Re: [qubes-users] qvm-remove: how do i find where a domain is in use?
Ivan Mitev
On 04/18/2018 01:26 PM, river1...@gmail.com wrote:
> hi,
>
> I opted for whonix when installing Qubes 4.0 and have decided not to use it for now. I am having trouble deleting it.
>
> In dom0 the command
>
> sudo qvm-remove whonix-ws-dvm
>
> generates a traceback ending with the final message
>
> qubesadmin.exc.QubesException: Domain is in use 'whonix-ws-dvm'; details in system log
>
> (let me know if you would like me to paste in the whole traceback)
>
> So my immediate question is how do I see the relevant log? It is not in the dmesg of dom0. I have also looked from Qube Manager at the logs in the context menu while right-clicking on the dom0 and whonix-ws-domain domains: dom0 has only a xen log which does not appear relevent, and whonix-ws-domain has the logs greyed out. I can't think of anywhere else to look.
tail /var/log/qubes/qubes.log
and
journalctl -f
should give you more info ; you'll probably see something like "vm
blahblah uses whonix-ws-dvm"
> I also used sudo qvm-ls and cannot see any sign of this domain being used anywhere.
try:
qubes-prefs (for global qubes default)
and for each VM:
qvm-prefs vmname
and see if one of the vm is configured to use whonix (as template,
firewall, ...).
it's a bit cumbersome to go through each vm manually, you can automate
this with the following script:
for i in $(qvm-ls --raw-list); do qvm-prefs $i | grep -q whonix && echo
vm $i uses whonix; done
Note that the whonix* templates were likely installed with a rpm, so
once you changed your VMs' prefs not to use whonix, you'll have to
delete the rpm rather than using `qvm-remove`.
you can find which rpms are installed with `rpm -qa | grep -i whonix`
>
> I did not not ask for whonix to be used for template updates, or more exactly I believe I left that option unticked during setup but wonder how I can check if that is where whonix is being used? Where would I look to check that, please?
>
> Note none of the whonix domains are started at boot, and none are showing as running in Qube Manager, nor in the "Q" in the systray.
>
> And in case I can't solve this, any tips please on how to remove a domain when Qubes thinks it is still in use?
>
>
>
> At the moment the only way forward that I can think of is to backup my wanted domains and reinstall... but my IT gut feeling is that would be overkill and I am missing something that will seem obvious once it is explained...
re-installing is indeed overkill :)
hope the above helps !
ivan
>
> regards
> River~~
>
>
>
>
Ivan Mitev
On 04/18/2018 02:09 PM, trueriver wrote:
> hi Ivan
>
> d'ooooooh
>
> It was set as its own DispVM.... the one domain I had not thought to check manually from the Qube Manager.
>
> Logically this might count as a bug: if the only domain that uses it is the same one that is being deleted then it would not cause a problem - but I realise that coding this corner case would increase an attack surface somewhere and I bet the devs will not want to do that. So I will not be listing it as a bug.
indeed, that's a bit of a corner case. It's probably expected that users
remove references to a template (including to itself) when they issue
qvm-* commands by hand, but IMHO less so if it's in the graphical interface.
> I used your script (I am rather a fan of Bash) rather than looking at the logs, and am bookkmarking your reply in case I need the logs in future.
>
> Many thanks for the fix, and many more for the speed of it!
no problem, happy to help !
cheers,
ivan
(PS: please do not top-post when replying)
trueriver
And talking of my mistake: I forgot to join this group before my first post, and forgot that the consequence of that is for Google to de-anonimise you. My email address leaked into your replies where you copied my content, and it is entirely my fault not yours.
Pls could you take a moment to edit it out? (I will edit mine but cannot edit yours, of course).
trueriver
Ivan Mitev
On 04/18/2018 02:42 PM, trueriver wrote:
> I mean, pls delete your posts (as this does not have an edit facility)
standard user, not through a google account)
note that the posts are sent as emails to the ML's subscribers so
deleting the post in google groups (if it's even possible) will only
remove them there. And there's also the
https://www.mail-archive.com/qubes...@googlegroups.com/ ...
trueriver
On Wednesday, 18 April 2018 12:52:34 UTC+1, Ivan Mitev wrote:
> On 04/18/2018 02:42 PM, trueriver wrote:
> > I mean, pls delete your posts (as this does not have an edit facility)
>
> no problem, but how to do that ? (I'm subscribed to the list as a
> standard user, not through a google account)
>
If you join yourself to the group using the email address you already used (does not have to be a gmail one) then you can delete your own posts in the forum online at https://groups.google.com/forum/#!topic/qubes-users/
There is a small adverse security point here in that Google will remember your email forever, but you already took that risk the first time you posted on googlegroups
> note that the posts are sent as emails to the ML's subscribers so
> deleting the post in google groups (if it's even possible) will only
> remove them there.
Yes, if any evil bot is reading the emails as emails then I am already lined up for a spamfest.
The point of deleting the leaky posts here is that these forums are also readable as web pages and I can thus escape that set of email harvesting bots.
My identity will now show as trueriver rather than the email address when anyone looks at the posts online, the issue is that my email address got into your replies and those instances of my email address will not be removed by my setting a googlegroups alias.
> And there's also the
> https://www.mail-archive.com/qubes...@googlegroups.com/ ...
>
I do not know at what point in the data flow www-mail does the archiving. Maybe it is too late to catch that one. Maybe it is close enough linked to googlegroups to reflect the deletes.
Again, if it does not work its my mistake and my consequences.
Do not take more time on this than you are comfortable with, but I would be grateful if you can at least delete the posts from the googlegroups forum.
Many thanks
River~~
trueriver
> ... And there's also the
> https://www.mail-archive.com/qubes...@googlegroups.com/ ...
having now checked the posts there, the archive bot kindly obfuscates my email address by replacing part of it with dots, which is a relief for me.
Thanks for the heads-up