From c813fd0f49eb4d715fb2c2bbe92ca24dd1eb9175 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Mon, 15 Jul 2019 05:12:50 +0530 Subject: [PATCH 001/141] Update https://www.qubes-os.org/doc/config-files/ --- user/advanced-configuration/config-files.md | 108 ++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/user/advanced-configuration/config-files.md b/user/advanced-configuration/config-files.md index ca1fc3f0..66ef70c0 100644 --- a/user/advanced-configuration/config-files.md +++ b/user/advanced-configuration/config-files.md @@ -95,6 +95,43 @@ global: { #secure_paste_sequence = "Ctrl-Shift-v"; #windows_count_limit = 500; #audio_low_latency = false; + #screen + #root_win + #root_width + #root_height + #context + #frame_gc + #tray_gc + #tint_h + #inter_appviewer_lock_fd + #domid + #target_domid + #agent_version + #cmdline_color + #label_color_rgb + #cmdline_icon + #icon_data + #icon_data_len + #label_index + #screen_window + #clipboard_requested + #windows_count + #log_level + #nofork + #invisible + #kill_on_connect + #allow_utf8_titles + #allow_fullscreen + #copy_seq_mask + #paste_seq_mask + #qrexec_clipboard + #use_kdialog + #audio_low_latency + #prefix_titles + #trayicon_mode + #trayicon_border + #trayicon_tint_reduce_saturation + #trayicon_tint_whitehack }; # most of setting can be set per-VM basis @@ -127,3 +164,74 @@ Currently supported settings: - `audio_low_latency` - force low-latency audio mode (about 40ms compared to 200-500ms by default). Note that this will cause much higher CPU usage in dom0. +- `screen` - Points on default screen + +- `root_win` - Root attributes + +- `root_width` - Size of root window + +- `context` - context for pixmap operations + +- `frame_gc` - graphics context for painting window frame + +- `tray_gc` - graphic context for painting tray background, only in + TRAY_BACKGROUND mode + +- `tint_h` - precomputed H and S for tray coloring - only in TRAY_TINT mode + +- `inter_appviewer_lock_fd` - FD of lock file used to synchronize shared memory + access + +- `domid` - Xen domain id (GUI) + +- `target_domid` - Xen domain id (VM) - can differ from domid when GUI is + stubdom + +- `cmdline_color` - color of frame + +- `label_color_rgb` - color of the frame in RGB + +- `cmdline_icon` - icon hint for WM + +- `icon_data` - loaded icon image, ready for \_NEW\_WM\_ICON property + +- `icon_data_len` - size of icon\_data, in sizeof(\*icon\_data) units + +- `label_index` - label (frame color) hint for WM + +- `screen_window` - window of whole VM screen + +- `clipboard_requested` - if clippoard content was requested by dom0 + +- `clipboard_xevent_time` - timestamp of keypress which triggered last + copy/paste + +- `windows_count` - created window count + +- `nofork` - do not fork into background - used during guid restart + +- `invisible` - do not show any VM window + +- `kill_on_connect` - pid to kill when connection to gui agent is established + +- `allow_utf8_titles` - allow UTF-8 chars in window title + +- `copy_seq_mask` - modifiers mask for secure-copy key sequence + +- `paste_seq_mask` - modifiers mask for secure-paste key sequence + +- `qrexec_clipboard` - 0: use GUI protocol to fetch/put clipboard, 1: use qrexec + +- `use_kdialog` - use kdialog for prompts (default on KDE) or zenity (default on + non-KDE) + +- `trayicon_mode` - trayicon coloring mode + +- `trayicon_border` - position of trayicon border - 0 - no border, 1 - at the + edges, 2 - 1px from the edges + +- `trayicon_tint_reduce_saturation` - trayicon\_tint\_reduce\_saturation + +- `trayicon_tint_whitehack` - replace white pixels with almost-white 0xfefefe + (available only for "tint" mode) + From 46f681a2d05cd4267d87b7a4dbe490dbc48d8551 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Mon, 15 Jul 2019 05:44:13 +0530 Subject: [PATCH 002/141] Fix variables --- user/advanced-configuration/config-files.md | 115 +------------------- 1 file changed, 6 insertions(+), 109 deletions(-) diff --git a/user/advanced-configuration/config-files.md b/user/advanced-configuration/config-files.md index 66ef70c0..dc2957b7 100644 --- a/user/advanced-configuration/config-files.md +++ b/user/advanced-configuration/config-files.md @@ -95,43 +95,9 @@ global: { #secure_paste_sequence = "Ctrl-Shift-v"; #windows_count_limit = 500; #audio_low_latency = false; - #screen - #root_win - #root_width - #root_height - #context - #frame_gc - #tray_gc - #tint_h - #inter_appviewer_lock_fd - #domid - #target_domid - #agent_version - #cmdline_color - #label_color_rgb - #cmdline_icon - #icon_data - #icon_data_len - #label_index - #screen_window - #clipboard_requested - #windows_count - #log_level - #nofork - #invisible - #kill_on_connect - #allow_utf8_titles - #allow_fullscreen - #copy_seq_mask - #paste_seq_mask - #qrexec_clipboard - #use_kdialog - #audio_low_latency - #prefix_titles - #trayicon_mode - #trayicon_border - #trayicon_tint_reduce_saturation - #trayicon_tint_whitehack + #log_level = info; + #trayicon_mode = "border1"; + #startup_timeout = 91; }; # most of setting can be set per-VM basis @@ -159,79 +125,10 @@ Currently supported settings: - `secure_copy_sequence` and `secure_paste_sequence` - key sequences used to trigger secure copy and paste. -- `windows_count_limit` - limit on concurrent windows. - -- `audio_low_latency` - force low-latency audio mode (about 40ms compared to 200-500ms by default). - Note that this will cause much higher CPU usage in dom0. - -- `screen` - Points on default screen - -- `root_win` - Root attributes - -- `root_width` - Size of root window - -- `context` - context for pixmap operations - -- `frame_gc` - graphics context for painting window frame - -- `tray_gc` - graphic context for painting tray background, only in - TRAY_BACKGROUND mode - -- `tint_h` - precomputed H and S for tray coloring - only in TRAY_TINT mode - -- `inter_appviewer_lock_fd` - FD of lock file used to synchronize shared memory - access - -- `domid` - Xen domain id (GUI) - -- `target_domid` - Xen domain id (VM) - can differ from domid when GUI is - stubdom - -- `cmdline_color` - color of frame - -- `label_color_rgb` - color of the frame in RGB - -- `cmdline_icon` - icon hint for WM - -- `icon_data` - loaded icon image, ready for \_NEW\_WM\_ICON property - -- `icon_data_len` - size of icon\_data, in sizeof(\*icon\_data) units - -- `label_index` - label (frame color) hint for WM - -- `screen_window` - window of whole VM screen - -- `clipboard_requested` - if clippoard content was requested by dom0 - -- `clipboard_xevent_time` - timestamp of keypress which triggered last - copy/paste - -- `windows_count` - created window count - -- `nofork` - do not fork into background - used during guid restart - -- `invisible` - do not show any VM window - -- `kill_on_connect` - pid to kill when connection to gui agent is established - -- `allow_utf8_titles` - allow UTF-8 chars in window title - -- `copy_seq_mask` - modifiers mask for secure-copy key sequence - -- `paste_seq_mask` - modifiers mask for secure-paste key sequence - -- `qrexec_clipboard` - 0: use GUI protocol to fetch/put clipboard, 1: use qrexec - -- `use_kdialog` - use kdialog for prompts (default on KDE) or zenity (default on - non-KDE) - `trayicon_mode` - trayicon coloring mode -- `trayicon_border` - position of trayicon border - 0 - no border, 1 - at the - edges, 2 - 1px from the edges - -- `trayicon_tint_reduce_saturation` - trayicon\_tint\_reduce\_saturation - -- `trayicon_tint_whitehack` - replace white pixels with almost-white 0xfefefe - (available only for "tint" mode) +- `log level` - log level defines the log options log can take. This can be + `ERROR`, `WARN`, `INFO`, `DEBUG`, `LOG_LEVEL_MAX`. +- `startup_timeout` - The timeout for startup. From df0093d4f85d03f63a94ef62bab5591a3f6b44f2 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 16 Jul 2019 20:00:01 +0530 Subject: [PATCH 003/141] Add proper description for config parameters --- user/advanced-configuration/config-files.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/user/advanced-configuration/config-files.md b/user/advanced-configuration/config-files.md index dc2957b7..28f75a22 100644 --- a/user/advanced-configuration/config-files.md +++ b/user/advanced-configuration/config-files.md @@ -126,9 +126,18 @@ Currently supported settings: - `secure_copy_sequence` and `secure_paste_sequence` - key sequences used to trigger secure copy and paste. -- `trayicon_mode` - trayicon coloring mode +- `trayicon_mode` - defines the trayicon coloring mode. Options are + - `bg` - color full icon background to the VM color + - `border1` - add 1px border at the icon edges + - `border2` - add 1px border 1px from the icon edges + - `tint` - tinttint icon to the VM color, can be used with additional + modifiers (you can enable multiple of them) + - `tint+border1,tint+border2` - same as tint, but also add a border + - `tint+saturation50` - same as tint, but reduce icon saturation by 50% + - `tint+whitehack` - same as tint, but change white pixels (0xffffff) to + almost-white (0xfefefe) -- `log level` - log level defines the log options log can take. This can be - `ERROR`, `WARN`, `INFO`, `DEBUG`, `LOG_LEVEL_MAX`. +- `log level` - log level defines the log options log can take. log level can + have a value of 0(only errors), 1(some basic messages), 2(debug). - `startup_timeout` - The timeout for startup. From 4d2a8a4e9b5c15f27e4ba15127367686e61559e7 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Tue, 16 Jul 2019 20:10:14 +0530 Subject: [PATCH 004/141] Fix spaces issue --- user/advanced-configuration/config-files.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/user/advanced-configuration/config-files.md b/user/advanced-configuration/config-files.md index 28f75a22..7a54714e 100644 --- a/user/advanced-configuration/config-files.md +++ b/user/advanced-configuration/config-files.md @@ -128,13 +128,13 @@ Currently supported settings: - `trayicon_mode` - defines the trayicon coloring mode. Options are - `bg` - color full icon background to the VM color - - `border1` - add 1px border at the icon edges - - `border2` - add 1px border 1px from the icon edges - - `tint` - tinttint icon to the VM color, can be used with additional + - `border1` - add 1px border at the icon edges + - `border2` - add 1px border 1px from the icon edges + - `tint` - tinttint icon to the VM color, can be used with additional modifiers (you can enable multiple of them) - - `tint+border1,tint+border2` - same as tint, but also add a border - - `tint+saturation50` - same as tint, but reduce icon saturation by 50% - - `tint+whitehack` - same as tint, but change white pixels (0xffffff) to + - `tint+border1,tint+border2` - same as tint, but also add a border + - `tint+saturation50` - same as tint, but reduce icon saturation by 50% + - `tint+whitehack` - same as tint, but change white pixels (0xffffff) to almost-white (0xfefefe) - `log level` - log level defines the log options log can take. log level can From f4e84c8eaf0044fbd24de349b130074375cee81a Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Thu, 18 Jul 2019 02:08:57 +0530 Subject: [PATCH 005/141] Fix Travis CI issue --- user/advanced-configuration/config-files.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/user/advanced-configuration/config-files.md b/user/advanced-configuration/config-files.md index 7a54714e..3e10cc9b 100644 --- a/user/advanced-configuration/config-files.md +++ b/user/advanced-configuration/config-files.md @@ -127,15 +127,15 @@ Currently supported settings: - `trayicon_mode` - defines the trayicon coloring mode. Options are - - `bg` - color full icon background to the VM color - - `border1` - add 1px border at the icon edges - - `border2` - add 1px border 1px from the icon edges - - `tint` - tinttint icon to the VM color, can be used with additional - modifiers (you can enable multiple of them) - - `tint+border1,tint+border2` - same as tint, but also add a border - - `tint+saturation50` - same as tint, but reduce icon saturation by 50% - - `tint+whitehack` - same as tint, but change white pixels (0xffffff) to - almost-white (0xfefefe) + - `bg` - color full icon background to the VM color + - `border1` - add 1px border at the icon edges + - `border2` - add 1px border 1px from the icon edges + - `tint` - tinttint icon to the VM color, can be used with additional + modifiers (you can enable multiple of them) + - `tint+border1,tint+border2` - same as tint, but also add a border + - `tint+saturation50` - same as tint, but reduce icon saturation by 50% + - `tint+whitehack` - same as tint, but change white pixels (0xffffff) to + almost-white (0xfefefe) - `log level` - log level defines the log options log can take. log level can have a value of 0(only errors), 1(some basic messages), 2(debug). From 9427e1bb21c35b0ef4f322635af649a6898a15df Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Fri, 19 Jul 2019 13:02:51 +0530 Subject: [PATCH 006/141] Added audio_low_latency and dom0 line --- user/advanced-configuration/config-files.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/user/advanced-configuration/config-files.md b/user/advanced-configuration/config-files.md index 3e10cc9b..5b2c6aef 100644 --- a/user/advanced-configuration/config-files.md +++ b/user/advanced-configuration/config-files.md @@ -125,6 +125,9 @@ Currently supported settings: - `secure_copy_sequence` and `secure_paste_sequence` - key sequences used to trigger secure copy and paste. +- `audio_low_latency` - force low-latency audio mode (about 40ms compared to 200-500ms by default). + Note that this will cause much higher CPU usage in dom0. It's enabled by + default, disabling it may save CPU in dom0. - `trayicon_mode` - defines the trayicon coloring mode. Options are - `bg` - color full icon background to the VM color From 88ac06094b704840d75eef0ff87d0d16ebdbd442 Mon Sep 17 00:00:00 2001 From: Tapasweni Pathak Date: Fri, 19 Jul 2019 13:03:56 +0530 Subject: [PATCH 007/141] Add log_level as 1 remove info --- user/advanced-configuration/config-files.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/advanced-configuration/config-files.md b/user/advanced-configuration/config-files.md index 5b2c6aef..aea1f614 100644 --- a/user/advanced-configuration/config-files.md +++ b/user/advanced-configuration/config-files.md @@ -95,7 +95,7 @@ global: { #secure_paste_sequence = "Ctrl-Shift-v"; #windows_count_limit = 500; #audio_low_latency = false; - #log_level = info; + #log_level = 1; #trayicon_mode = "border1"; #startup_timeout = 91; }; From 0afe62c1c0d1cfe3ae2568ae9224335cd8b787ab Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 1 Aug 2019 21:01:46 -0500 Subject: [PATCH 008/141] Create Hardware Testing page --- user/hardware/hardware-testing.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 user/hardware/hardware-testing.md diff --git a/user/hardware/hardware-testing.md b/user/hardware/hardware-testing.md new file mode 100644 index 00000000..e745e11e --- /dev/null +++ b/user/hardware/hardware-testing.md @@ -0,0 +1,28 @@ +--- +layout: doc +title: Hardware Testing +permalink: /doc/hardware-testing/ +--- + +# Hardware Testing + +The Qubes developers test Qubes OS on certain hardware models. + +## Tested Models + +These hardware models have been (and continue to be) tested and work well with Qubes OS: + + - Lenovo ThinkPad X1 Carbon Gen 5 + +Note: The Lenovo X and T series are similar enough to assume similar compatibility of the matching model from the other series. + +## Desired Models + +The Qubes devs would like to tese these models, but the hardware is not available to us. +If anyone is willing to lend or donate these models to us, we would be happy to test them: + + - Lenovo Thinkpad T or X series with Intel 8th Gen CPU and integrated graphics + - Dell Latitude with Intel 8th Gen CPU and integrated graphics + +Note: The Lenovo X and T series are similar enough to assume similar compatibility of the matching model from the other series. + From 532e66b52526ddec720814ee2c0670b67e69032c Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Thu, 1 Aug 2019 21:11:27 -0500 Subject: [PATCH 009/141] Link to Hardware Testing and Certified Hardware pages --- doc.md | 1 + user/hardware/certified-hardware.md | 4 ++++ user/hardware/hcl.html | 1 + user/hardware/hcl.md | 7 +++++++ user/hardware/system-requirements.md | 2 ++ 5 files changed, 15 insertions(+) diff --git a/doc.md b/doc.md index ef225308..2e5440fb 100644 --- a/doc.md +++ b/doc.md @@ -45,6 +45,7 @@ Core documentation for Qubes users. * [System Requirements](/doc/system-requirements/) * [Certified Hardware](/doc/certified-hardware/) * [Hardware Compatibility List (HCL)](/hcl/) + * [Hardware Testing](/doc/hardware-testing/) ### Downloading, Installing, and Upgrading Qubes diff --git a/user/hardware/certified-hardware.md b/user/hardware/certified-hardware.md index 374ba4ad..8f9d9c4c 100644 --- a/user/hardware/certified-hardware.md +++ b/user/hardware/certified-hardware.md @@ -15,6 +15,9 @@ We aim for these vendors to be as diverse as possible in terms of geography, cos Note, however, that we certify only that a particular hardware *configuration* is *supported* by Qubes. We take no responsibility for our partners' manufacturing or shipping processes, nor can we control whether physical hardware is modified (whether maliciously or otherwise) *en route* to the user. +There are also other hardware models on which we have tested Qubes OS. +See [Hardware Testing] for details. + ## Qubes-certified Laptop: Insurgo PrivacyBeast X230 @@ -84,6 +87,7 @@ While we are willing to troubleshoot simple issues, we will need to charge a con If you are interested in having your hardware certified, please [contact us]. +[Hardware Testing]: /doc/hardware-testing/ [stateless laptop]: https://blog.invisiblethings.org/2015/12/23/state_harmful.html [System Requirements]: /doc/system-requirements/ [Hardware Compatibility List]: /hcl/ diff --git a/user/hardware/hcl.html b/user/hardware/hcl.html index 3217c02d..216676a9 100644 --- a/user/hardware/hcl.html +++ b/user/hardware/hcl.html @@ -29,6 +29,7 @@ redirect_from: /compatible-hardware/
  • How do I Submit a Report?
  • Qubes OS System Requirements
  • Certified Hardware
  • +
  • Hardware Testing
  • diff --git a/user/hardware/hcl.md b/user/hardware/hcl.md index 758f3e5f..5b9b6562 100644 --- a/user/hardware/hcl.md +++ b/user/hardware/hcl.md @@ -29,6 +29,8 @@ If using the list to make a purchasing decision, we recommend that you choose ha - the best achievable Qubes security level (green columns in HVM, IOMMU, TPM) - and general machine compatibility (green columns in Qubes version, dom0 kernel, remarks). +Also see [Certified Hardware] and [Hardware Testing]. + Generating and Submitting New Reports ------------------------------------- @@ -44,3 +46,8 @@ Please consider sending the **HCL Support Files** `.cpio.gz` file as well. To ge **Please note:** The **HCL Support Files** may contain numerous hardware details, including serial numbers. If, for privacy or security reasons, you do not wish to make this information public, please **do not** send the `.cpio.gz` file to the public mailing list. + + +[Certified Hardware]: /doc/certified-hardware/ +[Hardware Testing]: /doc/hardware-testing/ + diff --git a/user/hardware/system-requirements.md b/user/hardware/system-requirements.md index 80aa357c..9149f114 100644 --- a/user/hardware/system-requirements.md +++ b/user/hardware/system-requirements.md @@ -65,6 +65,7 @@ redirect_from: * Please see the [Hardware Compatibility List] for a compilation of hardware reports generated and submitted by users across various Qubes versions. (For more information about the HCL itself, see [here][hcl-doc].) * See the [Certified Hardware] page. + * See the [Hardware Testing] page. ## Important Notes ## @@ -85,6 +86,7 @@ redirect_from: [nvidia]: /doc/install-nvidia-driver/ [hardware certification requirements for Qubes 4.x]: /news/2016/07/21/new-hw-certification-for-q4/ [Certified Hardware]: /doc/certified-hardware/ +[Hardware Testing]: /doc/hardware-testing/ [Hardware Compatibility List]: /hcl/ [hcl-doc]: /doc/hcl/ [hcl-report]: /doc/hcl/#generating-and-submitting-new-reports From 43fbc97fbaaf7721d1724aa1d8958861866c524d Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 2 Aug 2019 21:01:56 -0500 Subject: [PATCH 010/141] Explain relationship to certified hardware and HCL; fix typo --- user/hardware/hardware-testing.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/user/hardware/hardware-testing.md b/user/hardware/hardware-testing.md index e745e11e..02be9818 100644 --- a/user/hardware/hardware-testing.md +++ b/user/hardware/hardware-testing.md @@ -7,6 +7,17 @@ permalink: /doc/hardware-testing/ # Hardware Testing The Qubes developers test Qubes OS on certain hardware models. +The tested hardware described on this page differs from [Qubes Certified Hardware] in a few key ways: + + - Qubes Certified Hardware has to meet more demanding standards than hardware that is merely tested. + - All Qubes Certified Hardware is tested, but not all tested hardware is certified. + - A specific certified configuration is guaranteed to be supported on specific versions of Qubes OS, whereas hardware testing provides no guarantees. + +In general, you can think of tested hardware as "unofficial recommended" hardware: + + - [Qubes Certified Hardware] --- Qubes developer certified, officially recommended + - Hardware Testing (this page) --- Qubes developer tested, unofficially recommended + - [Hardware Compatibility List (HCL)] --- community test results, neither recommended nor disrecommended ## Tested Models @@ -18,7 +29,7 @@ Note: The Lenovo X and T series are similar enough to assume similar compatibili ## Desired Models -The Qubes devs would like to tese these models, but the hardware is not available to us. +The Qubes devs would like to test these models, but the hardware is not available to us. If anyone is willing to lend or donate these models to us, we would be happy to test them: - Lenovo Thinkpad T or X series with Intel 8th Gen CPU and integrated graphics @@ -26,3 +37,7 @@ If anyone is willing to lend or donate these models to us, we would be happy to Note: The Lenovo X and T series are similar enough to assume similar compatibility of the matching model from the other series. + +[Qubes Certified Hardware]: /doc/certified-hardware/ +[Hardware Compatibility List (HCL)]: /hcl/ + From af93a8a87085289181e6460ee72c28f121c8b198 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sat, 3 Aug 2019 17:19:05 -0500 Subject: [PATCH 011/141] Add explicit reminder to update qubes.UpdatesProxy --- user/advanced-configuration/disposablevm-customization.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/user/advanced-configuration/disposablevm-customization.md b/user/advanced-configuration/disposablevm-customization.md index bd06c585..581da8b3 100644 --- a/user/advanced-configuration/disposablevm-customization.md +++ b/user/advanced-configuration/disposablevm-customization.md @@ -106,6 +106,8 @@ qvm-prefs provides_network true ~~~ Next, set the old `sys-` VM's autostart to false, and update any references to the old one. +In particular, make sure to update `/etc/qubes-rpc/policy/qubes.UpdatesProxy` in dom0. + For example, `qvm-prefs sys-firewall netvm `. See below for a complete example of a `sys-net` replacement: From 296498ecc288d700a48565c11a798365fa00294f Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Tue, 6 Aug 2019 12:54:50 +0000 Subject: [PATCH 012/141] full path to log --- user/advanced-configuration/managing-vm-kernel.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/advanced-configuration/managing-vm-kernel.md b/user/advanced-configuration/managing-vm-kernel.md index 10770d8a..d6cddacf 100644 --- a/user/advanced-configuration/managing-vm-kernel.md +++ b/user/advanced-configuration/managing-vm-kernel.md @@ -327,7 +327,7 @@ Booting to a kernel inside the template is not supported under `PVH`. In case of problems, you can access the VM console using `sudo xl console VMNAME` in dom0, then access the GRUB menu. You need to call it just after starting the VM (until `GRUB_TIMEOUT` expires); for example, in a separate dom0 terminal window. -In any case you can later access the VM's logs (especially the VM console log `guest-VMNAME.log`). +In any case you can later access the VM's logs (especially the VM console log `/var/log/xen/console/guest-VMNAME.log`). You can always set the kernel back to some dom0-provided value to fix a VM kernel installation. From 35e7f92bc7ceca6d45d3f867af1f2cce31453916 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Fri, 9 Aug 2019 22:01:50 -0500 Subject: [PATCH 013/141] Do not strictly require Atx-style headings on both sides Having the headings on both the left and right sides is more difficult to edit and maintain, and not much is gained from having them on both sides. It's still fine to have them on both sides, but this is a stylistic choice left to the author. --- developer/general/doc-guidelines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/developer/general/doc-guidelines.md b/developer/general/doc-guidelines.md index c3ae2e7a..bea00fec 100644 --- a/developer/general/doc-guidelines.md +++ b/developer/general/doc-guidelines.md @@ -246,7 +246,7 @@ When making contributions, please try to observe the following style conventions * Use hanging indentations where appropriate. * Use underline headings (`=====` and `-----`) if possible. - If this is not possible, use Atx-style headings on both the left and right sides (`### H3 ###`). + If this is not possible, use Atx-style headings: (`### H3 ###`). * When writing code blocks, use [syntax highlighting](https://github.github.com/gfm/#info-string) where [possible](https://github.com/jneen/rouge/wiki/List-of-supported-languages-and-lexers) and use `[...]` for anything omitted. * When providing command line examples: * Tell the reader where to open a terminal (dom0 or a specific domU), and show the command along with its output (if any) in a code block, e.g.: From 30c2d9934ad8053151fb12156bb44cf542746472 Mon Sep 17 00:00:00 2001 From: Yukikoo Date: Sun, 11 Aug 2019 16:20:56 +0000 Subject: [PATCH 014/141] Add info about RPC policies for disposableVM Related to https://github.com/QubesOS/qubes-issues/issues/5235 --- user/common-tasks/disposablevm.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index ec8b855b..5a9f86d9 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -153,6 +153,15 @@ $ qvm-open-in-vm @dispvm:online-dvm-template https://www.qubes-os.org This will create a new DisposableVM based on `online-dvm-template`, open the default web browser in that DisposableVM, and navigate to `https://www.qubes-os.org`. +#### Example of RPC policies to allow this behavior + +In dom0, add the following line to `/etc/qubes-rpc/policy/qubes.OpenURL` +~~~ +$anyvm @dispvm:online-dvm-template allow +~~~ + +More information about RPC policies for disposableVM can be found here: `https://www.qubes-os.org/doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later` + ## Customizing DisposableVMs ## From 77d629f6d92be6f8303ce6c68139e662496dc30f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 11 Aug 2019 18:27:14 -0500 Subject: [PATCH 015/141] Fix link --- user/common-tasks/disposablevm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 5a9f86d9..4c34b1b2 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -160,7 +160,7 @@ In dom0, add the following line to `/etc/qubes-rpc/policy/qubes.OpenURL` $anyvm @dispvm:online-dvm-template allow ~~~ -More information about RPC policies for disposableVM can be found here: `https://www.qubes-os.org/doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later` +More information about RPC policies for disposableVM can be found [here][qrexec3-4.0]. ## Customizing DisposableVMs ## @@ -171,4 +171,4 @@ Full instructions can be found [here](/doc/disposablevm-customization/). [DisposableVM Template]: /doc/glossary/#disposablevm-template - +[qrexec3-4.0]: /doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later From e4513cb5058b23d752a40435fdcc8881569ecb92 Mon Sep 17 00:00:00 2001 From: Yukikoo Date: Mon, 12 Aug 2019 17:19:53 +0000 Subject: [PATCH 016/141] Added a rule description for OpenURL RPC Policy --- user/common-tasks/disposablevm.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 4c34b1b2..25b5f028 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -155,10 +155,14 @@ This will create a new DisposableVM based on `online-dvm-template`, open the def #### Example of RPC policies to allow this behavior -In dom0, add the following line to `/etc/qubes-rpc/policy/qubes.OpenURL` +In dom0, add the following line at the beginning of the file `/etc/qubes-rpc/policy/qubes.OpenURL` ~~~ $anyvm @dispvm:online-dvm-template allow ~~~ +This line mean: +- FROM: Any VM +- TO: A DisposableVM based on the ``online-dvm-template`` Template +- WHAT: Allow to send a "Open URL" request More information about RPC policies for disposableVM can be found [here][qrexec3-4.0]. From 05124bb226342a0e5de9f3b026aef7b54bcd6fbe Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 12 Aug 2019 23:30:27 -0500 Subject: [PATCH 017/141] Clarify description --- user/common-tasks/disposablevm.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 25b5f028..1c079c24 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -159,10 +159,12 @@ In dom0, add the following line at the beginning of the file `/etc/qubes-rpc/pol ~~~ $anyvm @dispvm:online-dvm-template allow ~~~ -This line mean: +This line means: - FROM: Any VM -- TO: A DisposableVM based on the ``online-dvm-template`` Template -- WHAT: Allow to send a "Open URL" request +- TO: A DisposableVM based on the `online-dvm-template` TemplateVM +- WHAT: Allow sending an "Open URL" request + +In other words, any VM will be allowed to create a new DisposableVM based on `online-dvm-template` and open a URL inside of that DisposableVM. More information about RPC policies for disposableVM can be found [here][qrexec3-4.0]. From c9270a19419bfbbee4388d07f0fd54b991a9ca01 Mon Sep 17 00:00:00 2001 From: Yukikoo Date: Tue, 13 Aug 2019 18:27:36 +0000 Subject: [PATCH 018/141] update policy syntax ``$anyvm`` -> ``@anyvm`` --- user/common-tasks/disposablevm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 1c079c24..973b3847 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -157,7 +157,7 @@ This will create a new DisposableVM based on `online-dvm-template`, open the def In dom0, add the following line at the beginning of the file `/etc/qubes-rpc/policy/qubes.OpenURL` ~~~ -$anyvm @dispvm:online-dvm-template allow +@anyvm @dispvm:online-dvm-template allow ~~~ This line means: - FROM: Any VM From 1cd77c708d448172e1421c718fccbc5d6079946a Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 13 Aug 2019 23:24:07 -0500 Subject: [PATCH 019/141] Update Experts page --- introduction/experts.md | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/introduction/experts.md b/introduction/experts.md index efb79623..4d9d1f3a 100644 --- a/introduction/experts.md +++ b/introduction/experts.md @@ -58,15 +58,15 @@ permalink: /experts/
    + {% include footer.html %} From c61e0d7118423f18a406a982659cd7b2c6af8036 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Tue, 13 Aug 2019 23:43:03 -0500 Subject: [PATCH 020/141] Update links --- introduction/experts.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/introduction/experts.md b/introduction/experts.md index 4d9d1f3a..29ec32da 100644 --- a/introduction/experts.md +++ b/introduction/experts.md @@ -58,12 +58,12 @@ permalink: /experts/