It could be that you're using fedora 23? It's no longer supported, and maybe it's unable of talking with the rest of your Qubes system in a proper way, thus perhaps that is why it fails for you. Are you sure you keep dom0/templates updated in sync with each others? For example your dom0 may be updated, but your fedora-23 template isn't since its no longer maintained.
Fedora 24/25 is no good either, you need to go all the way to fedora-26. Fedora 27 is out too, but it's not fully supported by Qubes yet. So fedora-26 is what you want. You can download and install it with "sudo qubes-dom0-update qubes-template-fedora-26" <--- it will take a while, especially if you got a slow connection or system. Be sure you got plenty of gigabyte space ready for it to install on, it'll take a bit more space to install before it shrinks again when finished.
Update the template fully, and try perform your script in the fedora-26 template instead.
Also be sure you change your sys-net and sys-firewall, and other VM's that run on out of date and no longer supported templates. You need to fully change all of them away from fedora-23, before you can delete the old fedora-23 as well.
This seems like a great feature...I am getting up to speed on the Linux commands but I suspect a lot of the laypeople(who likely need the security) would appreciate this feature if they could understand the detailed steps, even if simple.
Thanks again for all you do....
V
To add to your thoughts V, maybe this could even be implemented it in Qubes directly, with a simple turn on/off switch or command? It seems like this would be helpful for new users seeking Qubes for privacy concerns. I know Qubes is primary focused on security, but it'd be a one step closer to make Qubes easy to use for people not into the terminal/how-to guides. It would also make it easier when upgrading a new Qubes, for example when Qubes 4.1. and Qubes 5 is out, and guides once again face questions as to if they work on a Qubes version or not (all over again).
What do you think Chris? is this realistic, feasible in terms of no newly introduces downsides, or even desired?
> Hi,
>
> The macchanger section of the doc hasn't worked for a long time (search
> the mailing list to see issues) and it never did work correctly, IMO.
>
> > What should i do?
> >
>
> You should use the MAC randomization feature integrated into Network
> Manager, shown at the beginning of the doc.
>
> --
>
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
This is not qubes-specific. It hasn't worked in fedora for a long time, and I don't think it works in ubuntu/debian either, as long as NetworkManager is turned on. In regular fedora, you can use macchanger if you turn off NetworkManager and manage all your connections yourself, but that's quite a hassle.
The thing I don't like about NetworkManager MAC address randomization compared to macchanger, is that it is connection-specific, not network device-specific, and I prefer the latter.
billo
Well, to be honest, I haven't kept up with it once I decided it wasn't going to work. As I remember (and this is back before systemd, and you could still control everything from the /etc/rc<n>.d files very easily), I put a little script in /etc/init.d and did the macchanger thing before I allowed the network to connect to anything. If the network turned off, then it would randomize when it turned on.
I don't remember it reverting, but I may have just not been paying attention (or have forgotten in the haze of time -- it's amazing to me how quickly one forgets little sysadmin tricks when one stops doing it all the time). I never dealt with VMs except for running Windows in Virtualbox, so I am clueless there... ... though I am getting interested again playing with qubes.