Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign updefault_fw_netvm - wrong default value (set to None) (should be set to sys-net) (was: qubes-vm-settings settings bug - failed to change NetVM of sys-whonix) #3190
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Does |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Oct 19, 2017
Member
Did run qvm-prefs --default sys-whonix netvm. Then did run qvm-prefs sys-whonix netvm. It did output:
None
|
Did run
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Maybe you have None as default netvm? Check |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Oct 19, 2017
Member
No, qubes-prefs shows default_netvm is set to sys-firewall. (It's a fresh installation of Qubes R4 RC1 with upgrades from Qubes testing repository. Very few changes otherwise.)
|
No, |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
What is value of |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Oct 19, 2017
Member
Ok, so here is the problem. When VM itself is a ProxyVM (aka have provides_network=True), it use default_fw_netvm instead of default_netvm. And apparently the former isn't properly set.
|
Ok, so here is the problem. When VM itself is a ProxyVM (aka have |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Oct 19, 2017
Member
I.e. not a user error? The Qubes default default_fw_netvm value is set wrong here? (I swear I didn't change the defaults. :)
|
I.e. not a user error? The Qubes default |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Yup. Same problem on my system. |
adrelanos
changed the title from
qubes-vm-settings settings bug - failed to change NetVM of sys-whonix
to
default_fw_netvm - wrong default value None (was: qubes-vm-settings settings bug - failed to change NetVM of sys-whonix)
Oct 19, 2017
adrelanos
referenced this issue
Oct 19, 2017
Closed
Salt - Qubes R4 RC1 - fails to set sys-whonix's NetVM to default (sys-firewall) #3189
adrelanos
changed the title from
default_fw_netvm - wrong default value None (was: qubes-vm-settings settings bug - failed to change NetVM of sys-whonix)
to
default_fw_netvm - wrong default value (set to None) (should be set to sys-net) (was: qubes-vm-settings settings bug - failed to change NetVM of sys-whonix)
Oct 19, 2017
andrewdavidwong
added
bug
C: core
labels
Oct 19, 2017
andrewdavidwong
added this to the Release 4.0 milestone
Oct 19, 2017
marmarek
closed this
in
marmarek/qubes-installer-qubes-os@3001440
Oct 20, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Oct 21, 2017
Automated announcement from builder-github
The package pykickstart-2.32-4.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:
sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
qubesos-bot
commented
Oct 21, 2017
|
Automated announcement from builder-github The package |
qubesos-bot
added
the
r4.0-dom0-cur-test
label
Oct 21, 2017
qubesos-bot
referenced this issue
in QubesOS/updates-status
Oct 21, 2017
Closed
installer-qubes-os v4.0.3-qubes-anaconda-addon (r4.0) #282
marmarek
referenced this issue
Oct 28, 2017
Closed
default_fw_netvm results in all "provides_network" VMs bypassing firewall by default #3247
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Oct 30, 2017
Automated announcement from builder-github
The package pykickstart-2.32-4.fc25 has been pushed to the r4.0 stable repository for dom0.
To install this update, please use the standard update command:
sudo qubes-dom0-update
Or update dom0 via Qubes Manager.
qubesos-bot
commented
Oct 30, 2017
|
Automated announcement from builder-github The package Or update dom0 via Qubes Manager. |
adrelanos commentedOct 19, 2017
failed to change NetVM of
sys-whonixusingqubes-vm-settingsQubes OS version:
Qubes R4 with all Qubes testing repositories
Affected TemplateVMs:
Dom0
Steps to reproduce the behavior:
Install Qubes R4 with all Qubes testing repositories.
Enable Qubes community templates repository in /etc/yum.repos.d/qubes-templates.repo.
(Did last command because of #3188.)
start menu -> sys-whonix -> vm settings -> set NetVM to default (sys-firewall).
(Did last action because of #3189.)
Expected behavior:
sys-whonix's NetVM set to default (sys-firewall).
Actual behavior:
sys-whonix's NetVM setting gets reset to none.
General notes:
Might be related to (or even a follow-up issue?) #3188?
Maybe it is because sys-whonix was already running. But even if sys-whonix was running, changing the NetVM using qubes-vm-settings (started from start menu -> sys-whonix -> vm settings) should be possible?
qvm-shutdown sys-whonixfollowed byqvm-prefs --set sys-whonix netvm sys-firewallworked for me.After restarting sys-whonix, to provide further debug output, I set sys-whonix NetVM from default (sys-firewall) to sys-firewall, clicked okay. Restarted qubes-vm-settigns for sys-whonix. Expected: set to sys-friewall. Actual result: set to
(none) (current).Using
qubes-vm-settings sys-whonixwhile sys-whonix has been shutdown (and confirmed usingqvm-ls) doesn't help either. The only way to change sys-whonix NetVM setting for me currently is the command line.Related issues:
#2157
#2954