Installing qr-exec on HVM

60 views
Skip to first unread message

Will Dizon

unread,
Sep 28, 2018, 6:04:53 PM9/28/18
to qubes-users
I am currently working on trying to make a TemplateVM out of a Linux from Scratch installation (or more accurately, BLFS).

Progress has been immense, but I've run into a roadblock I'm not sure how to diagnose.

For starters, I've gone through and successfully compiled:

vmm-xen
core-vchan-xen
linux-utils
core-agent-linux
gui-common
gui-agent-linux

I've done the best I can to adapt Archlinux instructions, taking note of path modifications and installing everything, gruelingly by hand. Everything built as best as I can tell, but I cannot get `qvm-run` to execute a command. I'll try to give as much information as I can about the state of this systemd-based BLFS run.

1) lsmod shows xen_netfront, xen_netback, u2mfn loaded successfully on boot
2) The following systemd scripts are enabled (at boot) and run and exit cleanly:
qubes-early-vm-config
qubes-iptables
qubes-misc-post
qubes-mount-dirs
qubes-sysinit
3) The following systemd scripts are enable and run in the background:
qubes-qrexec-agent
qubes-db

Any other services have been either a) mistakenly missed and not installed OR b) ignored as they implement a functionality I believe is non critical at the time, e.g., qubes-sync-time

If there are any other processes I've missed, please let me know, because it's probably just one of the make targets I've somehow overlooked.

4) /dev/xvdb mounted as /rw. /rw/home and /rw/usrlocal all work as expected. xen mounted at /proc/xen also listed in fstab and seemingly working (based on xenstore-read name returning system name).

5) Lastly, theres qubes-gui-agent, which when run automatically hides the HVM window and makes it non-interact-able. This is currently disabled in systemd, but is installed.

And this is where I'm stuck.

I'm trying on dom0: qvm-run lfs "shutdown now -h" and it returns "Running 'shutdown now -h' on lfs" but the VM never responds.

What else might I provide to help troubleshoot this and to detect what seems like the last-mile in getting this working as a template?

Thanks in advance!

awokd

unread,
Oct 1, 2018, 3:06:55 AM10/1/18
to qubes...@googlegroups.com
Will Dizon wrote on 9/28/18 10:04 PM:
Does it work if qubes-gui-agent is running? You should still be able to
get a console session with "sudo xl console VM". Never built my own
template, though.


Will Dizon

unread,
Oct 5, 2018, 5:38:29 PM10/5/18
to qubes-users
Unfortunately, it didn't work still when qubes-gui-agent was running.

I tried recompiling everything again, and the results have changed quite a bit. Now, instead of autohiding the HVM window in dom0, I can see a very clear failure which points me in the direction of Xorg instead.

Sadly, this feels like a regression, but alas... I'm sure I'll get there eventually.

As far as "xl console lfs", dom0 reports "unable to attach console". And in terms of dom0, it is still giving no sense of failure:

$ qvm-run --pass-io personal whoami
user
$ qvm-run --pass-io lfs whoami
$ qvm-run lfs "touch /tmp/dummy"
Running 'touch /tmp/dummy' on lfs

Needless to say, /tmp/dummy doesn't ever emerge.

The new error is....

systemctl status qubes-gui-agent.service
...
Process: 660 ExecStart=/usr/bin/qubes-gui $GUI_OPTS (code=exited, status=1/FAILURE)
...
lfs qubes-gui[660]: XIO fatal IO error 11 (Resource temporarily unavailable on X server ":0"
lfs qubes-gui[660]: after 37 requests (36 known processed) with 0 events remaining)

X works (startx shows me a desktop and consoles), but nothing yet from getting Qubes GUI agent and qrexec.

Will Dizon

unread,
Oct 8, 2018, 2:12:06 PM10/8/18
to qubes-users
Update:

Got all services to run, including qubes-gui-agent. Turns out the dependency it was failing on was meminfo-writer which was enabled in the /usr/lib/qubes/init/qubes-sysinit.sh script, but promptly disabled because it wasn't "checkmarked" in dom0's VM settings page.

That said, with all services running, still same behavior of getting no replies to "qvm-run --pass-io" nor does any qvm-run for executing commands, e.g., touch.

qubes-db.service
qubes-early-vm-config.service
qubes-meminfo-writer.service
qubes-mount-dirs.service
qubes-qrexec-agent.service
qubes-sysinit.service

Marek Marczykowski-Górecki

unread,
Oct 12, 2018, 9:06:08 PM10/12/18
to Will Dizon, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
qubes-gui-agent starts its own X server, on :0. So, it conflicts with
the one started manually with startx.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlvBRPgACgkQ24/THMrX
1yzOfAf/WdwNBlfHtR7Oin5+j3SV48z27ajfarE+UBOXrwZkrsl+mPDrvllou9Kq
uVUVOBBswJhAVT9hWhKJbOZvDPW9r4jyKpiidg3FvdRWX7i/Dci5UYK1qqrPuDtw
vZs3raKofxmprH7wKNcwcBVslr1SeTOOvbkNkv1WYbS46sGd1X//CWvXghYCQzqL
HTX3v732aYO9LADgNwHRV5AQKsBtYLM/Ej8QR2Amd3frHIx905hErix8ForYGzUp
JxRIR0ZuAmoK3aQglb1Jon2YmJ0MeOszMP9aqh1BTpTZ+JrM5/hWj2g0NN+rwRIo
GOYt7eTlrfmGfAeCgQitOOszc/oSzQ==
=g83e
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages