Using fedora-26-minimal sys-vms

58 views
Skip to first unread message

[799]

unread,
Jan 20, 2018, 11:53:14 AM1/20/18
to qubes-users
Hello,

I want to use fedora-26-minimal based sys-vms and followed the documentation (https://www.qubes-os.org/doc/templates/fedora-minimal )

I have updated the default fedora-26-minimal template and installed all packages mentioned in the docs (Qubes 4.0 part of the above documentation link) plus all firmware packages.

What do I need to install to get the network manager icon working?

NetworkManager is installed in the template and I have verified in the sys-net VM that it is running:

systemctl status NetworkManager

Says: active (running)


I tried to start NetworkManager from command line, but got the message:

You must be root to run NetworkManager.

I then started a xterm from dom0 as the Root user:

qvm-start -u root sys-net NetworkManager but nothing happened. I also try to do this from a xterm session (qvm-start -u root sys-net xterm).

Any ideas how to get a sys-net which has a working network manager?

[799]



Unman

unread,
Jan 20, 2018, 5:43:32 PM1/20/18
to [799], qubes-users
You DO have a working network manager - see the response from
systemctl.
I assume what you want is a nice gui interface - this is nm-applet. If
it is installed, start it and you will get the nice tray icon - if not
installed, install it.

[799]

unread,
Jan 20, 2018, 7:54:02 PM1/20/18
to un...@thirdeyesecurity.org, qubes...@googlegroups.com
Hello,


Unman wrote:

> You DO have a working network manager -
> see the response from systemctl. 
> I assume what you want is a nice gui
> interface this is nm-applet. If  it is installed,

> start it and you will get the nice tray icon - if
> not installed, install it. 

I was able to get Network Manager running and instead of using the default "fat" fedora-templates, I am now running the sys-VMs with fedora-26-minimal templates.
I was always wondering why Qubes doesn't come with a dedicated sys-template, so that the sys VMs (sys-net | sys-firewall | sys-usb) are running with a smaller/maybe even hardened template.

For the Google Archive a short how-to, how I have built the template for the sys-VMs:

--- --- --- 8< --- --- ---
# Install default minimal template in dom0
sudo qubes-dom0-update qubes-template-fedora-26-minimal

# Clone template to keep the original template
qvm-clone fedora-26-minimal t-sys

# Launch xterm in the new template as root
qvm-run -u root t-sys xterm

# Install basic applications in the template VM
sudo dnf -y install gnome-terminal terminus-fonts less vim-minimal nano dejavu-sans-fonts

# install basic tools
dnf -y install sudo pciutils psmisc gnome-keyring

# Install missing packages für Sys-VMs
dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd qubes-core-agent-passwordless-root qubes-core-agent-nautilus qubes-core-agent-networking qubes-core-agent-network-manager qubes-core-agent-dom0-updates pulseaudio-qubes usbutils

# Install missing drivers (to support the network devices)
dnf -y install linux-firmware iwl7260-firmware

# install additional packages to get network manager working
dnf install -y NetworkManager NetworkManager-wifi network-manager-applet wireless-tools

# shutdown template
shutdown -h now

# Change Templates for sys-VMs in dom0
qvm-prefs --set sys-net template t-sys
qvm-prefs --set sys-firewall template t-sys
qvm-prefs --set sys-usb template t-sys
--- --- --- 8< --- --- ---

[799]

haaber

unread,
Jan 21, 2018, 4:05:38 AM1/21/18
to qubes...@googlegroups.com
On 01/20/2018 07:53 PM, '[799]' via qubes-users wrote:
> Hello,
>
Thank you! That is vey helpful. One point is missing to my pov: known
wirelesses in "old sys-net" before moving over. In my Q4rc4 sys-net
/etc/Networkmanager/system-connections is a symbolic link to
/rw/config/NM-system-connections that contains one file per wireless.

When following your guide until the last dnf command that same dir
1) is not a symlink but a "hard" subdir
2) is (of course) empty


If the structure were the same I'd say a qvm-copy line is missing, but
actually I do not know what this symlink is good for. Can someone
explain this to me, Please? Bernhard
Reply all
Reply to author
Forward
0 new messages