Creating separate sys-usb and sys-net after installation
86 views
Skip to first unread message
Lasse Kliemann
Sep 19, 2022, 1:06:09 PM9/19/22
to qubes...@googlegroups.com
Greetings, upon installation a few weeks ago, I chose to create a single
VM for USB and networking, which is called sys-net. This was in order to
support USB network devices. The latter is no longer necessary, since
the last kernel update introduced support for my internal WLAN adapter
(Intel Corporation Wi-Fi 6 AX210/AX211/AX411 160MHz in a Thinkpad P14s).
Now I would like to have sys-usb *and* sys-net, and also make sys-usb
disposable. Will the following work?
a) sudo qubesctl state.sls qvm.usb-keyboard (I use USB keyboard.)
b) follow https://www.qubes-os.org/doc/disposable-customization/#create-the-sys-usb-disposable
Thanks!
--
Kind Regards / MfG
Dr. Lasse Kliemann
Westring 269, 24116 Kiel, Germany
E-Mail: la...@lassekliemann.de
Telegram / Wire: @lassekliemann
Signal / Phone: +49 162 66 88 468
Work Address:
Department of Mathematics
Kiel University
*Heinrich-Hecht-Platz 6*, 24118 Kiel, Germany
E-Mail: l.kli...@math.uni-kiel.de
VM for USB and networking, which is called sys-net. This was in order to
support USB network devices. The latter is no longer necessary, since
the last kernel update introduced support for my internal WLAN adapter
(Intel Corporation Wi-Fi 6 AX210/AX211/AX411 160MHz in a Thinkpad P14s).
Now I would like to have sys-usb *and* sys-net, and also make sys-usb
disposable. Will the following work?
a) sudo qubesctl state.sls qvm.usb-keyboard (I use USB keyboard.)
b) follow https://www.qubes-os.org/doc/disposable-customization/#create-the-sys-usb-disposable
Thanks!
--
Kind Regards / MfG
Dr. Lasse Kliemann
Westring 269, 24116 Kiel, Germany
E-Mail: la...@lassekliemann.de
Telegram / Wire: @lassekliemann
Signal / Phone: +49 162 66 88 468
Work Address:
Department of Mathematics
Kiel University
*Heinrich-Hecht-Platz 6*, 24118 Kiel, Germany
E-Mail: l.kli...@math.uni-kiel.de
Howard Chen (HowardPlayzOfAdmin Gaming)
Sep 20, 2022, 10:55:07 PM9/20/22
to qubes-users
I think the best way to make disp sys-usb for the command with the following:
> sudo qubesctl state.sls qvm.sys-usb
> qvm-prefs sys-usb disposable_template enable
> qvm-prefs sys-usb tags add usb-dvm
then in /etc/qubes-rpc/policy/qubes.InputKeyboard of dom0:
> @tag:usb-dvm dom0 allow,user=root,default_target=dom0
on top of:
> $anyvm $anyvm deny
Does it works?
Lasse Kliemann
Sep 23, 2022, 7:08:06 AM9/23/22
to qubes-users
I tried to follow what I think is the official documentation, so I
started with:
sudo qubesctl state.sls qvm.usb-keyboard
I ran into the same error as described here:
https://forum.qubes-os.org/t/error-creating-sys-usb/7281
Then I followed the solution given there, essentially:
sudo qubesctl state.highstate
sudo qubesctl top.disable qvm.sys-net-as-usbvm pillar=True
The latter ended with a long Python error, essentially saying:
"ValueError: list.remove(x): x not in list". But after this, another try
of the first command (sudo qubesctl state.sls qvm.usb-keyboard)
succeeded.
I had my USB controller persistently attached to sys-net, which I needed
to detach before sys-net and the new sys-usb would run in parallel.
On top of /etc/qubes-rpc/policy/qubes.InputKeyboard, the following line
had been added automatically:
sys-usb dom0 allow,user=root
I deleted everything else in the file, except the final "$anyvm $anyvm
deny".
sys-usb is already disposable after all of this.
So I think it is done now.
started with:
sudo qubesctl state.sls qvm.usb-keyboard
I ran into the same error as described here:
https://forum.qubes-os.org/t/error-creating-sys-usb/7281
Then I followed the solution given there, essentially:
sudo qubesctl state.highstate
sudo qubesctl top.disable qvm.sys-net-as-usbvm pillar=True
The latter ended with a long Python error, essentially saying:
"ValueError: list.remove(x): x not in list". But after this, another try
of the first command (sudo qubesctl state.sls qvm.usb-keyboard)
succeeded.
I had my USB controller persistently attached to sys-net, which I needed
to detach before sys-net and the new sys-usb would run in parallel.
On top of /etc/qubes-rpc/policy/qubes.InputKeyboard, the following line
had been added automatically:
sys-usb dom0 allow,user=root
I deleted everything else in the file, except the final "$anyvm $anyvm
deny".
sys-usb is already disposable after all of this.
So I think it is done now.
Howard Chen (HowardPlayzOfAdmin Gaming)
Sep 25, 2022, 8:40:44 PM9/25/22
to qubes-users
Can you send me the photos with "[what photo is that] (photo address)"?
Howard Chen (HowardPlayzOfAdmin Gaming)
Sep 25, 2022, 8:48:17 PM9/25/22
to qubes-users
https://forum.qubes-os.org/t/disposable-vms-names-can-the-launcher-know-the-name/12312/5
https://forum.qubes-os.org/t/poor-mans-pre-loaded-dispvm-for-faster-start/13799
https://forum.qubes-os.org/t/poor-mans-pre-loaded-dispvm-for-faster-start/13799
Reply all
Reply to author
Forward
0 new messages