Debian-10 Updates fail via disposable net/firewall

ronpunz

unread,

Sep 4, 2019, 4:12:52 AM9/4/19

to qubes-users

I have fresh install of Q4.0.2rc1

I've setup disposable vm's for sys-net and sys-firewall. Everything
works well (i can update Fedora and Whonix) via dispVMs. However, Debian
template updates fail because Debian is calling for updates via sys-net
(which obviously cant start because disp-sys-net is running)

Can anyone identify why and where Debian is calling up sys-net?

pEpkey.asc

unman

unread,

Sep 4, 2019, 8:02:18 AM9/4/19

to qubes-users

I'm surprised at this. I wouldnt have expected Fedora templates
to update.
You need to edit the file /etc/qubes-rpc/policy/qubes.UpdatesProxy and
change the target to the qube where you use the proxy.

rec wins

unread,

Sep 5, 2019, 1:51:28 PM9/5/19

to qubes...@googlegroups.com

I had a similar problem , with disposable sys-net only, I changed
/etc/qubes-rpc/policy/qubes.UpdatesProxy

to sys-net2 (disposable) however wasn't getting updates in the end I
ended up changing it to sys-whonix as a work around

If you do a search in the forum, you may see my previous posts on this .

ronpunz

unread,

Sep 5, 2019, 4:03:39 PM9/5/19

to unman, qubes-users

Thanks that worked for me.

Like you, I'm surprised I was able to update the Fedora template prior
to changing the UpdateProxy. Is this an issue that should be raised as a
security problem?

pEpkey.asc

Reply all

Reply to author

Forward