yI0LgWSahbkN0biai68N+GDoGEFfKH/WkNhXBAUGr18Su6/R4FcIy0Ec=
=yyJR
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages