/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Whonix default VM settings fixes - salt management #1954

Open
adrelanos opened this Issue May 5, 2016 · 1 comment

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Far in the future
3 participants
@adrelanos @marmarek @andrewdavidwong
@adrelanos
Member

adrelanos commented May 5, 2016

  1. whonix-ws default NetVM sys-whonix:
    When creating a whonix-ws based VM using QVMM (or cli...), could the default selection for its NetVM be set to sys-whonix using salt somehow? [3]

  2. whonix-ws-dvm default NetVM sys-whonix:
    After creating a whonix-ws based DisposableVM... [1] [2] Could the default NetVM be set to sys-whonix [3] using salt somehow?

  3. dynamically created DispVM default NetVM sys-whonix:
    When running qvm-open-in-dvm https://www.google.com the newly created DispVM will by default be using sys-net as its NetVM. Could it be set to sys-whonix by default? -- Or alternatively, should the DispVM not get the NetVM setting from the dvm template anyhow? Do we have a ticket for that or should create one?

  4. whonix-gw VM type ProxyVM:
    When creating a new VM based on whonix-gw using QVMM, could VM type ProxyVM be selected by default?

[1] qvm-create-default-dvm whonix-ws
[2] https://www.whonix.org/wiki/Qubes/Disposable_VM
[3] Or if there is not VM names sys-whonix, use the 'next best' one, i.e. a ProxyVM based on a whonix-gw template? (Not sure that makes sense or is too much.)

@andrewdavidwong andrewdavidwong added enhancement C: mgmt C: Whonix labels May 5, 2016

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek May 5, 2016

Member
  1. whonix-ws default NetVM sys-whonix:

Currently there is only global "default NetVM" setting - independent of VM's template. So the simple answer is "no". But we may think of some API for that in Qubes 4.0.

  1. whonix-ws-dvm default NetVM sys-whonix:

Yes, whonix-ws-dvm can be created by salt and sys-whonix set there.

  1. dynamically created DispVM default NetVM sys-whonix:

NetVM of DispVM is inherited from calling VM (or dispvm_netvm setting of that VM if set). So when you call qvm-open-in-dvm from a VM behind sys-whonix, that DispVM will also have sys-whonix as NetVM. You can also set dispvm_netvm property of all the VMs to sys-whonix to achieve what you want.
Other than that - same as in "1" - there is no per-template default for that, we may think of it in Qubes 4.0. Since multiple DispVM templates are going to be implemented in 4.0, it will have more sense there.

  1. whonix-gw VM type ProxyVM:

Same as "1" - this isn't currently possible. And to be frank I don't think it would be useful. For most of users, one sys-whonix will be enough (created by salt). Others will manage to set ProxyVM (one option in Qubes Manager).
Member

marmarek commented May 5, 2016

  1. whonix-ws default NetVM sys-whonix:

Currently there is only global "default NetVM" setting - independent of VM's template. So the simple answer is "no". But we may think of some API for that in Qubes 4.0.

  1. whonix-ws-dvm default NetVM sys-whonix:

Yes, whonix-ws-dvm can be created by salt and sys-whonix set there.

  1. dynamically created DispVM default NetVM sys-whonix:

NetVM of DispVM is inherited from calling VM (or dispvm_netvm setting of that VM if set). So when you call qvm-open-in-dvm from a VM behind sys-whonix, that DispVM will also have sys-whonix as NetVM. You can also set dispvm_netvm property of all the VMs to sys-whonix to achieve what you want.
Other than that - same as in "1" - there is no per-template default for that, we may think of it in Qubes 4.0. Since multiple DispVM templates are going to be implemented in 4.0, it will have more sense there.

  1. whonix-gw VM type ProxyVM:

Same as "1" - this isn't currently possible. And to be frank I don't think it would be useful. For most of users, one sys-whonix will be enough (created by salt). Others will manage to set ProxyVM (one option in Qubes Manager).

@adrelanos adrelanos referenced this issue May 12, 2016

Open

Options to set `dispvm_netvm` to 'none' for all VMs and as default #1988

@andrewdavidwong andrewdavidwong added this to the Far in the future milestone Dec 24, 2016

@adrelanos adrelanos referenced this issue Jun 3, 2017

Open

Document qubes.PostInstall service, `/etc/qubes/post-install.d`, qvm-features-request #2829

marmarek added a commit to marmarek/qubes-mgmt-salt-dom0-virtual-machines that referenced this issue Sep 14, 2017

@marmarek
Adjust Whonix setup for Qubes 4.0 
- forbid access to qubes.GetDate service
- redirect qubes.UpdatesProxy to sys-whonix

QubesOS/qubes-issues#1954
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
977362e

@marmarek marmarek referenced this issue in QubesOS/qubes-mgmt-salt-dom0-virtual-machines Sep 14, 2017

Merged

Updated formulas for Whonix VMs #5

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Sep 14, 2017

Closed

mgmt-salt-dom0-virtual-machines v4.0.5 (r4.0) #207

@marmarek marmarek referenced this issue Sep 15, 2017

Closed

NetworkManager applet enabled in Whonix VMs #3094

@adrelanos adrelanos referenced this issue Feb 23, 2018

Closed

whonix-ws-based VMs lack the anon-vm tag #3595

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment