Thanks for the insight! I hope they fix their license, you have a good point about that. I don’t know enough about virtualization, but it would seem that the repository is geared towards KVM, and it may not be directly applicable to Xen. So patience may be required for this…| Qubes OS Forum - Latest posts
It shows 2097152, 2 MiB. So that could be the case. Would this be a mismatch between the LVM discard granularity and the one in the VM? The workaround of copying the files and deleting the old ones probably works because the copied versions are more “compacted”, and removing the old ones does free up larger chunks of space that could be reclaimed.| Qubes OS Forum - Latest posts
Hello, I’m testing and using the new Qubes 4.3rc1. I have a strange issue. After the screen turns black I try to login to Qubes and type in my password. I can press on Unlock or the enter key but nothing happens. It doesn’t log me in. After some time waiting, maybe 5minutes I can log in to Qubes. Can someone help me to solve the issue? Thanks| Qubes OS Forum - Latest posts
Hi Everyone, I have been experiencing an issue with the popup notification from Chrome and Gmail. I can’t click on it to have it be dismissed. Most time I have to switch back to the workspace in which it appeared 1st, but now it even happens when in the workspace containing the chrome browser window. Any idea how to approach this? I just kill the qube that spawned chrome when I really get frustrated with it…| Qubes OS Forum - Latest posts
Can you please give an example/instruction so that I can figure it out and try to see if this may help| Qubes OS Forum - Latest posts
I had the issue that, when attaching my Nvidia RTX 4090 to an appvm, the suspend also took long, with qubes.SuspendPre timeout messages in dom0 and when the system comes back, even though sys-usb found the devices, keyboard and mouse didn’t work. This fixed it. However, after the suspend the appvm has to be restarted, because the GPU does not work anymore: Unable to determine the device handle for GPU0000:00:06.0: Unknown Error Any idea how to fix that?| Qubes OS Forum - Latest posts
I’m sorry. I didn’t mean to critize your work in a bad way. I might have been a little lazy and should’ve been careful choosing my words. In time, i will try again then post an update. Thanks for your reply.| Qubes OS Forum - Latest posts
I want to like liteqube, and in theory I do, but I can’t use it until installation and management is streamlined. I’d love to support and test, but unfortunately I think this would just be the straw that breaks the camel’s back as far as one more thing to do right now when I’m already very busy. I did take a moment to see if I could give feedback as a potential user. First, @arkenoi, you may want to use ansible and python instead of salt and bash since ansible seems to be the future. ...| Qubes OS Forum - Latest posts
Currently, downloads of Qubes-R4.2.4 cannot be verified with the release keys, as described in the documentation: Verifying signatures | Qubes OS Expected Keys The documentation above clearly shows that the fingerprint of the release signing key is: 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 427f 11fd 0faa 4b08 0123 f01c ddfa 1a3e 3687 9494 427F11FD0FAA4B080123F01CDDFA1A3E36879494 427f11fd0faa4b080123f01cddfa1a3e36879494 Steps to Reproduce I confirm that I already have this key on a ne...| Qubes OS Forum - Latest posts
Great work. Thank you for taking your time creating this guide. This will be helpful to alot of people, especially in totalitorian countries and accessing locked down sites with captchas. But eventually it won’t be a surprise to me when sites require you to register an account with an email/phone number before entering their “property”. Anyways, getting back to your guide, the information provided in this guide will not help the regular user because the directions are not organised in a...| Qubes OS Forum - Latest posts
Thanks for explaining. IIUC, the 2 options are: Have a dedicated rootqube for each VM. - Overkill. Have one rootqube for all VMs. - No isolation: that rootqube will know every root command of every client qube. Here is another idea: Have a “Root Terminal” submenu for each domU to the Qubes Domains. This will be a shortcut for running e.g. qvm-run -u root VM xterm - something which required dom0 privilege, i.e. no conventional privesc possible. I don’t know how one can add such submenus ...| Qubes OS Forum - Latest posts
I have a working split-ssh configuration for a long time. Recently, after upgrading to 4.3 with a clean install, and reapplying SshAgent policy in dom0, I try this in the previously working appvm: $ ssh -T git@github.com sign_and_send_pubkey: signing failed for ED25519 "/home/user/.ssh/id_ed25519_github" from agent: agent refused operation git@ssh.github.com: Permission denied (publickey). in the meantime, my dom0 python popup appears and gets confirmation in the same way it did in 4.2. Howev...| Qubes OS Forum - Latest posts
I have migrated my 4.2 template (T1) to 4.3 (T2), and by experimentation, found that no GUI windows of the appVMs based on the 4.3 template (T2). But after uninstalling nvidia, the GUI windows can be displayed. By GUI windows, I mean the terminal, etc, opened by any standard application in the AppVM that opens a window. This happens in any VM that was based on the template, regardless of the GPU card attached as a PCI device or not.| Qubes OS Forum - Latest posts
Another probable cause for this: the “integrated webcam mic” is actually wired into the internal HD Audio chipset, not the USB webcam. If that chipset isn’t detected, the mic is invisible to Linux — exactly what’s happening here. Since I have sys-audio, and sound card is attached there while web cam is in sys-usb, impossible such a setup to actually work?| Qubes OS Forum - Latest posts
You should probably wait until this gets implemented: Support for opt-in GPU acceleration via virtio-GPU native contexts · Issue #8552 · QubesOS/qubes-issues · GitHub| Qubes OS Forum - Latest posts
I originally had my GPU hidden from dom0 for passthrough and had my CPU handle the graphics. My GPU died and when I tried to boot I was getting plymouth waiting issues. I tried to adjust the grub and even disable plymouth for what I assume is used for the Qubes graphical image on boot and still didnt proceed. I had to ufnortunately reinstall Qubes(I do have my backups ofc) but now I get some nvme1 waiting issue. Ive set my CPU internal graphics to be prioritzed in bios and still cant get past...| Qubes OS Forum
A couple of tangentially-relevant things: Putting zfs on a debian-12 template will require that that template actually uses a debian kernel (or a very old (6.1) fedora one). It would be nice if you could select debian kernels from the menus that let you select which kernel a VM uses, just like you can with fedora kernels; instead I have to build the kernel into the template, and every template I clone from one like that has to copy that extra stuff. For some reason if a VM with ZFS installed ...| Qubes OS Forum
good day, i need some solution for following issue, i have templates clones from the initial one for different purposes and security breakage, like net qube template is separated from other ones to only use things which are needed for the purpose of the qube. now when updating each template needs the updates and this is time and bandwidth consume. Is there any efficient way to setup a mirror qube which then will be used by other templates to recieve the updates? i see this like a kind of miss...| Qubes OS Forum - Latest posts
Bash theme for dom0 that show dom0 mode - persistent (/dev/mapper/qubes_dom0-root) or live ram mode (/dev/zram0 or overlay) Add this code into .bashrc instead of the default code: # .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # User specific environment if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]] then PATH="$HOME/.local/bin:$HOME/bin:$PATH" fi export PATH ########################### export VIRTUAL_ENV_DISABLE_PROMPT=true __qubes_update_prompt_data(...| Qubes OS Forum - Latest posts
Podman uses HTTPS_PROXY| Qubes OS Forum - Latest posts
After weeks of reading and studying which second-hand laptop system to buy, every 2-3 days I have a eureka moment: “This is the one to buy!.” Then, after reading a new article or forumpost, I go, “Hmm, I hadn’t thought of that,” so I need a different one. I bought a Lenovo for less than €100, and of course I’m running into insurmountable problems. And by insurmountable, I mean that I can’t get Qubes 4.2.4 to work 100% as it should because virtualization cannot be enforced due ...| Qubes OS Forum - Latest posts
Hello Forum. I first installed Qubes in early 2018, and it’s really great that Qubes has its own forum at last. There are a lot of things I wished I could have discussed over the past seven years, but it is only really possible to write one topic at a time, so I thought I best start with the most seriously concerning matter. This is the Australian telco that goes by the name of Boost, which is a subsidiary of Telstra, using the Telstra mobile network and Telstra ‘customer service’ over ...| Qubes OS Forum - Latest posts
A few months ago in the qubes zfs thread (ZFS in Qubes OS - #9 by SteveC), I reported: I didn’t get much of a response but that was my fault for burying it as part of a list of side-issues in a post about using zfs on qubes. Well, now I know a LITTLE bit more about the zfs/qubes-networking incompatibility and it’s still puzzling. If the qube that has both of these installed has no network vm, it starts up fine. You can then connect a network vm and things will work properly. But if the ne...| Qubes OS Forum
can i mix tag and type in rpc policy? because if i tag an appvm and then make a disposable based on it, then the disposable inherits the tag. i want to be able to tag only the appvm itself, not disposable created from it. i tried this syntax: @type:AppVM:@tag:mytag but it doesn’t seem to work.| Qubes OS Forum - Latest posts
The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS is not affected. XSAs that DO affect the security of Qubes OS The following XSAs do affect the security of Qubes OS: (none) XSAs that DO NOT affect the security of Qubes OS The following XSAs do not affect the security of Qubes OS, and no user action is necessary: XSA-472Due to a bug, Viridian extensions are currently not enabled in Qubes OS. Although Viridian extensions are enabled in our libvir...| Qubes OS Forum - Latest posts
Dear Qubes Community, The [Xen Project](https://xenproject.org/) has released one or more [Xen security advisories (XSAs)](Xen Security Advisories). The security of Qubes OS is *not* affected. ## XSAs that DO affect the security of Qubes OS The following XSAs *do affect* the security of Qubes OS: - (none) ## XSAs that DO NOT affect the security of Qubes OS The following XSAs *do not affect* the security of Qubes OS, and no user action is necessary: - [XSA-472](XSA-472 - Xen Security Advisorie...| Qubes OS Forum - Latest posts
I have searched for guides but many are a step or two above entry level. Otherwise, they may be older, missing details, and shan’t be trusted. Other times, I find the post to use confusing or outdated language or uses an example that is off topic. For instance, a user recommends running a command but doesn’t explicitly say where to run said command or in which order. Any way here are some very basic questions I have as a new starter for anyone looking to earn some easy points here. In the...| Qubes OS Forum - Latest posts
I found that our kernel issues (at least mine, maybe others are also affected for the same reason) are not actually due to a broken kernel, but rather the result of some other hidden bug. After I disabled SELinux again ([R 4.3-RC1] SELinux problems after upgrade) and tried to boot with the latest kernels, I discovered that the issue is related to display initialization or something similar. First, I do not see the Q-password screen with the background. Only the command line appears to enter t...| Qubes OS Forum
Continuing the discussion from Why is Qubes OS project team so small?: I managed to register over Tor about a month ago. Trying to use a known forwarding domain caused the account to be automatically flagged. Their support said they’d accept a proton or tutamail address and didn’t need something traceable, and removed the flag when I complied. I didn’t try without JavaScript.| Qubes OS Forum
Hello! when you reinstall a template (using GUI) that is for the under lying template of sys-usb can this cause a lock out? The docs mention no such advice on this topic but plenty of warnings for upgrading templates to different versions. I want to reinstall the template but I am afraid I might lock myself out. Please help. Also, does the same rules apply if I want to change the underlying template in the same version? For instance changing it to a minimal template instead of a full one etc?| Qubes OS Forum - Latest posts
i will up this. That is and interesting idea.| Qubes OS Forum - Latest posts
The /etc/xen/vif-route-qubes script is not utilising systemd, which means the script can potentially run before the antispoof nftables chains have been configured, which would result in the script exiting prematurely. Not ordering around systemd also means these interfaces might be set up before network-pre which makes it impossible for a firewall to be configured prior. Would the Qubes project accept a PR that moves this script to a systemd service? Maybe @marmarek might know? Thanks.| Qubes OS Forum
Please try to switch to a tty by pressing: ctrl+alt+F2 Login with username (probably user) and your password. Once login is done please press each of the keys that seemed unreliable. And check for console feedback/echo. Are there any non-working? If not enter passwd It will change your user password via dialogue. Don’t log out. Return back to the GUI by pressing ctrl+alt+F1 If logged in, log out. Try the password. If it works, fine. If not, return to tty by pressing ctrl+alt+F2 and set it a...| Qubes OS Forum - Latest posts
Will Qubes be dropping Salt or migrating it from dom0 to a managementVM in the long run, or is this simply an addition? Also, thanks for all the work being done. I hope one day soon basically everything user-facing (basically just this and sys-gui) is moved out of dom0 for a more fine-tunable and easier to manage system(s). Plus, I think the biggest threat to dom0 now is user error, so I’m excited to see this work happening. I’m also glad to see something agentless, which also reduces com...| Qubes OS Forum - Latest posts
Hi, someone can help me to make BORG_PASSCOMMAND export persistent between reboot? e.g export BORG_PASSCOMMAND=“cat ~/borg_password.txt” OR export BORG_PASSCOMMAND=“qrexec-client-vm vault-backup ‘qubes.BorgPassword’” thank you| Qubes OS Forum - Latest posts
Hi, I have used the official torrent to download the 4.3 rc-1 iso file just now. It passes torrent’s built-in integrity verification. I have explicitly clicked “verify” again and it passed. And the hashes are different from the advertised hash values. sha1sum: 804ffcb18fb1137dbd2710faea486238ee981932 Qubes-R4.3.0-rc1-x86_64.iso sha512: b8dc23dd8a6be83a6e36e95c7d4f6ab2302891c6335307fa4a4a3fc0d17161fc618fbf788d1c59d9f043355cc17f27eaee85a2f1d69f310f6b92781a6c1d31f6 Qubes-R4.3.0-rc1-x86_64/...| Qubes OS Forum - Latest posts
Thank your kindness MellowPoison.| Qubes OS Forum - Latest posts
Use the passwd command in the Dom0 terminal to change the user password. Yes, I would very much like to use the passwd command in the Dom0 terminal. However, the QubesOS operating system sometimes stores the appropriate software code in the notebook and sometimes does not. The keyboard worked for 1.5 weeks last week, and then suddenly several keys stopped working the next day. ================== If you were told that the keyboard was defective, that’s a reason to Thank you—yes, that’s h...| Qubes OS Forum - Latest posts
Hey, I have strange issue with my account, even if I enable dark mode from settings entire forum stay in white. By logout or stay as guest I can use dark mode without any issue. What can be source of such problem?| Qubes OS Forum
Introduction This guide is for users who want to let a qube access some specific websites, but not the entire Internet. It’s especially useful when using the Qubes firewall isn’t enough — for example, when websites change their IPs often, making domain-based rules unreliable. ⚠ This guide assumes you know what an HTTP(S) proxy is, and that you’re comfortable using the terminal to run commands or edit files. The setup will create a sys-proxy-out qube that filters access to a list of ...| Qubes OS Forum
Hardware To have an ‘HVM’ for gaming, you must have A dedicated GPU. By dedicated, it means: it is a secondary GPU, not the GPU used to display dom0. In 2023, ‘Nvidia’ and ‘Amd’ GPU work. Not tested with Intel GPUs. External GPU using thunderbolt work (Create a Gaming HVM - #8 by solene) A lot of patience. GPU passthrough is not trivial, and you will need to spend time debugging. A screen available for the gaming ‘HVM’. (It can be a physical monitor or just to have multiple ca...| Qubes OS Forum