mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-10-01 01:25:40 -04:00
Merge branch 'absolute-to-relative-links'
This commit is contained in:
commit
6364895d87
@ -51,4 +51,4 @@ Most settings are documented in *builder.conf.default* file, which can be used a
|
||||
Notes
|
||||
-----
|
||||
|
||||
* For a list of custom TemplateVMs available in QubesBuilder look at [Supported Versions page](https://www.qubes-os.org/doc/supported-versions/).
|
||||
* For a list of custom TemplateVMs available in QubesBuilder look at [Supported Versions page](/doc/supported-versions/).
|
||||
|
@ -311,10 +311,9 @@ When making contributions, please try to observe the following style conventions
|
||||
That belongs in the (S)CSS files instead.
|
||||
* Link only to images in [qubes-attachment] (see [instructions above](#how-to-add-images)).
|
||||
Do not link to images on other websites.
|
||||
* In order to enable offline browsing, use relative paths (e.g., `/doc/doc-guidelines/` instead of `https://www.qubes-os.org/doc/doc-guidelines/`, except when the source text will be reproduced outside of the Qubes website repo.
|
||||
* In order to enable offline browsing and automatic onion redirection, always use relative (rather than absolute) links, e.g., `/doc/doc-guidelines/` instead of `https://www.qubes-os.org/doc/doc-guidelines/`.
|
||||
Examples of exceptions:
|
||||
* [QSBs] (intended to be read as plain text)
|
||||
* [News] posts (plain text is reproduced on the [mailing lists][support])
|
||||
* The signed plain text portions of [QSBs] and [Canaries]
|
||||
* URLs that appear inside code blocks (e.g., in comments and document templates)
|
||||
* Files like `README.md` and `CONTRIBUTING.md`
|
||||
* Insert a newline at, and only at, the end of each sentence, except when the text will be reproduced outside of the Qubes website repo (see previous item for examples).
|
||||
@ -374,6 +373,7 @@ Please try to write good commit messages, according to the
|
||||
[version-example]: /doc/template/fedora/upgrade-25-to-26/
|
||||
[version-thread]: https://groups.google.com/d/topic/qubes-users/H9BZX4K9Ptk/discussion
|
||||
[QSBs]: /security/bulletins/
|
||||
[Canaries]: /security/canaries/
|
||||
[News]: /news/
|
||||
[md]: https://daringfireball.net/projects/markdown/
|
||||
[git-commit]: /doc/coding-style/#commit-message-guidelines
|
||||
|
@ -616,9 +616,9 @@ Details, reference: [#2233](https://github.com/QubesOS/qubes-issues/issues/2233)
|
||||
### Admin API Fuzzer
|
||||
|
||||
**Project**: Develop a [Fuzzer](https://en.wikipedia.org/wiki/Fuzzing) for the
|
||||
[Qubes OS Admin API](https://www.qubes-os.org/doc/admin-api/).
|
||||
[Qubes OS Admin API](/doc/admin-api/).
|
||||
|
||||
**Brief explanation**: The [Qubes OS Admin API](https://www.qubes-os.org/doc/admin-api/)
|
||||
**Brief explanation**: The [Qubes OS Admin API](/doc/admin-api/)
|
||||
enables VMs to execute privileged actions on other VMs or dom0 - if allowed by the Qubes OS RPC policy.
|
||||
Programming errors in the Admin API however may cause these access rights to be more permissive
|
||||
than anticipated by the programmer.
|
||||
|
@ -97,7 +97,7 @@ This could be helped by writing consolidated guide with with a clear list of sym
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Review existing [troubleshooting guides](https://www.qubes-os.org/doc/#troubleshooting)
|
||||
- Review existing [troubleshooting guides](/doc/#troubleshooting)
|
||||
- Review [issues][doc-issues] containing common troubleshooting steps (checking specific logs etc)
|
||||
- Propose updated, consolidated troubleshooting documentation, including its layout
|
||||
|
||||
|
@ -79,7 +79,7 @@ Known issues
|
||||
|
||||
* List of USB devices may contain device identifiers instead of name
|
||||
|
||||
* With R4.0.1, which ships kernel-4.19, you may never reach the anaconda startup and be block on an idle black screen with blinking cursor. You can try to add `plymouth.ignore-serial-consoles` in the grub installer boot menu right after `quiet rhgb`. With legacy mode, you can do it directly when booting the DVD or USB key. In UEFI mode, follow the same procedure described for [disabling](https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-freezes-before-getting-to-anaconda-qubes-40) `nouveau` module (related [solved issue](https://github.com/QubesOS/qubes-issues/issues/3849) in further version of Qubes).
|
||||
* With R4.0.1, which ships kernel-4.19, you may never reach the anaconda startup and be block on an idle black screen with blinking cursor. You can try to add `plymouth.ignore-serial-consoles` in the grub installer boot menu right after `quiet rhgb`. With legacy mode, you can do it directly when booting the DVD or USB key. In UEFI mode, follow the same procedure described for [disabling](/doc/uefi-troubleshooting/#installation-freezes-before-displaying-installer) `nouveau` module (related [solved issue](https://github.com/QubesOS/qubes-issues/issues/3849) in further version of Qubes).
|
||||
|
||||
* For other known issues take a look at [our tickets](https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Release+4.0%22+label%3Abug)
|
||||
|
||||
|
@ -202,7 +202,7 @@ This is why `qubes.StartApp` uses our standard `qrexec` argument grammar to stri
|
||||
### Service policies with arguments
|
||||
|
||||
Sometimes a service name alone isn't enough to make reasonable qrexec policy.
|
||||
One example of such a situation is [qrexec-based USB passthrough](https://www.qubes-os.org/doc/usb-devices/).
|
||||
One example of such a situation is [qrexec-based USB passthrough](/doc/usb-devices/).
|
||||
Using just a service name would make it difficult to express the policy "allow access to devices X and Y, but deny to all others."
|
||||
It isn't feasible to create a separate service for every device: we would need to change the code in multiple files any time we wanted to update the service.
|
||||
|
||||
|
@ -326,7 +326,7 @@ I tried to rebuild archlinux and got the same issue.
|
||||
The issue come from a systemd unit named "qubes-mount-dirs". We want to know more about that. We can't execute command into the qube, so let's shut it down.
|
||||
Then, we mount the archlinux root disk into a DisposableVM (
|
||||
[mount_lvm_image.sh](https://github.com/Qubes-Community/Contents/blob/master/code/OS-administration/mount_lvm_image.sh)
|
||||
& [mount-lvm-image](https://www.qubes-os.org/doc/mount-lvm-image/) )
|
||||
& [mount-lvm-image](/doc/mount-lvm-image/) )
|
||||
```shell_session
|
||||
$ ./mount_lvm_image.sh /dev/qubes_dom0/vm-archlinux-minimal-root fedora-dvm
|
||||
```
|
||||
|
2
external/configuration-guides/vpn.md
vendored
2
external/configuration-guides/vpn.md
vendored
@ -312,7 +312,7 @@ Configure your AppVMs to use the VPN VM as a NetVM...
|
||||
|
||||
![Settings-NetVM.png](/attachment/wiki/VPN/Settings-NetVM.png)
|
||||
|
||||
If you want to update your TemplateVMs through the VPN, you can enable the `qubes-updates-proxy` service for your new VPN VM and configure the [qubes-rpc policy](https://www.qubes-os.org/doc/software-update-domu/#updates-proxy).
|
||||
If you want to update your TemplateVMs through the VPN, you can enable the `qubes-updates-proxy` service for your new VPN VM and configure the [qubes-rpc policy](/doc/software-update-domu/#updates-proxy).
|
||||
|
||||
|
||||
Troubleshooting
|
||||
|
@ -14,7 +14,7 @@ Language Localization
|
||||
Enable UTF-8 in dom0 title bars
|
||||
-------------------------
|
||||
|
||||
You can enable UTF-8 characters in the title bar for all qubes or on a per-qube basis. Follow the instructions [here](https://www.qubes-os.org/doc/config-files/#gui-and-audio-configuration-in-dom0) for further information.
|
||||
You can enable UTF-8 characters in the title bar for all qubes or on a per-qube basis. Follow the instructions [here](/doc/config-files/#gui-and-audio-configuration-in-dom0) for further information.
|
||||
|
||||
How to set up pinyin input in Qubes
|
||||
-----------------------------------
|
||||
|
@ -68,6 +68,6 @@ The initial published version of this Code of Conduct was adapted from the [Cont
|
||||
[discussion guidelines]: /support/#discussion-guidelines
|
||||
[Contributor Covenant, version 1.4]: http://contributor-covenant.org/version/1/4
|
||||
[Rust Code of Conduct]: https://www.rust-lang.org/en-US/conduct.html
|
||||
[Marek Marczykowski-Górecki]: https://www.qubes-os.org/team/#marek-marczykowski-g%C3%B3recki
|
||||
[Andrew David Wong]: https://www.qubes-os.org/team/#andrew-david-wong
|
||||
[Michael Carbone]: https://www.qubes-os.org/team/#michael-carbone
|
||||
[Marek Marczykowski-Górecki]: /team/#marek-marczykowski-g%C3%B3recki
|
||||
[Andrew David Wong]: /team/#andrew-david-wong
|
||||
[Michael Carbone]: /team/#michael-carbone
|
||||
|
@ -761,7 +761,7 @@ There is also the unofficial [ansible-qubes toolkit][ansible].
|
||||
[network]: /doc/networking/
|
||||
[Note on dom0 and EOL]: /doc/supported-versions/#note-on-dom0-and-eol
|
||||
[paper-compart]: https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
|
||||
[Qubes Certified Hardware]: https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/
|
||||
[Qubes Certified Hardware]: /news/2016/07/21/new-hw-certification-for-q4/
|
||||
[Qubes-Whonix]: /doc/whonix/
|
||||
[render]: https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions
|
||||
[Salt]: /doc/salt/
|
||||
|
@ -181,8 +181,8 @@ Emergency Recovery Instructions
|
||||
https://github.com/QubesOS/qubes-doc.git
|
||||
|
||||
[scrypt]: https://www.tarsnap.com/scrypt.html
|
||||
[verify signatures]: https://www.qubes-os.org/security/verifying-signatures
|
||||
[get and verify the Release 4 Signing Key]: https://www.qubes-os.org/security/verifying-signatures/#2-get-the-release-signing-key
|
||||
[Emergency Backup Recovery without Qubes (v2)]: https://www.qubes-os.org/doc/backup-emergency-restore-v2/
|
||||
[Emergency Backup Recovery without Qubes (v3)]: https://www.qubes-os.org/doc/backup-emergency-restore-v3/
|
||||
[verify signatures]: /security/verifying-signatures
|
||||
[get and verify the Release 4 Signing Key]: /security/verifying-signatures/#2-get-the-release-signing-key
|
||||
[Emergency Backup Recovery without Qubes (v2)]: /doc/backup-emergency-restore-v2/
|
||||
[Emergency Backup Recovery without Qubes (v3)]: /doc/backup-emergency-restore-v3/
|
||||
|
||||
|
@ -42,7 +42,7 @@ When it is essential to avoid leaving any trace, consider using [Tails](https://
|
||||
|
||||
## DisposableVMs and Networking ##
|
||||
|
||||
Similarly to how AppVMs are based on their underlying [TemplateVM](https://www.qubes-os.org/doc/glossary/#templatevm), DisposableVMs are based on their underlying [DisposableVM Template](https://www.qubes-os.org/doc/glossary/#disposablevm-template).
|
||||
Similarly to how AppVMs are based on their underlying [TemplateVM](/doc/glossary/#templatevm), DisposableVMs are based on their underlying [DisposableVM Template](/doc/glossary/#disposablevm-template).
|
||||
R4.0 introduces the concept of multiple DisposableVM Templates, whereas R3.2 was limited to only one.
|
||||
|
||||
On a fresh installation of Qubes, the default DisposableVM Template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM).
|
||||
|
@ -81,7 +81,7 @@ Support for [two factor authentication][qubes u2f proxy] was recently added, tho
|
||||
[rubber duck]: https://shop.hak5.org/products/usb-rubber-ducky-deluxe
|
||||
[USB qube]: /doc/usb-qubes/
|
||||
[YubiKey]: /doc/YubiKey/
|
||||
[qubes u2f proxy]: https://www.qubes-os.org/news/2018/09/11/qubes-u2f-proxy/
|
||||
[qubes u2f proxy]: /news/2018/09/11/qubes-u2f-proxy/
|
||||
[4661]: https://github.com/QubesOS/qubes-issues/issues/4661
|
||||
[side channel attack]: https://en.wikipedia.org/wiki/Side-channel_attack
|
||||
[Xen PCI Passthrough: PV guests and PCI quirks]: https://wiki.xenproject.org/wiki/Xen_PCI_Passthrough#PV_guests_and_PCI_quirks
|
||||
|
@ -33,7 +33,7 @@ In order to edit rules for a given qube, select it in the Qubes Manager and pres
|
||||
![r4.1-manager-firewall.png](/attachment/wiki/QubesFirewall/r4.1-manager-firewall.png)
|
||||
|
||||
*R4.0 note:* ICMP and DNS are no longer accessible in the GUI, but can be changed via `qvm-firewall` described below.
|
||||
Connections to Updates Proxy are no longer made over network so can not be allowed or blocked with firewall rules (see [R4.0 Updates proxy](https://www.qubes-os.org/doc/software-update-vm/) for more detail.
|
||||
Connections to Updates Proxy are no longer made over network so can not be allowed or blocked with firewall rules (see [R4.0 Updates proxy](/doc/software-update-vm/) for more detail.
|
||||
|
||||
Note that if you specify a rule by DNS name it will be resolved to IP(s) *at the moment of applying the rules*, and not on the fly for each new connection.
|
||||
This means it will not work for servers using load balancing.
|
||||
|
@ -75,7 +75,7 @@ On boot, the keyboard may be inactive, preventing you from entering your LUKS de
|
||||
When you enable a USB qube, it hides all the USB controllers from dom0, even before it gets started.
|
||||
So, if your only keyboard is on USB, you should undo this hiding.
|
||||
|
||||
To solve the problem, disable the USB qube by not having it autostart, or unassigning your USB controller(s) from it. If you had created the USB qube by checking the box in the installer, then your USB controller(s) are probably hidden from dom0. To unhide them, reverse the procedure described in the [USB Qubes documentation](https://www.qubes-os.org/doc/usb-qubes/#how-to-hide-all-usb-controllers-from-dom0) (under "How to hide all USB controllers from dom0"). That is, remove `rd.qubes.hide_all_usb`, instead of adding it.
|
||||
To solve the problem, disable the USB qube by not having it autostart, or unassigning your USB controller(s) from it. If you had created the USB qube by checking the box in the installer, then your USB controller(s) are probably hidden from dom0. To unhide them, reverse the procedure described in the [USB Qubes documentation](/doc/usb-qubes/#how-to-hide-all-usb-controllers-from-dom0) (under "How to hide all USB controllers from dom0"). That is, remove `rd.qubes.hide_all_usb`, instead of adding it.
|
||||
|
||||
Note that this procedure will attach your USB controllers to dom0, so do this only with USB devices you trust.
|
||||
|
||||
|
@ -10,7 +10,7 @@ redirect_from:
|
||||
|
||||
## VM Kernel troubleshooting ##
|
||||
|
||||
This troubleshoot applies to the non-default kernel choice described in the [Managing VM docs](https://www.qubes-os.org/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm).
|
||||
This troubleshoot applies to the non-default kernel choice described in the [Managing VM docs](/doc/managing-vm-kernel/#using-kernel-installed-in-the-vm).
|
||||
|
||||
In case of problems, you can access the VM console using `qvm-console-dispvm VMNAME` in dom0, then access the GRUB menu.
|
||||
You need to call it just after starting the VM (until `GRUB_TIMEOUT` expires); for example, in a separate dom0 terminal window.
|
||||
|
Loading…
Reference in New Issue
Block a user