Newbie surprises
161 views
Skip to first unread message
Zbigniew Łukasiak
Dec 5, 2016, 3:40:30 AM12/5/16
to qubes-users
Here is a list of stuff that I got into trouble trying out Qubes. I am
a long time Linux user (since 1993) - so I know a bit about the Linux
environment - but I never liked administration stuff.
This is just a list - I guess I did a lot of silly things, and I don't
suggest that the system should make it impossible to do that. But I
hope that it might inspire someone to make it a little bit less
probably that newbies get lost :)
1. Immediately after installation I wanted to add USB headphones to
the personal vm and I went into Devices configuration of that vm and I
added all lines with USB to the vm. I don't remember if it froze
immediately or maybe after a reboot of the vm - but I've got
completely cut off from the top level Qubes system. Fortunately a hard
reboot fixed the problem.
2. The suspend button activates a popup that says:
"Do you want to suspend to RAM?"
This is a bit confusing - I thought that suspension saves the RAM onto
the disk, not in the opposite direction.
3. Initially I did not understand how can I change the templates. I
thought that to have additional software or to make any special
configuration in a template I need to create a new template and I
started reading the documentation at
https://www.qubes-os.org/doc/qubes-builder/ - that was really
confusing. There are also additional questions that the docs don't
answer, like if the changes in the template will be visible in a vm
based on it and if yes - then when?
4. I still don't really understand how the keyboard configuration
works. What worked for me to have Polish letters in a vm was to set it
up both in the top level environment (System Tools > Settings Manager
> Keyboard) and in the vm (setxkbmap pl). Initially I spent a lot of
time in trying to do it only in the vm - but it failed in mysterious
ways.
--
Zbigniew Lukasiak
http://brudnopis.blogspot.com/
http://perlalchemy.blogspot.com/
a long time Linux user (since 1993) - so I know a bit about the Linux
environment - but I never liked administration stuff.
This is just a list - I guess I did a lot of silly things, and I don't
suggest that the system should make it impossible to do that. But I
hope that it might inspire someone to make it a little bit less
probably that newbies get lost :)
1. Immediately after installation I wanted to add USB headphones to
the personal vm and I went into Devices configuration of that vm and I
added all lines with USB to the vm. I don't remember if it froze
immediately or maybe after a reboot of the vm - but I've got
completely cut off from the top level Qubes system. Fortunately a hard
reboot fixed the problem.
2. The suspend button activates a popup that says:
"Do you want to suspend to RAM?"
This is a bit confusing - I thought that suspension saves the RAM onto
the disk, not in the opposite direction.
3. Initially I did not understand how can I change the templates. I
thought that to have additional software or to make any special
configuration in a template I need to create a new template and I
started reading the documentation at
https://www.qubes-os.org/doc/qubes-builder/ - that was really
confusing. There are also additional questions that the docs don't
answer, like if the changes in the template will be visible in a vm
based on it and if yes - then when?
4. I still don't really understand how the keyboard configuration
works. What worked for me to have Polish letters in a vm was to set it
up both in the top level environment (System Tools > Settings Manager
> Keyboard) and in the vm (setxkbmap pl). Initially I spent a lot of
time in trying to do it only in the vm - but it failed in mysterious
ways.
--
Zbigniew Lukasiak
http://brudnopis.blogspot.com/
http://perlalchemy.blogspot.com/
Alex
Dec 5, 2016, 3:57:42 AM12/5/16
to qubes...@googlegroups.com
On 12/05/2016 09:40 AM, Zbigniew Łukasiak wrote:
> Here is a list of stuff that I got into trouble trying out Qubes. I
> am a long time Linux user (since 1993) - so I know a bit about the
> Linux environment - but I never liked administration stuff.
Welcome to Qubes!
> Here is a list of stuff that I got into trouble trying out Qubes. I
> am a long time Linux user (since 1993) - so I know a bit about the
> Linux environment - but I never liked administration stuff.
As you have noticed, this is hardly a typical linux system... Before
checking your questions, a few guidelines for interpretation:
- everything happens in virtual machines, which brings with it the fact
that device sharing is (intentionally, for increased security) hard
- there is a "super" vm, called dom0, which represents your physical
system (e.g. it has, by default, all the physical devices and contains
disk images for all other VMs)
- some of these virtual machine are read-only-like (anything but
templates and dom0), in the sense that only part of the filesystem is
persisted. The other part, while writable, will be reset to the
"template" master copy on reboot
- a lot of things work the linux way, with the added complexity of
having several VM at once (with intermixed windows) and something
readonly on many filesystems
> 1. Immediately after installation I wanted to add USB headphones to
> the personal vm and I went into Devices configuration of that vm and
> I added all lines with USB to the vm. I don't remember if it froze
> immediately or maybe after a reboot of the vm - but I've got
> completely cut off from the top level Qubes system. Fortunately a
> hard reboot fixed the problem.
away from dom0. If some of these devices are needed for dom0 to work
(say, you have a USB keyboard/mouse) then it'll look like the system has
freezed.
By using the Devices configuration you can only move PCI (or any other
single-virtualizable) devices: this means that you cannot move a single
USB device, but only a single USB controller (and all its USB device
tree) at once. This is a limitation of hardware virtualization
technologies: they typically work only with discrete PCI devices.
Some USB devices can be proxied from the VM that holds the USB
controllers to specific AppVMs using qvm-usb (after having the usb proxy
arrangement set up)
>
> 2. The suspend button activates a popup that says:
>
> "Do you want to suspend to RAM?"
>
> This is a bit confusing - I thought that suspension saves the RAM
> onto the disk, not in the opposite direction.
- suspend means to RAM
- hibernation means to disk
Different systems may have confusing wording.. Even Windows has a story
of changing the meaning of sleep/suspend/hibernate.
> 3. Initially I did not understand how can I change the templates. I
> thought that to have additional software or to make any special
> configuration in a template I need to create a new template and I
> started reading the documentation at
> https://www.qubes-os.org/doc/qubes-builder/ - that was really
> confusing. There are also additional questions that the docs don't
> answer, like if the changes in the template will be visible in a vm
> based on it and if yes - then when?
read-write, and then you can add software and shut the VM down.
After you start (or re-start) any AppVM based on that template you will
find the software installed. This happens even if you install it
manually (e.g. by copying something in /opt).
If you want to try the software before you actually install it, boot an
AppVM out of your template: according to the summary above, you will be
able to do "sudo dnf install xyz" and try it out, but everything out of
/home and /usr/local will be gone after a reboot.
>
> 4. I still don't really understand how the keyboard configuration
> works. What worked for me to have Polish letters in a vm was to set
> it up both in the top level environment (System Tools > Settings
> Manager
>> Keyboard) and in the vm (setxkbmap pl). Initially I spent a lot of
> time in trying to do it only in the vm - but it failed in mysterious
> ways.
VM from the VM Manager (right click on a VM, set keyboard layout). This
can be done from dom0 shell too.
Qubes tools will make sure the layout that's been set from the VM
manager is set on reboot.
--
Alex
Andrew David Wong
Dec 5, 2016, 4:12:27 AM12/5/16
to Zbigniew Łukasiak, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-12-05 00:57, Alex wrote:
> On 12/05/2016 09:40 AM, Zbigniew Łukasiak wrote:
>> 2. The suspend button activates a popup that says:
>>
>> "Do you want to suspend to RAM?"
>>
>> This is a bit confusing - I thought that suspension saves the RAM
>> onto the disk, not in the opposite direction.
> There has always been a lot of confusion with this, but usually:
> - suspend means to RAM
> - hibernation means to disk
> Different systems may have confusing wording.. Even Windows has a story
> of changing the meaning of sleep/suspend/hibernate.
>
To expand a bit on this: Xen supports only suspending to RAM. It does not
support suspending to disk (hibernation).
>> 3. Initially I did not understand how can I change the templates. I
>> thought that to have additional software or to make any special
>> configuration in a template I need to create a new template and I
>> started reading the documentation at
>> https://www.qubes-os.org/doc/qubes-builder/ - that was really
>> confusing. There are also additional questions that the docs don't
>> answer, like if the changes in the template will be visible in a vm
>> based on it and if yes - then when?
> You can simply boot the template: it will start with its root in
> read-write, and then you can add software and shut the VM down.
>
> After you start (or re-start) any AppVM based on that template you will
> find the software installed. This happens even if you install it
> manually (e.g. by copying something in /opt).
>
> If you want to try the software before you actually install it, boot an
> AppVM out of your template: according to the summary above, you will be
> able to do "sudo dnf install xyz" and try it out, but everything out of
> /home and /usr/local will be gone after a reboot.
>
In addition, take a look at this:
https://www.qubes-os.org/doc/templates/#important-notes
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYRS9zAAoJENtN07w5UDAw6GYP/iIbAcYtYh9oZXWTRK8yrlmC
qcd7sCRLlWzYc6YACS4oMbvGmBD9IxdUrnZa2NCpGDcvhrruFHOoO2R7jbMu7tdd
ceAUepSncY0nCHYjJamD1onYGlnniIWgkAYCeeWye76oYK+kSArQz7PxRGjAneZJ
me5pK2CJipXRB/OduhhS9S8Po6ekrqSuZCXmLGqrc7yBiZCvVBq6D/1kh+k39tdZ
9Rsxu6+HNIUBr/KQKr/1kCQ7SYzyNaeIKfp81ZRNd2nbmDuPHRyZdeTVA5a153+I
5If1pPFe31PMHxQenGBNCBMqTfNKw5HGTZHzaL70QAAks5z0KneRPfcNtf9CUGuf
dzA5bi99FpzYOIERg905tUyoFllxcZ8+rvw/ukCHUwVPl9+0ruKO6Bqe1DZytk5o
ZUsFvaJyosJ8mUciMMXqFkV9IupZiW2aFdIClHhG5WqgDca9dBjTZvX8HesxWoHo
eCiMLInhn0LfMT5BdFxKe60mmFv8acQt4maVXSXuykKZrBmxTZbl3txFPxGk1H9u
fmNNiM5uPV0b1dTqQbt4C4yLu6ve/nv/qqzBrU4Mb4I+yAW5OmS/+/9nwEUV8Bk+
ZRKGgTpCIzCmmQY+sONGymd4I12zSpNRlyQRmmSpe8qYDljH7+9ZxnIuPfZmstbA
0wXbJFzQKvnw3zlqxl6J
=62cV
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-12-05 00:57, Alex wrote:
> On 12/05/2016 09:40 AM, Zbigniew Łukasiak wrote:
>> 2. The suspend button activates a popup that says:
>>
>> "Do you want to suspend to RAM?"
>>
>> This is a bit confusing - I thought that suspension saves the RAM
>> onto the disk, not in the opposite direction.
> There has always been a lot of confusion with this, but usually:
> - suspend means to RAM
> - hibernation means to disk
> Different systems may have confusing wording.. Even Windows has a story
> of changing the meaning of sleep/suspend/hibernate.
>
support suspending to disk (hibernation).
>> 3. Initially I did not understand how can I change the templates. I
>> thought that to have additional software or to make any special
>> configuration in a template I need to create a new template and I
>> started reading the documentation at
>> https://www.qubes-os.org/doc/qubes-builder/ - that was really
>> confusing. There are also additional questions that the docs don't
>> answer, like if the changes in the template will be visible in a vm
>> based on it and if yes - then when?
> You can simply boot the template: it will start with its root in
> read-write, and then you can add software and shut the VM down.
>
> After you start (or re-start) any AppVM based on that template you will
> find the software installed. This happens even if you install it
> manually (e.g. by copying something in /opt).
>
> If you want to try the software before you actually install it, boot an
> AppVM out of your template: according to the summary above, you will be
> able to do "sudo dnf install xyz" and try it out, but everything out of
> /home and /usr/local will be gone after a reboot.
>
https://www.qubes-os.org/doc/templates/#important-notes
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYRS9zAAoJENtN07w5UDAw6GYP/iIbAcYtYh9oZXWTRK8yrlmC
qcd7sCRLlWzYc6YACS4oMbvGmBD9IxdUrnZa2NCpGDcvhrruFHOoO2R7jbMu7tdd
ceAUepSncY0nCHYjJamD1onYGlnniIWgkAYCeeWye76oYK+kSArQz7PxRGjAneZJ
me5pK2CJipXRB/OduhhS9S8Po6ekrqSuZCXmLGqrc7yBiZCvVBq6D/1kh+k39tdZ
9Rsxu6+HNIUBr/KQKr/1kCQ7SYzyNaeIKfp81ZRNd2nbmDuPHRyZdeTVA5a153+I
5If1pPFe31PMHxQenGBNCBMqTfNKw5HGTZHzaL70QAAks5z0KneRPfcNtf9CUGuf
dzA5bi99FpzYOIERg905tUyoFllxcZ8+rvw/ukCHUwVPl9+0ruKO6Bqe1DZytk5o
ZUsFvaJyosJ8mUciMMXqFkV9IupZiW2aFdIClHhG5WqgDca9dBjTZvX8HesxWoHo
eCiMLInhn0LfMT5BdFxKe60mmFv8acQt4maVXSXuykKZrBmxTZbl3txFPxGk1H9u
fmNNiM5uPV0b1dTqQbt4C4yLu6ve/nv/qqzBrU4Mb4I+yAW5OmS/+/9nwEUV8Bk+
ZRKGgTpCIzCmmQY+sONGymd4I12zSpNRlyQRmmSpe8qYDljH7+9ZxnIuPfZmstbA
0wXbJFzQKvnw3zlqxl6J
=62cV
-----END PGP SIGNATURE-----
Zbigniew Łukasiak
Dec 9, 2016, 3:11:39 AM12/9/16
to qubes-users
Two more surprises from me:
1. I have USB headphones. So fare I have not yet found a way to make
them work under Qubes - but I found some headphones with the old audio
jack - and this works.
2. Once I detached an USB memory device from a VM, before unmounting
the device inside the VM. Then I could not unmount it anymore and I
rebooted the VM. Maybe detaching should check if the device is used?
Cheers,
Z.
1. I have USB headphones. So fare I have not yet found a way to make
them work under Qubes - but I found some headphones with the old audio
jack - and this works.
2. Once I detached an USB memory device from a VM, before unmounting
the device inside the VM. Then I could not unmount it anymore and I
rebooted the VM. Maybe detaching should check if the device is used?
Cheers,
Z.
Grzesiek Chodzicki
Dec 9, 2016, 10:00:01 AM12/9/16
to qubes-users
2. use qvm-usb tool in dom0 terminal to list available USB devices
3. note down the address of the USB headphones (one digit followed by two digits like this 1:23)
4. use qvm-usb -a vmname usbaddress
5. To detach use qvm-usb -d usbaddress
Jean-Philippe Ouellet
Dec 10, 2016, 9:10:32 AM12/10/16
to Grzesiek Chodzicki, qubes-users
Another (perhaps hacky solution) is to replace pacat-simple on dom0
with a script which invokes pacat-simple in sys-usb over qrexec. This
would have a much smaller attack surface than USB passthrough.
You may also need to configure some pulseaudio settings in sys-usb.
with a script which invokes pacat-simple in sys-usb over qrexec. This
would have a much smaller attack surface than USB passthrough.
You may also need to configure some pulseaudio settings in sys-usb.
Reply all
Reply to author
Forward
0 new messages