Qubes 4.1 qrexec issue?
28 views
Skip to first unread message
taran1s
Mar 6, 2022, 4:03:49 PM3/6/22
to qubes-users
I have an issue with Split GPG as well as with opening files in the
disposable VMs and with the qrexec in the guide How to use Monero
CLI/daemon with Qubes + Whonix too.
https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html
Split GPG
Opening Thunderbird, I get following errors in the notification popup:
Denied: whonix.NewStatus
Denied whonix.NewStatus+status from work-email to sys-whonix
I have to as well make every gpg action confirm in the Dom0 Operation
Execution with Target GPG backend.
Using dispVMs from within AppVM
When trying to convert file or open it in the disposable VM from within
the normal AppVM, I get an error popuplike :
Denied: qubes.PdfConvert
Denied qubes.pdfConvert from work-email to @dispvm
Any advice appreciated!
disposable VMs and with the qrexec in the guide How to use Monero
CLI/daemon with Qubes + Whonix too.
https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html
Split GPG
Opening Thunderbird, I get following errors in the notification popup:
Denied: whonix.NewStatus
Denied whonix.NewStatus+status from work-email to sys-whonix
I have to as well make every gpg action confirm in the Dom0 Operation
Execution with Target GPG backend.
Using dispVMs from within AppVM
When trying to convert file or open it in the disposable VM from within
the normal AppVM, I get an error popuplike :
Denied: qubes.PdfConvert
Denied qubes.pdfConvert from work-email to @dispvm
Any advice appreciated!
taran1s
Mar 9, 2022, 6:21:20 AM3/9/22
to qubes-users
taran1s:
different place?
unman
Mar 9, 2022, 8:38:02 AM3/9/22
to taran1s, qubes-users
grade and noisy.
On your questions, the first looks like a Whonix issue - Patrick has
asked that Qubes-Whonix questions be put in the Whonix forums, where
they will get better oversight.
The second looks like permissions - look in the policy file at
/etc/qubes-rpc/policy/qubes.PdfConvert
awokd
Mar 9, 2022, 1:41:46 PM3/9/22
to qubes...@googlegroups.com
'taran1s' via qubes-users:
Your question is a bit niche, though, so possibly not many in general
have experienced a similar issue or know how to fix it?
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
>
>
> taran1s:
>> I have an issue with Split GPG as well as with opening files in the
>> disposable VMs and with the qrexec in the guide How to use Monero
>> CLI/daemon with Qubes + Whonix too.
>
>
> taran1s:
>> I have an issue with Split GPG as well as with opening files in the
>> disposable VMs and with the qrexec in the guide How to use Monero
>> CLI/daemon with Qubes + Whonix too.
>
> Is this mailing list still active or one needs to better go to a
> different place?
>
Think many users are over on the forum (https://forum.qubes-os.org/).
> different place?
>
Your question is a bit niche, though, so possibly not many in general
have experienced a similar issue or know how to fix it?
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
Demi Marie Obenour
Mar 9, 2022, 4:11:23 PM3/9/22
to taran1s, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, Mar 06, 2022 at 09:03:29PM +0000, 'taran1s' via qubes-users wrote:
> I have an issue with Split GPG as well as with opening files in the
> disposable VMs and with the qrexec in the guide How to use Monero CLI/daemon
> with Qubes + Whonix too.
>
> https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html
>
> Split GPG
>
> Opening Thunderbird, I get following errors in the notification popup:
>
> Denied: whonix.NewStatus
> Denied whonix.NewStatus+status from work-email to sys-whonix
This is a Whonix problem I am not familiar with.
> I have to as well make every gpg action confirm in the Dom0 Operation
> Execution with Target GPG backend.
You can solve this problem by adding a line such as:
qubes.Gpg + work-email <yourtarget> allow
to `/etc/qubes/policy.d/30-user.policy`. Be sure to replace <yourtarget>
with the name of the backend qube.
> Using dispVMs from within AppVM
>
> When trying to convert file or open it in the disposable VM from within the
> normal AppVM, I get an error popuplike :
>
> Denied: qubes.PdfConvert
> Denied qubes.pdfConvert from work-email to @dispvm
What is work-email’s default DisposableVM template? It’s in the
“Default DispVM” column in Qubes Manager. If it is “None” or “default
(None)” you will get this error. Setting it to a valid DisposableVM
Template (such as whonix-ws-16-dvm) should solve the problem.
> Any advice appreciated!
>
> --
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c5f45cb-0e56-5bb5-a4ea-f68d001e2856%40mailbox.org.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIpF/UACgkQsoi1X/+c
IsG7xw/+NHkZRQNjCCVkXOGEEl4U686VFcsWPHXsn7XckelHDRTRfq7a70xzkDHS
9PzCwH3F7nnro88vJ0CF82kAqA/a8HfZ2OBEfvPa+VmubVX3HFW9hgIBiTUyuW4S
SvGC2xrnsDfT/JUyyaNS6hldRydZPRMJq/LVEWgixoLZIxGpl00edGN7/QecAnm/
9J5ml03pUVftRAsc10G47zEnZzFcz7/nTlVNlnXOAXiKlZ7xGkPv+8+vbDDjcMTt
iKTNKorsbqaTyaJExdglpPMKmWGyxFgItyic50qMj27aDr00ymRfQ0yypPX66A3/
1uyJd5f2Fyni1MvAY3KukC0ipbBs3EuXlNhBtN8W1cU5ZJkHFUU8iBgYelBHliTe
cvimJCfB+6M1kDuYLztC82T8z3vfmNx2qJB+Pbtc8yEyu8b/NDlxjz763/z7kghk
A6L/Nx1YKSd4WZv+NOWpWp/p5MvXa/imQ+XDBq5Ggehrc6NgZywjEWcJZrJb3sfW
Rfr70sh7pPqq9vak3igwlf6bUvoyNICfe2lpclss6il1J09t2u1+krSFal1LjEoi
Vm2o2Y1HqNPJG6SzRVFpITVo6U9Pi3VrKW7YHegrYXCO7M5Gbqvv4d9CmUhp8p8Q
mG5DJ8xT54BNQItUaosbiy6RZPedYhvoJ+XrxfpUKm9d0ReKt/I=
=Lf2e
-----END PGP SIGNATURE-----
Hash: SHA256
On Sun, Mar 06, 2022 at 09:03:29PM +0000, 'taran1s' via qubes-users wrote:
> I have an issue with Split GPG as well as with opening files in the
> disposable VMs and with the qrexec in the guide How to use Monero CLI/daemon
> with Qubes + Whonix too.
>
> https://www.getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html
>
> Split GPG
>
> Opening Thunderbird, I get following errors in the notification popup:
>
> Denied: whonix.NewStatus
> Denied whonix.NewStatus+status from work-email to sys-whonix
> I have to as well make every gpg action confirm in the Dom0 Operation
> Execution with Target GPG backend.
qubes.Gpg + work-email <yourtarget> allow
to `/etc/qubes/policy.d/30-user.policy`. Be sure to replace <yourtarget>
with the name of the backend qube.
> Using dispVMs from within AppVM
>
> When trying to convert file or open it in the disposable VM from within the
> normal AppVM, I get an error popuplike :
>
> Denied: qubes.PdfConvert
> Denied qubes.pdfConvert from work-email to @dispvm
“Default DispVM” column in Qubes Manager. If it is “None” or “default
(None)” you will get this error. Setting it to a valid DisposableVM
Template (such as whonix-ws-16-dvm) should solve the problem.
> Any advice appreciated!
>
> --
> You received this message because you are subscribed to the Google Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c5f45cb-0e56-5bb5-a4ea-f68d001e2856%40mailbox.org.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmIpF/UACgkQsoi1X/+c
IsG7xw/+NHkZRQNjCCVkXOGEEl4U686VFcsWPHXsn7XckelHDRTRfq7a70xzkDHS
9PzCwH3F7nnro88vJ0CF82kAqA/a8HfZ2OBEfvPa+VmubVX3HFW9hgIBiTUyuW4S
SvGC2xrnsDfT/JUyyaNS6hldRydZPRMJq/LVEWgixoLZIxGpl00edGN7/QecAnm/
9J5ml03pUVftRAsc10G47zEnZzFcz7/nTlVNlnXOAXiKlZ7xGkPv+8+vbDDjcMTt
iKTNKorsbqaTyaJExdglpPMKmWGyxFgItyic50qMj27aDr00ymRfQ0yypPX66A3/
1uyJd5f2Fyni1MvAY3KukC0ipbBs3EuXlNhBtN8W1cU5ZJkHFUU8iBgYelBHliTe
cvimJCfB+6M1kDuYLztC82T8z3vfmNx2qJB+Pbtc8yEyu8b/NDlxjz763/z7kghk
A6L/Nx1YKSd4WZv+NOWpWp/p5MvXa/imQ+XDBq5Ggehrc6NgZywjEWcJZrJb3sfW
Rfr70sh7pPqq9vak3igwlf6bUvoyNICfe2lpclss6il1J09t2u1+krSFal1LjEoi
Vm2o2Y1HqNPJG6SzRVFpITVo6U9Pi3VrKW7YHegrYXCO7M5Gbqvv4d9CmUhp8p8Q
mG5DJ8xT54BNQItUaosbiy6RZPedYhvoJ+XrxfpUKm9d0ReKt/I=
=Lf2e
-----END PGP SIGNATURE-----
Ulrich Windl
Mar 10, 2022, 3:38:46 PM3/10/22
to qubes...@googlegroups.com
On 3/9/22 12:20, 'taran1s' via qubes-users wrote:
>
> Is this mailing list still active or one needs to better go to a
> different place?
>
Wouldn't reading the list answer the question? ;-)
>
> Is this mailing list still active or one needs to better go to a
> different place?
>
taran1s
Mar 16, 2022, 6:02:58 AM3/16/22
to unman, qubes-users
unman:
PdfConvert
$anyvm $dispvm allow
I already asked on the whonix forum and followed the improved version of
the guide for Split Monero on Whonix website, but got another error that
seems like the monero-wallet-ws AppVM doesnt see the monerod-ws AppVM.
Monero GUI cannot connect and monero-wallet-cli returns this error:
Error: wallet failed to connect to daemon: http://localhost:18081.
Daemon either is not started or wrong port was passed. Please make sure
daemon is running or change the daemon address using the ‘set_daemon’
command.
Background refresh thread started
The monerod-ws is syncing albeit it gets quite a lot Socks errors here
and there and sometimes freezes
Also in connection with the error related to the PdfConvert, I am not
sure if the issue wiht the Split Monero is whonix specific or it is
linked to the general qubes qrexcec setup and permissions of my Qubes.
Qubes 4.1 I use is vanilla and whonix-ws-16 is full vanilla too.
It would be really helpful if someone more experienced could have a look
into it and provide help. I am cut off from the monero usage now if I
don't want to use the remote node which I would like to avoid. Tried to
find an answer on the net but didn't succeed.
Thanks in advance to anyone that can help us solve the issue!
taran1s
Mar 21, 2022, 1:00:19 PM3/21/22
to Demi Marie Obenour, unman, qubes-users
Demi Marie Obenour:
> policy syntax and the files are located in a different directory. That
> could easily cause denials.
>
Dear Demi-Marie, thank you for your reaction. Patrick on whonix forum
mentioned that this is an issue (the communication in between qubes)
with the Qubes qrexec rules, not whonix specific.
To your question regarding, the files under /etc/qubes/policy.d. The
Qubes 4.1 is a fresh installation and I didn't make any changes except
the Split Gpg and the Monero guide here
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Monero_Wallet_Isolation
I believe that there are no changes whatsoever in the files under
/etc/qubes/policy.d and should be in default vanilla state.
Thank you in advance for your support!
Demi Marie Obenour
Mar 21, 2022, 9:27:11 PM3/21/22
to taran1s, unman, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hash: SHA256
What do the files under “/etc/qubes/policy.d” contain? R4.1 has a new
policy syntax and the files are located in a different directory. That
could easily cause denials.
policy syntax and the files are located in a different directory. That
could easily cause denials.
- --
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEdodNnxM2uiJZBxxxsoi1X/+cIsEFAmI4jTgACgkQsoi1X/+c
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
IsGQwBAA0qZzYydofkEOcKdahuyyRzlYAr+n/V07TQEtfURAsbdpJvdu8d7/G1je
U5kcwLbjPyr+auHGZ1xqytwxyT+sRVD9YIXYoBscKyirf0uQzUuNxJI2IywxhOV4
Z8NDt6xsithbHL4ia3VWMNRv6MhDxmFOEI3Qrx4QcLwiBFp3WHm/G+1LYTSBSGjI
VEHmeeyT3ZEDg16sNeAHQCLa+lgEawTvcf3i55B8W39wn/48zaQ22L/aCqRJ9Yc/
kUgV86LE1BanLX8w7fQN6qXth0++taG1tsoCyzeIL1iHCB2vax+x03Km6Q8lKxAT
DJYxVC7qbmHsHsAIaU7JgOrEeIfj6xvjO2+1yCb124wx2eO1AmcyylbVApZXGzkV
zOcWly1zQ04QjMiBaB8cOxnm18djomVoQpS+WQDtrcQ38VniDTI6d6tCfjknIbym
Hfxot70Q6IE8Bz8GcfsGASFFVCM68FSMtXTTbV/UUp+FJN1csXTlJ2PNGbTFMjuW
W7V3ucIdH4eyTBJo3VKYvO4JgPKACvS+zjzRxNQLN+r+SXQl7bV0rvl5LQHvQwxo
uqmc7rff0iA1pXHv1Iv7ivC3HJG+oo+JcX25zY8m7U2UB+6txFuoxPOJbBrTf/+Z
df3fXrLqHB23IeE99Yx8Y9B/Ccr8zsOcr50pQKw/bsPAKC11tg4=
=GFsR
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages