default-mgmt-dvm no longer hidden

144 views
Skip to first unread message

edt...@gmail.com

unread,
Dec 20, 2018, 11:49:27 AM12/20/18
to qubes-users

I ran updates for dom0 this morning, I noticed that after the updates, the default-mgmt-dvm is no longer hidden. It is still marked internal, but not hidden. Is this the desired outcome of the latest dom0 updates?

Ed

Marco Marais

unread,
Dec 21, 2018, 6:41:16 AM12/21/18
to qubes-users
On Thursday, December 20, 2018 at 11:49:27 AM UTC-5, edt...@gmail.com wrote:
> I ran updates for dom0 this morning, I noticed that after the updates, the default-mgmt-dvm is no longer hidden. It is still marked internal, but not hidden. Is this the desired outcome of the latest dom0 updates?
>
> Ed

It's intentional, see

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-045-2018.txt

22...@tutamail.com

unread,
Dec 28, 2018, 4:52:59 PM12/28/18
to qubes-users
Strange but I just noticed default-mgmt-dvm for the first time?

After noticing this I noticed that one of my less trusted templates was being used as the template for default-mgmt-dvm. In this less trusted template I had browser add-ons, libre office, print drivers in addition to other less trusted software.

I changed the template to one I trust more...

I found another article after a search: https://www.qubes-os.org/doc/salt/

I haven't used salt for any configurations (I believe when I installed whonix-14 it was prior to "default-mgmt-dvm" being visible), however I have done numerous updates on my templates and Dom0.

What are the implications? What mistakes did I make?

Thank you to any one with insight they are willing to share...

Andrew David Wong

unread,
Dec 29, 2018, 3:24:15 AM12/29/18
to 22...@tutamail.com, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I'm not sure if you've already read the QSB that Marco linked upthread,
but I think it answers most of your questions:

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-045-2018.txt

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwnLxgACgkQ203TvDlQ
MDANmBAAjaA4pOwb0j5vRQbDPvsVtvPLrXDLz5DRmA44OmYr8NO7sSEqFOO1+rP7
M8NvG7X4fPIVfeDl1hH99BBqJgXQiq1tYffQ9SuRqOv6OfqApxw0bMjwfVP+Seme
pfIf3nt7T7ekoC0UYVYVvVv4ZxGu12AlTaBLmVVPeEUbS6yFcnNsHWvSD/EOiYI6
At5WPp6t8mwHK2iybpvXRzqjimF3Lev4AqIvJeQbeAJsksBfQmGv+TJQxcjuy6U0
fR8+s5hl2J4G/XdsMdvszCWPJ9hirxpOJnlLAyEnHjGE5DZEwmQGugo8L+vFSNg/
pDghfq8SKIma7ufc6TlFW8dxOXEpb2n22qb2ttA6ymxXNg91L06PRS4IVabzMymz
g9VsQD+pfwssSDEWS8LJucIoJhYb83McScwGzuq4f4mm6Li88nKGQyNbOOwIA+38
9Fv1pTvav+X0I7dcB+6r4J0YRqmcDWQoKst7/3PBaWmQR3nv4GWB1nrVVa/MhSav
0QLtHiP5Dm5pbRw9mVlCT2IVV4xPct0Jbuggp6uZG4aUTlQEUiVTqAXxEJeqeeYx
Rkh9pvb5B6rd0iV0Zxm1BaIdj/EhgqKcfaOiaaxk0Oej2+he7rvGfzjKaaUf9Bw7
ELFOYQi7d5sV1tXvV4ePJHzGVOttPdi/E8tih0FmOxQkyBGXVX4=
=1/wL
-----END PGP SIGNATURE-----

22...@tutamail.com

unread,
Dec 29, 2018, 7:36:43 PM12/29/18
to qubes-users
I read the original link again, seems the update to Dom0 patches the issue, I also changed my default DVM (Qubes Manager->Systems->Global Settings->Deafault DispVM) to my more secure dvm, changed my "default-mgmt-dvm" template to a more secure template, changed appvm disposable DVMs as needed...

All good...thanks!

Happy new year Qubes and to those that make this OS happen...really appreciate it!

Reply all
Reply to author
Forward
0 new messages