From 8610e98b65096dcc613ba3c9839a82686d8b26d2 Mon Sep 17 00:00:00 2001 From: Hakisho Nukama Date: Mon, 2 Mar 2015 05:09:37 +0000 Subject: [PATCH] Updated links, shortened CamelCase names for navigation bar --- DisposableVms.md | 4 ++-- GUIdocs.md | 2 +- GettingStarted.md | 8 ++++---- HvmCreate.md | 14 +++++++------- InstallationGuideR2.md | 4 ++-- InstallationGuideR2B3.md | 4 ++-- InstallationGuideR2rc1.md | 4 ++-- InstallationGuideR2rc2.md | 4 ++-- ManagingAppVmShortcuts.md | 4 ++-- Profiling.md | 2 +- Qrexec2Implementation.md | 2 +- QubesArchitecture.md | 2 +- QubesContacts.md | 2 +- QubesDevelopers.md | 2 +- QubesDocs.md | 2 +- QubesDownloads.md | 2 +- QubesFirewall.md | 2 +- QubesLicensing.md | 2 +- QubesLists.md | 2 +- QubesScreenshots.md | 36 ++++++++++++++++++------------------ QubesSecurity.md | 2 +- SystemDoc.md | 2 +- TemplateImplementation.md | 2 +- TestTest.md | 2 +- UserDoc.md | 2 +- UserDoc/SplitGpg.md | 8 ++++---- VPN.md | 6 +++--- WindowsAppVms.md | 6 +++--- WindowsTools.md | 2 +- home.md | 6 +++--- 30 files changed, 71 insertions(+), 71 deletions(-) diff --git a/DisposableVms.md b/DisposableVms.md index 0574e39f..31199058 100644 --- a/DisposableVms.md +++ b/DisposableVms.md @@ -17,14 +17,14 @@ Opening a file in a Disposable VM (via GUI) In some AppVM, right click on the file you wish to open in a Disposable VM (in the Nautilus file manager), then choose Scripts -\> Open in Disposable VM. Wait a few seconds and an default application for this file type should appear displaying the file content. This app is running in a whole new VM -- a disposable VM created for the purpose of view this very file. Once you close the viewing application then whole Disposable VM will get destroyed. -[![No image "r1-open-in-dispvm-1.png" attached to DisposableVms](/chrome/common/attachment.png "No image "r1-open-in-dispvm-1.png" attached to DisposableVms")](/attachment/wiki/DisposableVms/r1-open-in-dispvm-1.png) [![No image "r1-open-in-dispvm-2.png" attached to DisposableVms](/chrome/common/attachment.png "No image "r1-open-in-dispvm-2.png" attached to DisposableVms")](/attachment/wiki/DisposableVms/r1-open-in-dispvm-2.png) +![r1-open-in-dispvm-1.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-1.png) ![r1-open-in-dispvm-2.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-2.png) Opening a fresh web browser instance in a new Disposable VM ----------------------------------------------------------- Sometimes it is convenient to open a fresh instance of Firefox within a new fresh Disposable VM. This can be easily done by using the Start Menu: just go to Start -\> Disposable VM -\> Firefox and wait a few seconds until a web browser starts. Once you close the viewing application then whole Disposable VM will get destroyed. -[![No image "r1-open-in-dispvm-3.png" attached to DisposableVms](/chrome/common/attachment.png "No image "r1-open-in-dispvm-3.png" attached to DisposableVms")](/attachment/wiki/DisposableVms/r1-open-in-dispvm-3.png) +![r1-open-in-dispvm-3.png](/attachment/wiki/DisposableVms/r1-open-in-dispvm-3.png) Opening a file in a Disposable VM via command line (from AppVM) --------------------------------------------------------------- diff --git a/GUIdocs.md b/GUIdocs.md index cd724911..938f5f4d 100644 --- a/GUIdocs.md +++ b/GUIdocs.md @@ -54,7 +54,7 @@ To sum up, this solution has the following benefits: - no changes to Xorg code - minimal size of the supporting code -[![No image "gui.png" attached to GUIdocs](/chrome/common/attachment.png "No image "gui.png" attached to GUIdocs")](/attachment/wiki/GUIdocs/gui.png) +![gui.png](/attachment/wiki/GUIdocs/gui.png) Security markers on dom0 windows -------------------------------- diff --git a/GettingStarted.md b/GettingStarted.md index b2bb5902..622eb659 100644 --- a/GettingStarted.md +++ b/GettingStarted.md @@ -24,7 +24,7 @@ If you've installed Qubes using the default options, a few domains have already Each domain, apart from having a distinct name, is also assigned a **label**, which is one of several pre-defined colors. The trusted window manager uses these colors in order to draw window decorations (color frames) around the windows of applications running in each domain. These allow you to quickly and easily identify the trust level of a given window at a glance. It's totally up to you how you'd like to interpret these colors. Personally, I find it natural to associate red with that which is untrusted and dangerous (the “red light” -- stop! danger!), green with that which is safe and trusted, and yellow and orange with things in the middle. I've also extended this scheme to include blue and black, which I interpret as indicating progressively more trusted domains than green, with black being ultimately trusted. -[![No image "snapshot12.png" attached to GettingStarted](/chrome/common/attachment.png "No image "snapshot12.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/snapshot12.png) +![snapshot12.png](/attachment/wiki/GettingStarted/snapshot12.png) In addition to AppVMs and TemplateVMs, there's one special domain called "dom0," which is where the Desktop Manager runs. This is where you log in to the system. Dom0 is more trusted than any other domain (including TemplateVMs and black-labeled domains). If dom0 were ever compromised, it would be Game OverTM. (The entire system would effectively be compromised.) Due to its overarching importance, dom0 has no network connectivity and is used only for running the Window and Desktop Managers. Dom0 shouldn't be used for anything else. In particular, [you should never run user applications in dom0](/wiki/SecurityGuidelines#Dom0Precautions). (That's what your AppVMs are for!) @@ -35,11 +35,11 @@ All aspects of the Qubes system can be controlled using command line tools run u Various command line tools are described as part of this guide, and the whole reference can be found [here](/wiki/DomZeroTools). -[![No image "r2b1-dom0-konsole.png" attached to GettingStarted](/chrome/common/attachment.png "No image "r2b1-dom0-konsole.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/r2b1-dom0-konsole.png) +![r2b1-dom0-konsole.png](/attachment/wiki/GettingStarted/r2b1-dom0-konsole.png) Alternatively, you can use a rather intuitive GUI tool called **Qubes VM Manager**. It supports most of the functionality that command line tools provide. The Qubes VM Manager starts and opens automatically when Qubes starts up, but you can also start it by going to Start-\>System Tools-\>Qubes Manager. Once the Qubes VM Manager is running, you can open the window at any time by clicking on the Qubes tray icon, which typically resides in the bottom-right corner of the screen. -[![No image "r2b1-qubes-manager-2.png" attached to GettingStarted](/chrome/common/attachment.png "No image "r2b1-qubes-manager-2.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/r2b1-qubes-manager-2.png) +![r2b1-qubes-manager-2.png](/attachment/wiki/GettingStarted/r2b1-qubes-manager-2.png) Starting Apps in Domains ------------------------ @@ -48,7 +48,7 @@ Apps can be started either by using the shortcuts in the Desktop Manager's menu You can start apps directly from the start menu. Each domain has its own menu directory under the scheme **Domain: \**. After navigating into one of these directories, simply click on the application you'd like to start: -[![No image "r2b1-appsmenu-1.png" attached to GettingStarted](/chrome/common/attachment.png "No image "r2b1-appsmenu-1.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/r2b1-appsmenu-1.png) [![No image "r2b1-appsmenu-3.png" attached to GettingStarted](/chrome/common/attachment.png "No image "r2b1-appsmenu-3.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/r2b1-appsmenu-3.png) +![r2b1-appsmenu-1.png](/attachment/wiki/GettingStarted/r2b1-appsmenu-1.png) ![r2b1-appsmenu-3.png](/attachment/wiki/GettingStarted/r2b1-appsmenu-3.png) By default, each domain's menu contains only a few shortcuts. If you'd like to add more, simply click **Add more shortcuts...**, select the desired applictions, and click **OK**. You can also add shortcuts manually. (This is sometimes necessary if the desired application doesn't show up in the Qubes VM Manager window.) To do this in KDE, right-click on the **Start** button and click **Menu Editor**. Click the domain directory in which you'd like the menu to appear, click **New Item**, enter its name as **\: \**, and provide the command for starting the app (see below). Then click **Save** and wait approximately 15 seconds for the changes to propagate to the KDE menu. diff --git a/HvmCreate.md b/HvmCreate.md index c39dcfb2..ec395076 100644 --- a/HvmCreate.md +++ b/HvmCreate.md @@ -39,7 +39,7 @@ qvm-start win7 --cdrom=/dev/cdrom Now, the VM will start booting from the attached CDROM device, which in the example above just happens to be the Windows 7 installation disk. Depending on the OS that is being installed in the VM, one might be required to start the VM several times (as is the case e.g. with Windows 7 installation), because whenever the installer wants to "reboot the system", it actually shutdowns the VM (and Qubes won't automatically start it), so several invocations of qvm-start command (as shown above) might be needed. -[![No image "r2b1-win7-installing.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-win7-installing.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-win7-installing.png) +![r2b1-win7-installing.png](attachment/wiki/HvmCreate/r2b1-win7-installing.png) Using Installation ISOs located in other VMs -------------------------------------------- @@ -59,7 +59,7 @@ qvm-start ubuntu --cdrom=work-web:/home/user/Downloads/ubuntu-12.10-desktop-i386 Of course the AppVM where the ISO is kept must also be running for this to work (this VM is now serving the ISO and acting as a disk backend). -[![No image "r2b1-installing-ubuntu-1.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-installing-ubuntu-1.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-installing-ubuntu-1.png) +![r2b1-installing-ubuntu-1.png](/attachment/wiki/HvmCreate/r2b1-installing-ubuntu-1.png) Setting up networking for HVM domains ------------------------------------- @@ -72,7 +72,7 @@ Even though we do have a small DHCP server (that runs inside HVM untrusted stub In order to manually configure networking in a VM, one should first find out the IP/netmask/gateway assigned to the particular VM by Qubes. This can be seen e.g. in the Qubes Manager in the VM's properties: -[![No image "r2b1-manager-networking-config.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-manager-networking-config.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-manager-networking-config.png) +![r2b1-manager-networking-config.png](/attachment/wiki/HvmCreate/r2b1-manager-networking-config.png) Alternatively, one can use `qvm-ls -n` command to obtain the same information. @@ -229,11 +229,11 @@ qvm-start lab-win7 --cdrom=/usr/lib/qubes/qubes-windows-tools-201211301354.iso Once the Windows VM boots, a CDROM should appear in the 'My Computer' menu (typically as `D:`) with a setup program in its main directory: -[![No image "r2b1-win7-installing-qubes-tools-1.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-win7-installing-qubes-tools-1.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-1.png) +![r2b1-win7-installing-qubes-tools-1.png](/attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-1.png) Before proceeding with the installation we need to disable Windows mechanism that allows only signed drivers to be installed, because currently the drivers we provide as part of the Windows Support Tools are not digitally signed with a publicly recognizable certificate. How to do that is explained in the `README` file also located on the installation CDROM. In the future this step will not be necessary anymore, because we will sign our drivers with a publicly verifiable certificate. However, it should be noted that even now, the fact that those drivers are not digitally signed, this doesn't affect security of the Windows VM in 'any' way. This is because the actual installation ISO (the `qubes-windows-tools-*.iso` file) is distributed as a signed RPM package and its signature is verified by the `qubes-dom0-update` utility once it's being installed in Dom0. The only downside of those drivers not being signed is the inconvenience to the user that he or she must disable the signature enforcement policy before installing the tools, and also to accept a few scary looking warning windows during the installation process, as shown below. -[![No image "r2b1-win7-installing-qubes-tools-2.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-win7-installing-qubes-tools-2.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-2.png) [![No image "r2b1-win7-installing-qubes-tools-4.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-win7-installing-qubes-tools-4.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-4.png) [![No image "r2b1-win7-installing-qubes-tools-5.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-win7-installing-qubes-tools-5.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-5.png) +![r2b1-win7-installing-qubes-tools-2.png](attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-2.png) ![r2b1-win7-installing-qubes-tools-4.png](attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-4.png) ![r2b1-win7-installing-qubes-tools-5.png](/attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-5.png) After successful installation, the Windows VM must be shut down. @@ -286,7 +286,7 @@ Another things to check are if clipboard copy/paste and file copy works fine wit And the screenshot below illustrates the Send To entries in a Windows VM that can be used to copy/send files to other Qubes domains: -[![No image "win7-sendto-another-vm.png" attached to HvmCreate](/chrome/common/attachment.png "No image "win7-sendto-another-vm.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/win7-sendto-another-vm.png) +![win7-sendto-another-vm.png](/attachment/wiki/HvmCreate/win7-sendto-another-vm.png) Assigning PCI devices to HVM domains ------------------------------------ @@ -295,7 +295,7 @@ HVM domains (including Windows VMs) can be [assigned PCI devices](/wiki/Assignin Once problem, however, at the moment, is that after the whole system gets suspend into S3 sleep, and subsequently resumed, such attached devices stop working and should be restarted within the VM. Under Windows this can be achieved by opening the Device Manager, selecting the actual device, such as a USB controller, and then first 'Disabling', and then 'Enabling' the device again. This is illustrated on the screenshot below: -[![No image "r2b1-win7-usb-disable.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-win7-usb-disable.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-win7-usb-disable.png) +![r2b1-win7-usb-disable.png](/attachment/wiki/HvmCreate/r2b1-win7-usb-disable.png) Further reading --------------- diff --git a/InstallationGuideR2.md b/InstallationGuideR2.md index cccc1e53..6a034405 100644 --- a/InstallationGuideR2.md +++ b/InstallationGuideR2.md @@ -56,7 +56,7 @@ Then, when finally ready, boot your system from the installer DVD and follow the The installer loads Xen right at the beginning, so chances are high that if you can see the installer's graphical screen, Qubes will work on your system :) -[![No image "qubes-r2-installer-welcome.png" attached to InstallationGuideR2](/chrome/common/attachment.png "No image "qubes-r2-installer-welcome.png" attached to InstallationGuideR2")](/attachment/wiki/InstallationGuideR2/qubes-r2-installer-welcome.png) +![qubes-r2-installer-welcome.png](/attachment/wiki/InstallationGuideR2/qubes-r2-installer-welcome.png) Upgrading --------- @@ -70,7 +70,7 @@ Troubleshooting problems with the installer If the installer fails for some reason, typically because of the graphics card not being correctly supported, it is possible to try booting the installer with a different kernel -- to do that, choose Troubleshooting menu in the Installer Welcome screen, and later choose an option to proceed with one of the kernels provided: -[![No image "qubes-r2-installer-troubleshooting.png" attached to InstallationGuideR2](/chrome/common/attachment.png "No image "qubes-r2-installer-troubleshooting.png" attached to InstallationGuideR2")](/attachment/wiki/InstallationGuideR2/qubes-r2-installer-troubleshooting.png) +![qubes-r2-installer-troubleshooting.png](/attachment/wiki/InstallationGuideR2/qubes-r2-installer-troubleshooting.png) The installer ships with 4 different kernels (3.12, 3.11, 3.9 and 3.7) and all those kernel will be installed (regardless of which is selected to run the installer) so it is later always possible to boot the Qubes OS using any of those kernels. diff --git a/InstallationGuideR2B3.md b/InstallationGuideR2B3.md index 60d94dac..b503316f 100644 --- a/InstallationGuideR2B3.md +++ b/InstallationGuideR2B3.md @@ -57,7 +57,7 @@ Then, when finally ready, boot your system from the installer DVD and follow the The installer loads Xen right at the beginning, so chances are high that if you can see the installer's graphical screen, Qubes will work on your system :) -[![No image "r2b3-installer-welcome.png" attached to InstallationGuideR2B3](/chrome/common/attachment.png "No image "r2b3-installer-welcome.png" attached to InstallationGuideR2B3")](/attachment/wiki/InstallationGuideR2B3/r2b3-installer-welcome.png) +![r2b3-installer-welcome.png](/attachment/wiki/InstallationGuideR2B3/r2b3-installer-welcome.png) Upgrading from Qubes R1 or R2 Beta 2 ------------------------------------ @@ -83,7 +83,7 @@ Troubleshooting problems with the installer If the installer fails for some reason, typically because of the graphics card not being correctly supported, it is possible to try booting the installer with a different kernel -- to do that, choose Troubleshooting menu in the Installer Welcome screen, and later choose an option to proceed with one of the kernels provided: -[![No image "r2b3-installer-troubleshooting.png" attached to InstallationGuideR2B3](/chrome/common/attachment.png "No image "r2b3-installer-troubleshooting.png" attached to InstallationGuideR2B3")](/attachment/wiki/InstallationGuideR2B3/r2b3-installer-troubleshooting.png) +![r2b3-installer-troubleshooting.png](/attachment/wiki/InstallationGuideR2B3/r2b3-installer-troubleshooting.png) The installer ships with 3 different kernels (3.11, 3.9 and 3.7) and all those kernel will be installed (regardless of which is selected to run the installer) so it is later always possible to boot the Qubes OS using any of those kernels. diff --git a/InstallationGuideR2rc1.md b/InstallationGuideR2rc1.md index 3a9db534..6c988e66 100644 --- a/InstallationGuideR2rc1.md +++ b/InstallationGuideR2rc1.md @@ -56,7 +56,7 @@ Then, when finally ready, boot your system from the installer DVD and follow the The installer loads Xen right at the beginning, so chances are high that if you can see the installer's graphical screen, Qubes will work on your system :) -[![No image "qubes-r2-rc1-installer-welcome.png" attached to InstallationGuideR2rc1](/chrome/common/attachment.png "No image "qubes-r2-rc1-installer-welcome.png" attached to InstallationGuideR2rc1")](/attachment/wiki/InstallationGuideR2rc1/qubes-r2-rc1-installer-welcome.png) +![qubes-r2-rc1-installer-welcome.png](/attachment/wiki/InstallationGuideR2rc1/qubes-r2-rc1-installer-welcome.png) Upgrading --------- @@ -72,7 +72,7 @@ Troubleshooting problems with the installer If the installer fails for some reason, typically because of the graphics card not being correctly supported, it is possible to try booting the installer with a different kernel -- to do that, choose Troubleshooting menu in the Installer Welcome screen, and later choose an option to proceed with one of the kernels provided: -[![No image "qubes-r2-rc1-installer-troubleshooting.png" attached to InstallationGuideR2rc1](/chrome/common/attachment.png "No image "qubes-r2-rc1-installer-troubleshooting.png" attached to InstallationGuideR2rc1")](/attachment/wiki/InstallationGuideR2rc1/qubes-r2-rc1-installer-troubleshooting.png) +![qubes-r2-rc1-installer-troubleshooting.png](/attachment/wiki/InstallationGuideR2rc1/qubes-r2-rc1-installer-troubleshooting.png) The installer ships with 4 different kernels (3.12, 3.11, 3.9 and 3.7) and all those kernel will be installed (regardless of which is selected to run the installer) so it is later always possible to boot the Qubes OS using any of those kernels. diff --git a/InstallationGuideR2rc2.md b/InstallationGuideR2rc2.md index b28bc81e..7e79f31b 100644 --- a/InstallationGuideR2rc2.md +++ b/InstallationGuideR2rc2.md @@ -56,7 +56,7 @@ Then, when finally ready, boot your system from the installer DVD and follow the The installer loads Xen right at the beginning, so chances are high that if you can see the installer's graphical screen, Qubes will work on your system :) -[![No image "qubes-r2-rc2-installer-welcome.png" attached to InstallationGuideR2rc2](/chrome/common/attachment.png "No image "qubes-r2-rc2-installer-welcome.png" attached to InstallationGuideR2rc2")](/attachment/wiki/InstallationGuideR2rc2/qubes-r2-rc2-installer-welcome.png) +![qubes-r2-rc2-installer-welcome.png](/attachment/wiki/InstallationGuideR2rc2/qubes-r2-rc2-installer-welcome.png) Upgrading --------- @@ -70,7 +70,7 @@ Troubleshooting problems with the installer If the installer fails for some reason, typically because of the graphics card not being correctly supported, it is possible to try booting the installer with a different kernel -- to do that, choose Troubleshooting menu in the Installer Welcome screen, and later choose an option to proceed with one of the kernels provided: -[![No image "qubes-r2-rc2-installer-troubleshooting.png" attached to InstallationGuideR2rc2](/chrome/common/attachment.png "No image "qubes-r2-rc2-installer-troubleshooting.png" attached to InstallationGuideR2rc2")](/attachment/wiki/InstallationGuideR2rc2/qubes-r2-rc2-installer-troubleshooting.png) +![qubes-r2-rc2-installer-troubleshooting.png](/attachment/wiki/InstallationGuideR2rc2/qubes-r2-rc2-installer-troubleshooting.png) The installer ships with 4 different kernels (3.12, 3.11, 3.9 and 3.7) and all those kernel will be installed (regardless of which is selected to run the installer) so it is later always possible to boot the Qubes OS using any of those kernels. diff --git a/ManagingAppVmShortcuts.md b/ManagingAppVmShortcuts.md index 827f1cb6..9b22fe92 100644 --- a/ManagingAppVmShortcuts.md +++ b/ManagingAppVmShortcuts.md @@ -9,7 +9,7 @@ Managing shortcuts to applications in AppVMs For ease of use Qubes aggregates shortcuts to applications that are installed in AppVMs and shows them in one "start menu" in dom0. Clicking on such shortcut runs the assigned application in its AppVM. -[![No image "dom0-menu.png" attached to ManagingAppVmShortcuts](/chrome/common/attachment.png "No image "dom0-menu.png" attached to ManagingAppVmShortcuts")](/attachment/wiki/ManagingAppVmShortcuts/dom0-menu.png) +![dom0-menu.png"](/attachment/wiki/ManagingAppVmShortcuts/dom0-menu.png) To make newly installed applications show up in the menu, use the **qvm-sync-appmenus** command (Linux VMs does this automatically): @@ -17,7 +17,7 @@ To make newly installed applications show up in the menu, use the **qvm-sync-app After that, select the *Add more shortcuts* entry in VM's submenu to customize which applications are shown: -[![No image "dom0-appmenu-select.png" attached to ManagingAppVmShortcuts](/chrome/common/attachment.png "No image "dom0-appmenu-select.png" attached to ManagingAppVmShortcuts")](/attachment/wiki/ManagingAppVmShortcuts/dom0-appmenu-select.png) +![dom0-appmenu-select.png"](/attachment/wiki/ManagingAppVmShortcuts/dom0-appmenu-select.png) The above image shows that Windows HVMs are also supported (provided that Qubes Tools are installed). diff --git a/Profiling.md b/Profiling.md index 0f321cb7..d6670831 100644 --- a/Profiling.md +++ b/Profiling.md @@ -89,6 +89,6 @@ Example This example is from `qubes-manager` (`qubesmanager/main.py`). -[![No image "update\_table-20140424-170010.svg" attached to Profiling](/chrome/common/attachment.png "No image "update_table-20140424-170010.svg" attached to Profiling")](/attachment/wiki/Profiling/update_table-20140424-170010.svg) +!["update\_table-20140424-170010.svg"](//attachment/wiki/Profiling/update_table-20140424-170010.svg) It is apparent than problem is around `get_disk_usage` which calls something via `subprocess.call`. It does it 15 times, probably once per VM. diff --git a/Qrexec2Implementation.md b/Qrexec2Implementation.md index d357e0fd..726928da 100644 --- a/Qrexec2Implementation.md +++ b/Qrexec2Implementation.md @@ -49,7 +49,7 @@ Note: this section is not needed to use qrexec for writing Qubes apps. Also note The VM-VM channels in Qubes R2 are made via "gluing" two VM-Dom0 and Dom0-VM vchan connections: -[![No image "qrexec2-internals.png" attached to Qrexec2Implementation](/chrome/common/attachment.png "No image "qrexec2-internals.png" attached to Qrexec2Implementation")](/attachment/wiki/Qrexec2Implementation/qrexec2-internals.png) +![qrexec2-internals.png](/attachment/wiki/Qrexec2Implementation/qrexec2-internals.png) Note: Dom0 never examines the actual data flowing in neither of the two vchan connections. diff --git a/QubesArchitecture.md b/QubesArchitecture.md index 6a0b4f50..c44baaca 100644 --- a/QubesArchitecture.md +++ b/QubesArchitecture.md @@ -11,7 +11,7 @@ Qubes implements a Security by Isolation approach. To do this, Qubes utilizes vi Qubes lets the user define many security domains, which are implemented as lightweight Virtual Machines (VMs), or “AppVMs.” For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” AppVMs and can use the applications within those VMs just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between the AppVMs, of course. -[![No image "qubes-arch-diagram-1.png" attached to QubesArchitecture](/chrome/common/attachment.png "No image "qubes-arch-diagram-1.png" attached to QubesArchitecture")](/attachment/wiki/QubesArchitecture/qubes-arch-diagram-1.png) +![QubesArchitecture](/attachments/wiki/QubesArchitecture/qubes-arch-diagram-1.png) (Note: In the diagram above, "Storage domain" is actually a USB domain.) diff --git a/QubesContacts.md b/QubesContacts.md index b3d0d148..68351cad 100644 --- a/QubesContacts.md +++ b/QubesContacts.md @@ -1,6 +1,6 @@ --- layout: wiki -title: QubesContacts +title: Contacts permalink: /wiki/QubesContacts/ --- diff --git a/QubesDevelopers.md b/QubesDevelopers.md index b95db480..92cc3f55 100644 --- a/QubesDevelopers.md +++ b/QubesDevelopers.md @@ -1,6 +1,6 @@ --- layout: wiki -title: QubesDevelopers +title: Developers permalink: /wiki/QubesDevelopers/ --- diff --git a/QubesDocs.md b/QubesDocs.md index cc01578b..254f4667 100644 --- a/QubesDocs.md +++ b/QubesDocs.md @@ -1,6 +1,6 @@ --- layout: wiki -title: QubesDocs +title: Documentation permalink: /wiki/QubesDocs/ --- diff --git a/QubesDownloads.md b/QubesDownloads.md index 184a8d63..589cf51d 100644 --- a/QubesDownloads.md +++ b/QubesDownloads.md @@ -1,6 +1,6 @@ --- layout: wiki -title: QubesDownloads +title: Downloads permalink: /wiki/QubesDownloads/ --- diff --git a/QubesFirewall.md b/QubesFirewall.md index 2aab561b..77a449bd 100644 --- a/QubesFirewall.md +++ b/QubesFirewall.md @@ -22,7 +22,7 @@ How to edit rules In order to edit rules for a given domain, select this domain in the Qubes Manager and press the "firewall" button: -[![No image "r2b1-manager-firewall.png" attached to QubesFirewall](/chrome/common/attachment.png "No image "r2b1-manager-firewall.png" attached to QubesFirewall")](/attachment/wiki/QubesFirewall/r2b1-manager-firewall.png) +![r2b1-manager-firewall.png](/attachment/wiki/QubesFirewall/r2b1-manager-firewall.png) Note that if you specify a rule by DNS name it will be resolved to IP(s) *at the moment of applying the rules*, and not on the fly for each new connection. This means it will not work for serves using load balancing. More on this in the message quoted below. diff --git a/QubesLicensing.md b/QubesLicensing.md index e47912d1..e5a904af 100644 --- a/QubesLicensing.md +++ b/QubesLicensing.md @@ -1,6 +1,6 @@ --- layout: wiki -title: QubesLicensing +title: Licensing permalink: /wiki/QubesLicensing/ --- diff --git a/QubesLists.md b/QubesLists.md index e32b0607..8a25a40e 100644 --- a/QubesLists.md +++ b/QubesLists.md @@ -1,6 +1,6 @@ --- layout: wiki -title: QubesLists +title: Mailing Lists permalink: /wiki/QubesLists/ --- diff --git a/QubesScreenshots.md b/QubesScreenshots.md index b071c744..02c49432 100644 --- a/QubesScreenshots.md +++ b/QubesScreenshots.md @@ -1,91 +1,91 @@ --- layout: wiki -title: QubesScreenshots +title: Screenshots permalink: /wiki/QubesScreenshots/ --- Select Qubes OS Screenshots =========================== -[![No image "r2b2-kde-start-menu.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-kde-start-menu.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-kde-start-menu.png) +[![r2b2-kde-start-menu.png](/attachment/wiki/QubesScreenshots/r2b2-kde-start-menu.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-start-menu.png) Starting applications from different domains (AppVMs) is very easy. * * * * * -[![No image "r2b2-kde-three-domains-at-work.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-kde-three-domains-at-work.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains-at-work.png) +[![r2b2-kde-three-domains-at-work.png](/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains-at-work.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains-at-work.png) In this example, the word processor runs in the “work” domain, which has been assigned the “green” label. It is fully isolated from other domains, such as the “untrusted” domain (assigned the “red” label -- “Watch out!”, “Danger!”) used for random Web browsing, news reading, as well as from the "work-web" domain (assigned the "yellow" label), which is used for work-related Web browsing that is not security critical. Apps from different domains run in different AppVMs and have different X servers, filesystems, etc. Notice the different color frames (labels) and VM names in the titlebars. These are drawn by the trusted Window Manager running in Dom0, and apps running in domains cannot fake them: * * * * * -[![No image "r2b3-windows-seamless-1.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b3-windows-seamless-1.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-1.png) +[![r2b3-windows-seamless-1.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-1.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-1.png) Qubes Release 2 can also run Windows AppVMs in seamless mode, integrated onto the common Qubes trusted desktop, just like Linux AppVMs! The seamless GUI integration has been introduced in Qubes R2 Beta 3. This requires our dedicated Qubes Windows Support Tools to be installed in the Windows VMs first. The Qubes Windows Tools are proprietary but we distribute the binaries for free with current Qubes OS releases. * * * * * -[![No image "r2b3-windows-seamless-filecopy.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b3-windows-seamless-filecopy.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-filecopy.png) +[![r2b3-windows-seamless-filecopy.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-filecopy.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-filecopy.png) Windows AppVMs are fully integrated with the rest of the Qubes OS system, which includes things such as secure, policy governed, inter-VM file copy, clipboard, and generally whole our elastic qrexec infrastructure for secure inter-VM RPC! Starting with Qubes R2 Beta 3 we also support HVM-based templates allowing to instantly create many Windows AppVMs with shared "root filesystem" from the Template VM (but one should ensure their license allows for such instantiation of the OS in the template). Just like with Linux AppVMs! * * * * * -[![No image "r2b2-xfce4-programmers-desktop-2.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-xfce4-programmers-desktop-2.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-xfce4-programmers-desktop-2.png) +[![r2b2-xfce4-programmers-desktop-2.png](/attachment/wiki/QubesScreenshots/r2b2-xfce4-programmers-desktop-2.png)](/attachment/wiki/QubesScreenshots/r2b2-xfce4-programmers-desktop-2.png) Here we see Xfce4.10 Window Manager running in Dom0 (instead of KDE as on previous screens). Qubes supports customized Xfce4 in dom0 beginning with R2 Beta 2! * * * * * -[![No image "password-prompt.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "password-prompt.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/password-prompt.png) +[![password-prompt.png](/attachment/wiki/QubesScreenshots/password-prompt.png)](/attachment/wiki/QubesScreenshots/password-prompt.png) It is always clearly visible to which domain a given window belongs. Here it’s immediately clear that the passphrase-prompting window belongs to some domain with the “green” label. When we look at the titlebar, we see “[work]”, which is the name of the actual domain. Theoretically, the untrusted application (here, the “red” Firefox) beneath the prompt window could draw a similar looking window within its contents. In practice, this would be very hard, because it doesn’t know, e.g., the exact decoration style that is in use. However, if this is a concern, the user can simply try to move the more trusted window onto some empty space on the desktop such that no other window is present beneath it. Or, better yet, use the Expose-like effect (available via a hot-key). A malicious application from an untrusted domain cannot spoof the whole desktop because the trusted Window Manager will never let any domain “own” the whole screen. Its titlebar will always be visible. * * * * * -[![No image "r2b2-kde-tray-icons.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-kde-tray-icons.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-kde-tray-icons.png) +[![r2b2-kde-tray-icons.png](/attachment/wiki/QubesScreenshots/r2b2-kde-tray-icons.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-tray-icons.png) Qubes is all about seamless integration from the user’s point of view. Here you can see how it virtualizes tray icons from other domains. Notice the network icon in a red frame. This icon is in fact managed by the Network Manager running in a separate NetVM. The notes icon (with the green frame around it) has been drawn by the note-taking app running in the work domain (which has the "green" label). * * * * * -[![No image "r2b2-manager-and-netvm-network-prompt.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-manager-and-netvm-network-prompt.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-manager-and-netvm-network-prompt.png) +[![r2b2-manager-and-netvm-network-prompt.png](/attachment/wiki/QubesScreenshots/r2b2-manager-and-netvm-network-prompt.png)](/attachment/wiki/QubesScreenshots/r2b2-manager-and-netvm-network-prompt.png) All the networking runs in a special, unprivileged NetVM. (Notice the red frame around the Network Manager dialog box on the screen above.) This means that in the event that your network card driver, Wi-Fi stack, or DHCP client is compromised, the integrity of the rest of the system will not be affected! This feature requires Intel VT-d or AMD IOMMU hardware (e.g., Core i5/i7 systems). * * * * * -[![No image "r2b2-software-update.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-software-update.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-software-update.png) +[![r2b2-software-update.png](/attachment/wiki/QubesScreenshots/r2b2-software-update.png)](/attachment/wiki/QubesScreenshots/r2b2-software-update.png) Qubes lets you update all the software in all the domains all at once, in a centralized way. This is possible thanks to Qubes' unique TemplateVM technology. Note that the user is not required to shut down any AppVMs (domains) for the update process. This can be done later, at a convenient moment, and separately for each AppVM. * * * * * -[![No image "copy-paste-1.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "copy-paste-1.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/copy-paste-1.png) [![No image "copy-paste-2.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "copy-paste-2.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/copy-paste-2.png) +[![copy-paste-1.png](/attachment/wiki/QubesScreenshots/copy-paste-1.png)](/attachment/wiki/QubesScreenshots/copy-paste-1.png) [![copy-paste-2.png](/attachment/wiki/QubesScreenshots/copy-paste-2.png)](/attachment/wiki/QubesScreenshots/copy-paste-2.png) Qubes supports secure copy-and-paste operations between AppVMs. Only the user can initiate a copy or paste operation using a special key combination (Ctrl-Shift-C/V). Other AppVMs have no access to the clipboard buffer, so they cannot steal data from the clipboard. Only the user decides which AppVM should be given access to the clipboard. (This is done by selecting the destination AppVM’s window and pressing the Ctrl-Shift-V combination.) * * * * * -[![No image "r2b2-copy-to-other-appvm-1.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-copy-to-other-appvm-1.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-1.png) [![No image "r2b2-copy-to-other-appvm-3.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-copy-to-other-appvm-3.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-3.png) +[!["r2b2-copy-to-other-appvm-1.png](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-1.png)](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-1.png) [![r2b2-copy-to-other-appvm-3.png](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-3.png)](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-3.png) Qubes also supports secure file copying between AppVMs. * * * * * -[![No image "r2b2-open-in-dispvm-1.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-open-in-dispvm-1.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-1.png) [![No image "r2b2-open-in-dispvm-3.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-open-in-dispvm-3.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-3.png) +[![r2b2-open-in-dispvm-1.png](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-1.png)](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-1.png) [![r2b2-open-in-dispvm-3.png](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-3.png)](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-3.png) Qubes' unique Disposable VMs (DispVMs) allow the user to open any file in a disposable VM in a matter of seconds! A file can be edited in a disposable VM, and any changes are projected back onto the original file. Currently, there is no way to mark files to be automatically opened in a disposable VM (one needs to right-click on the file and choose the "Open in Disposable VM" option), but this is planned for the R2 Beta 3 release. * * * * * -[![No image "r2b2-convert-to-trusted-pdf-3.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-convert-to-trusted-pdf-3.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-convert-to-trusted-pdf-3.png) [![No image "r2b2-converting-pdf-2.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-converting-pdf-2.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-converting-pdf-2.png) +[![r2b2-convert-to-trusted-pdf-3.png](/attachment/wiki/QubesScreenshots/r2b2-convert-to-trusted-pdf-3.png)](/attachment/wiki/QubesScreenshots/r2b2-convert-to-trusted-pdf-3.png) [![r2b2-converting-pdf-2.png](/attachment/wiki/QubesScreenshots/r2b2-converting-pdf-2.png)](/attachment/wiki/QubesScreenshots/r2b2-converting-pdf-2.png) Qubes provides an advanced infrastructure for programming inter-VM services, such as a PDF converter for untrusted files (which is described in [​this article](http://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html)). * * * * * -[![No image "r2b1-manager-firewall.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b1-manager-firewall.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b1-manager-firewall.png) +[![r2b1-manager-firewall.png](/attachment/wiki/QubesScreenshots/r2b1-manager-firewall.png)](/attachment/wiki/QubesScreenshots/r2b1-manager-firewall.png) Qubes provides a dedicated firewall that itself runs in an isolated FirewallVM. @@ -93,8 +93,8 @@ Qubes provides a dedicated firewall that itself runs in an isolated FirewallVM. And some more screenshots: -[![No image "r2b2-xfce4-start-menu-3.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-xfce4-start-menu-3.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-xfce4-start-menu-3.png) +[![r2b2-xfce4-start-menu-3.png](/attachment/wiki/QubesScreenshots/r2b2-xfce4-start-menu-3.png)](/attachment/wiki/QubesScreenshots/r2b2-xfce4-start-menu-3.png) -[![No image "r2b2-kde-red-and-green-terminals.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b2-kde-red-and-green-terminals.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b2-kde-red-and-green-terminals.png) +[![r2b2-kde-red-and-green-terminals.png](/attachment/wiki/QubesScreenshots/r2b2-kde-red-and-green-terminals.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-red-and-green-terminals.png) -[![No image "r2b3-windows-seamless-2.png" attached to QubesScreenshots](/chrome/common/attachment.png "No image "r2b3-windows-seamless-2.png" attached to QubesScreenshots")](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png) +[![r2b3-windows-seamless-2.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png) diff --git a/QubesSecurity.md b/QubesSecurity.md index c0673da4..ba822c99 100644 --- a/QubesSecurity.md +++ b/QubesSecurity.md @@ -1,6 +1,6 @@ --- layout: wiki -title: QubesSecurity +title: Security permalink: /wiki/QubesSecurity/ --- diff --git a/SystemDoc.md b/SystemDoc.md index d8c0b8ea..2d711d73 100644 --- a/SystemDoc.md +++ b/SystemDoc.md @@ -1,6 +1,6 @@ --- layout: wiki -title: SystemDoc +title: System Documentation permalink: /wiki/SystemDoc/ --- diff --git a/TemplateImplementation.md b/TemplateImplementation.md index a02114de..ecd5b951 100644 --- a/TemplateImplementation.md +++ b/TemplateImplementation.md @@ -46,7 +46,7 @@ TemplateVM has a shared root.img across all AppVMs that are based on it. This me There are two layers of the device-mapper snapshot device; the first one enables modifying root.img without stopping the AppVMs and the second one, which is contained in the AppVM, enables temporal modifications to its filesystem. These modifications will be discarded after a restart of the AppVM. -[![No image "TemplateSharing2.png" attached to TemplateImplementation](/chrome/common/attachment.png "No image "TemplateSharing2.png" attached to TemplateImplementation")](/attachment/wiki/TemplateImplementation/TemplateSharing2.png) +![TemplateSharing2.png](attachment/wiki/TemplateImplementation/TemplateSharing2.png) Snapshot device in Dom0 ----------------------- diff --git a/TestTest.md b/TestTest.md index c0567b1e..cc8339ed 100644 --- a/TestTest.md +++ b/TestTest.md @@ -9,4 +9,4 @@ This is a test page Please ignore. -[![No image "snapshot1.png" attached to TestTest](/chrome/common/attachment.png "No image "snapshot1.png" attached to TestTest")](/attachment/wiki/TestTest/snapshot1.png) +![snapshot1.png](/attachment/wiki/TestTest/snapshot1.png) diff --git a/UserDoc.md b/UserDoc.md index eb0c4c79..b6108235 100644 --- a/UserDoc.md +++ b/UserDoc.md @@ -1,6 +1,6 @@ --- layout: wiki -title: UserDoc +title: User Documentation permalink: /wiki/UserDoc/ --- diff --git a/UserDoc/SplitGpg.md b/UserDoc/SplitGpg.md index 3272e058..b32ce1a0 100644 --- a/UserDoc/SplitGpg.md +++ b/UserDoc/SplitGpg.md @@ -14,7 +14,7 @@ Split GPG implements a concept similar to having a smart card with your private The diagram below presents the big picture of Split GPG architecture. -[![No image "split-gpg-diagram.png" attached to UserDoc/SplitGpg](/chrome/common/attachment.png "No image "split-gpg-diagram.png" attached to UserDoc/SplitGpg")](/attachment/wiki/UserDoc/SplitGpg/split-gpg-diagram.png) +![split-gpg-diagram.png](/attachment/wiki/UserDoc/SplitGpg/split-gpg-diagram.png) ### Advantages of Split GPG vs. traditional GPG with a smart card @@ -22,7 +22,7 @@ It is often thought that the use of smart cards for private key storage guarante With Qubes Split GPG this problem is drastically minimized, because each time the key is to be used the user is asked for consent (with a definable time out, 5 minutes by default), plus is always notified each time the key is used via a tray notification from the domain where GPG backend is running. This way it would be easy to spot unexpected requests to decrypt documents. -[![No image "r2-split-gpg-1.png" attached to UserDoc/SplitGpg](/chrome/common/attachment.png "No image "r2-split-gpg-1.png" attached to UserDoc/SplitGpg")](/attachment/wiki/UserDoc/SplitGpg/r2-split-gpg-1.png) [![No image "r2-split-gpg-3.png" attached to UserDoc/SplitGpg](/chrome/common/attachment.png "No image "r2-split-gpg-3.png" attached to UserDoc/SplitGpg")](/attachment/wiki/UserDoc/SplitGpg/r2-split-gpg-3.png) +![r2-split-gpg-1.png](/attachment/wiki/UserDoc/SplitGpg/r2-split-gpg-1.png) ![r2-split-gpg-3.png](/attachment/wiki/UserDoc/SplitGpg/r2-split-gpg-3.png) ### Current limitations @@ -82,7 +82,7 @@ Note that running normal `gpg -K` in the demo above shows no private keys stored However, when using Thunderbird with Enigmail extension it is not enough, because Thunderbird doesn't preserve the environment variables. Instead it is recommended to use a simple script provided by `/usr/bin/qubes-gpg-client-wrapper` file by pointing Enigmail to use this script instead of the standard GnuPG binary: -[![No image "tb-enigmail-split-gpg-settings-2.png" attached to UserDoc/SplitGpg](/chrome/common/attachment.png "No image "tb-enigmail-split-gpg-settings-2.png" attached to UserDoc/SplitGpg")](/attachment/wiki/UserDoc/SplitGpg/tb-enigmail-split-gpg-settings-2.png) +![tb-enigmail-split-gpg-settings-2.png](/attachment/wiki/UserDoc/SplitGpg/tb-enigmail-split-gpg-settings-2.png) The script also sets the QUBES\_GPG\_DOMAIN variable automatically based on the content of the file `/rw/config/gpg-split-domain`, which should be set to the name of the GPG backend VM. This file survives the AppVM reboot, of course. @@ -102,7 +102,7 @@ Use `qubes-gpg-import-key` in the client AppVM to import the key into the GPG ba [user@work ~]$ qubes-gpg-import-key ~/Downloads/marmarek.asc ``` -[![No image "r2-split-gpg-5.png" attached to UserDoc/SplitGpg](/chrome/common/attachment.png "No image "r2-split-gpg-5.png" attached to UserDoc/SplitGpg")](/attachment/wiki/UserDoc/SplitGpg/r2-split-gpg-5.png) +![r2-split-gpg-5.png](/attachment/wiki/UserDoc/SplitGpg/r2-split-gpg-5.png) Advanced: Using Split GPG with Subkeys -------------------------------------- diff --git a/VPN.md b/VPN.md index 70f8692a..18585dfc 100644 --- a/VPN.md +++ b/VPN.md @@ -38,14 +38,14 @@ Using a ProxyVM to set up a VPN client will gives you the ability to: 1. check (`rpm -q qubes-core-vm`) if you have the package **qubes-core-vm** version **2.1.36** (or later) 2. create a new VM and check the ProxyVM radio button -[![No image "Create\_New\_VM.png" attached to VPN](/chrome/common/attachment.png "No image "Create_New_VM.png" attached to VPN")](/attachment/wiki/VPN/Create_New_VM.png) +![Create\_New\_VM.png](/attachment/wiki/VPN/Create_New_VM.png) 1. add the network-manager service to this new VM -[![No image "Settings-services.png" attached to VPN](/chrome/common/attachment.png "No image "Settings-services.png" attached to VPN")](/attachment/wiki/VPN/Settings-services.png) +![Settings-services.png](/attachment/wiki/VPN/Settings-services.png) 1. set up Your VPN as described in the Network Manager documentation linked above. 1. connect your AppVMs to use the new VM as a NetVM. -[![No image "Settings-NetVM.png" attached to VPN](/chrome/common/attachment.png "No image "Settings-NetVM.png" attached to VPN")](/attachment/wiki/VPN/Settings-NetVM.png) +[![Settings-NetVM.png](/attachment/wiki/VPN/Settings-NetVM.png) diff --git a/WindowsAppVms.md b/WindowsAppVms.md index 205a3f13..13f8ca90 100644 --- a/WindowsAppVms.md +++ b/WindowsAppVms.md @@ -47,7 +47,7 @@ Once the Windows VM boots, a CDROM should appear in the 'My Computer' menu (typi Before proceeding with the installation we need to disable Windows mechanism that allows only signed drivers to be installed, because currently (beta releases) the drivers we provide as part of the Windows Support Tools are not digitally signed with a publicly recognizable certificate. How to do that is explained in the `README` file also located on the installation CDROM. In the future this step will not be necessary anymore, because we will sign our drivers with a publicly verifiable certificate. However, it should be noted that even now, the fact that those drivers are not digitally signed, this doesn't affect security of the Windows VM in 'any' way. This is because the actual installation ISO (the `qubes-windows-tools-*.iso` file) is distributed as a signed RPM package and its signature is verified by the `qubes-dom0-update` utility once it's being installed in Dom0. The only downside of those drivers not being signed is the inconvenience to the user that he or she must disable the signature enforcement policy before installing the tools, and also to accept a few scary looking warning windows during the installation process, as shown below. -[![No image "r2b1-win7-installing-qubes-tools-5.png" attached to HvmCreate](/chrome/common/attachment.png "No image "r2b1-win7-installing-qubes-tools-5.png" attached to HvmCreate")](/attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-5.png) +![r2b1-win7-installing-qubes-tools-5.png](/attachment/wiki/HvmCreate/r2b1-win7-installing-qubes-tools-5.png) After successful installation, the Windows VM must be shut down and started again. @@ -66,7 +66,7 @@ Once you start a Windows-based AppVM with Qubes Tools installed, you can easily qvm-run -a my-win7-appvm explorer.exe ``` -[![No image "windows-seamless-4.png" attached to WindowsAppVms](/chrome/common/attachment.png "No image "windows-seamless-4.png" attached to WindowsAppVms")](/attachment/wiki/WindowsAppVms/windows-seamless-4.png) [![No image "windows-seamless-1.png" attached to WindowsAppVms](/chrome/common/attachment.png "No image "windows-seamless-1.png" attached to WindowsAppVms")](/attachment/wiki/WindowsAppVms/windows-seamless-1.png) +![windows-seamless-4.png](/attachment/wiki/WindowsAppVms/windows-seamless-4.png) ![windows-seamless-1.png](/attachment/wiki/WindowsAppVms/windows-seamless-1.png) Also, the inter-VM services work as usual -- e.g. to request opening a document or URL in the Windows AppVM from another VM: @@ -82,7 +82,7 @@ Also, the inter-VM services work as usual -- e.g. to request opening a document Inter-VM file copy and clipboard works for Windows AppVMs the same way as for Linux AppVM (except that we don't provide a command line wrapper, `qvm-copy-to-vm` in Windows VMs) -- to copy files from Windows AppVMs just right-click on the file in Explorer, and choose: Send To-\> Other AppVM. -[![No image "windows-seamless-7.png" attached to WindowsAppVms](/chrome/common/attachment.png "No image "windows-seamless-7.png" attached to WindowsAppVms")](/attachment/wiki/WindowsAppVms/windows-seamless-7.png) +![windows-seamless-7.png](/attachment/wiki/WindowsAppVms/windows-seamless-7.png) Forcing Windows AppVM into full desktop mode -------------------------------------------- diff --git a/WindowsTools.md b/WindowsTools.md index 319d80f2..bb307ec3 100644 --- a/WindowsTools.md +++ b/WindowsTools.md @@ -51,7 +51,7 @@ Debug and Verbose levels can generate large volume of logs and are intended for To override global settings for a specific component, create a new key under the root key mentioned above and name it as the executable name, without `.exe` extension. For example, to change qrexec-agent's log level to Debug, set it like this: -[![No image "qtw-log-level.png" attached to WindowsTools](/chrome/common/attachment.png "No image "qtw-log-level.png" attached to WindowsTools")](/attachment/wiki/WindowsTools/qtw-log-level.png) +![qtw-log-level.png](/attachment/wiki/WindowsTools/qtw-log-level.png) Component-specific settings currently available: diff --git a/home.md b/home.md index 2ba7afe7..cc9ec7d3 100644 --- a/home.md +++ b/home.md @@ -1,14 +1,14 @@ --- layout: wiki -title: WikiStart +title: home permalink: /wiki/ --- -[![No image "qubes-arch-diagram-1.png" attached to QubesArchitecture](/chrome/common/attachment.png "No image "qubes-arch-diagram-1.png" attached to QubesArchitecture")](/wiki/QubesArchitecture) - Welcome to the Qubes OS Project =============================== +[![Qubes OS Architecture](/attachment/wiki/QubesArchitecture/qubes-arch-diagram-1.png)](/wiki/QubesArchitecture) + Qubes is an open-source operating system designed to provide strong security for desktop computing using **Security by Compartmentalization** approach. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. Qubes **Release 1** was released in September 2012 and **Release 2** in September 2014. Qubes also supports Windows-based AppVMs beginning with Release 2 (currently in "Beta"). Qubes **Release 3** is coming soon and will introduce **Hypervisor Abstraction Layer (HAL)**, allowing easy porting to alternative virtualization systems. - [A Simple Introduction to Qubes](/wiki/SimpleIntro)