diff --git a/developer/debugging/automated-tests.md b/developer/debugging/automated-tests.md index ab69aa62..aaf13e01 100644 --- a/developer/debugging/automated-tests.md +++ b/developer/debugging/automated-tests.md @@ -114,7 +114,7 @@ vm_qrexec_gui/TC_20_DispVM_fedora-21/test_030_edit_file Example test run: -![snapshot-tests2.png](/attachment/wiki/developers/snapshot-tests2.png) +![snapshot-tests2.png](/attachment/doc/snapshot-tests2.png) Tests are also compatible with nose2 test runner, so you can use this instead: diff --git a/developer/debugging/profiling.md b/developer/debugging/profiling.md index 0724f4b9..71ff9010 100644 --- a/developer/debugging/profiling.md +++ b/developer/debugging/profiling.md @@ -94,6 +94,6 @@ make REMOTE=example.com:public_html/qubes/profiling/ upload This example is from `qubes-manager` (`qubesmanager/main.py`). -!["update\_table-20140424-170010.svg"](//attachment/wiki/Profiling/update_table-20140424-170010.svg) +!["update\_table-20140424-170010.svg"](//attachment/doc/update_table-20140424-170010.svg) It is apparent that the problem is around `get_disk_usage`, which calls something via `subprocess.call`. It does this 15 times, probably once per VM. diff --git a/developer/general/doc-guidelines.md b/developer/general/doc-guidelines.md index abadd2b6..44a1c51b 100644 --- a/developer/general/doc-guidelines.md +++ b/developer/general/doc-guidelines.md @@ -65,43 +65,43 @@ Ok, let's start. Every documentation page has an "Edit this page" button. It may be on the side (in the desktop layout): -[![edit-button-desktop](/attachment/wiki/doc-edit/03-button2.png)](/attachment/wiki/doc-edit/03-button2.png) +[![edit-button-desktop](/attachment/doc/03-button2.png) Or at the bottom (in the mobile layout): -[![edit-button-mobile](/attachment/wiki/doc-edit/02-button1.png)](/attachment/wiki/doc-edit/02-button1.png) +[![edit-button-mobile](/attachment/doc/02-button1.png) When you click on it, you'll be prompted for your GitHub username and password (if you aren't already logged in). You can also create an account from here. -[![github-sign-in](/attachment/wiki/doc-edit/04-sign-in.png)](/attachment/wiki/doc-edit/04-sign-in.png) +[![github-sign-in](/attachment/doc/04-sign-in.png) If this is your first contribution to the documentation, you need to "fork" the repository (make your own copy). It's easy --- just click the big green button on the next page. This step is only needed the first time you make a contribution. -[![fork](/attachment/wiki/doc-edit/05-fork.png)](/attachment/wiki/doc-edit/05-fork.png) +[![fork](/attachment/doc/05-fork.png) Now you can make your modifications. You can also preview the changes to see how they'll be formatted by clicking the "Preview changes" tab. If you want to add images, please see [How to add images](#how-to-add-images). If you're making formatting changes, please [render the site locally](https://github.com/QubesOS/qubesos.github.io#instructions) to verify that everything looks correct before submitting any changes. -[![edit](/attachment/wiki/doc-edit/06-edit.png)](/attachment/wiki/doc-edit/06-edit.png) +[![edit](/attachment/doc/06-edit.png) Once you're finished, describe your changes at the bottom and click "Propose file change". -[![commit](/attachment/wiki/doc-edit/07-commit-msg.png)](/attachment/wiki/doc-edit/07-commit-msg.png) +[![commit](/attachment/doc/07-commit-msg.png) After that, you'll see exactly what modifications you've made. At this stage, those changes are still in your own copy of the documentation ("fork"). If everything looks good, send those changes to us by pressing the "Create pull request" button. -[![pull-request](/attachment/wiki/doc-edit/08-review-changes.png)](/attachment/wiki/doc-edit/08-review-changes.png) +[![pull-request](/attachment/doc/08-review-changes.png) You will be able to adjust the pull request message and title there. In most cases, the defaults are ok, so you can just confirm by pressing the "Create pull request" button again. -[![pull-request-confirm](/attachment/wiki/doc-edit/09-create-pull-request.png)](/attachment/wiki/doc-edit/09-create-pull-request.png) +[![pull-request-confirm](/attachment/doc/09-create-pull-request.png) If any of your changes should be reflected in the [documentation index (a.k.a. table of contents)](/doc/) --- for example, if you're adding a new page, changing the title of an existing page, or removing a page --- please see [How to edit the documentation index](#how-to-edit-the-documentation-index). @@ -112,7 +112,7 @@ Otherwise, we may have some questions for you, which we'll post in a comment on (GitHub will automatically notify you if we do.) If, for some reason, we can't accept your pull request, we'll post a comment explaining why we can't. -[![done](/attachment/wiki/doc-edit/10-done.png)](/attachment/wiki/doc-edit/10-done.png) +[![done](/attachment/doc/10-done.png) ## How to edit the documentation index @@ -129,7 +129,7 @@ To add an image to a page, use the following syntax in the main document. This will make the image a hyperlink to the image file, allowing the reader to click on the image in order to view the image by itself. ``` -[![Image Title](/attachment/wiki/page-title/image-filename.png)](/attachment/wiki/page-title/image-filename.png) +[![Image Title](/attachment/doc/image-filename.png) ``` Then, submit your image(s) in a separate pull request to the [qubes-attachment](https://github.com/QubesOS/qubes-attachment) repository using the same path and filename. diff --git a/developer/services/admin-api.md b/developer/services/admin-api.md index 66e00b70..8be95b04 100644 --- a/developer/services/admin-api.md +++ b/developer/services/admin-api.md @@ -37,7 +37,7 @@ TBD ## Components -![Admin API Architecture](/attachment/wiki/AdminAPI/admin-api-architecture.svg) +![Admin API Architecture](/attachment/doc/admin-api-architecture.svg) A central entity in the Qubes Admin API system is a `qubesd` daemon, which holds information about all domains in the system and mediates all actions (like diff --git a/developer/services/qrexec-internals.md b/developer/services/qrexec-internals.md index 9537c7f5..dc4e5a3f 100644 --- a/developer/services/qrexec-internals.md +++ b/developer/services/qrexec-internals.md @@ -117,7 +117,7 @@ Details of all possible use cases and the messages involved are described below. ### dom0: request execution of `cmd` in domX -![qrexec internals diagram dom0-vm](/attachment/wiki/qrexec3/qrexec-dom0-vm.png) +![qrexec internals diagram dom0-vm](/attachment/doc/qrexec-dom0-vm.png) - **dom0**: `qrexec-client` is invoked in **dom0** as follows: @@ -145,7 +145,7 @@ Details of all possible use cases and the messages involved are described below. ### domX: request execution of service `admin.Service` in dom0 -![qrexec internals diagram vm-dom0](/attachment/wiki/qrexec3/qrexec-vm-dom0.png) +![qrexec internals diagram vm-dom0](/attachment/doc/qrexec-vm-dom0.png) - **domX**: `qrexec-client-vm` is invoked as follows: @@ -191,7 +191,7 @@ Details of all possible use cases and the messages involved are described below. ### domX: invoke execution of qubes service `qubes.Service` in domY -![qrexec internals diagram vm-vm](/attachment/wiki/qrexec3/qrexec-vm-vm.png) +![qrexec internals diagram vm-vm](/attachment/doc/qrexec-vm-vm.png) - **domX**: `qrexec-client-vm` is invoked as follows: diff --git a/developer/services/qrexec.md b/developer/services/qrexec.md index 80cee059..4fb0db8e 100644 --- a/developer/services/qrexec.md +++ b/developer/services/qrexec.md @@ -38,7 +38,7 @@ Typically, the first thing that a `qrexec-client` instance does is to send a req `qrexec-client` starts a vchan server, which `qrexec-agent` then connects to. Once this channel is established, stdin/stdout/stderr from the VMprocess is passed between `qrexec-agent` and the `qrexec-client` process. -![qrexec basics diagram](/attachment/wiki/qrexec3/qrexec3-basics.png) +![qrexec basics diagram](/attachment/doc/qrexec3-basics.png) The `qrexec-client` command is used to make connections to VMs from dom0. For example, the following command creates an empty file called `hello-world.txt` in the home folder of `someVM`: diff --git a/developer/services/qrexec2.md b/developer/services/qrexec2.md index 3b521253..2730f82a 100644 --- a/developer/services/qrexec2.md +++ b/developer/services/qrexec2.md @@ -300,7 +300,7 @@ significantly differs from what is described in this section. The VM-VM channels in Qubes R2 are made via "gluing" two VM-Dom0 and Dom0-VM vchan connections: -![qrexec2-internals.png](/attachment/wiki/Qrexec2Implementation/qrexec2-internals.png) +![qrexec2-internals.png](/attachment/doc/qrexec2-internals.png) Note that Dom0 never examines the actual data flowing in neither of the two vchan connections. diff --git a/developer/system/architecture.md b/developer/system/architecture.md index f125f985..df96de8a 100644 --- a/developer/system/architecture.md +++ b/developer/system/architecture.md @@ -14,7 +14,7 @@ title: Architecture Qubes implements a Security by Isolation approach. To do this, Qubes utilizes virtualization technology in order to isolate various programs from each other and even to sandbox many system-level components, such as networking and storage subsystems, so that the compromise of any of these programs or components does not affect the integrity of the rest of the system. -[![qubes-schema-v2.png](/attachment/wiki/QubesArchitecture/qubes-schema-v2.png)](/attachment/wiki/QubesArchitecture/qubes-schema-v2.png) +[![qubes-schema-v2.png](/attachment/doc/qubes-schema-v2.png) Qubes lets the user define many security domains, which are implemented as lightweight Virtual Machines (VMs), or “AppVMs.” For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” AppVMs and can use the applications within those VMs just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between the AppVMs, of course. @@ -31,7 +31,7 @@ Key Architecture features - Qubes GUI provides isolation between apps sharing the same desktop - Secure system boot based (optional) -(For those interested in the history of the project, [Architecture Spec v0.3 [PDF]](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf) is the original 2009 document that started this all. +(For those interested in the history of the project, [Architecture Spec v0.3 [PDF]](/attachment/doc/arch-spec-0.3.pdf) is the original 2009 document that started this all. Please note that this document is for historical interest only. For the latest information, please see the rest of the [System Documentation](/doc/#system).) @@ -66,7 +66,7 @@ the Qubes system include: And all these components are "glued together" by the Qubes Core Stack. -[![Qubes system components](/attachment/wiki/QubesArchitecture/qubes-components.png)](/attachment/wiki/QubesArchitecture/qubes-components.png) +[![Qubes system components](/attachment/doc/qubes-components.png) This diagram illustrates the location of all these components in the overall system architecture. Unlike the other Qubes architecture diagram above, this one diff --git a/developer/system/gui.md b/developer/system/gui.md index 9ef2e207..07399b2e 100644 --- a/developer/system/gui.md +++ b/developer/system/gui.md @@ -65,7 +65,7 @@ To sum up, this solution has the following benefits: - no changes to Xorg code - minimal size of the supporting code -![gui.png](/attachment/wiki/GUIdocs/gui.png) +![gui.png](/attachment/doc/gui.png) Security markers on dom0 windows -------------------------------- diff --git a/developer/system/networking.md b/developer/system/networking.md index 1db543da..a5e564d0 100644 --- a/developer/system/networking.md +++ b/developer/system/networking.md @@ -56,12 +56,12 @@ qvm-features ipv4-only-qube ipv6 '' This configuration is presented below - green qubes have IPv6 access, red one does not. -![ipv6-1](/attachment/wiki/IPv6/ipv6-1.png) +![ipv6-1](/attachment/doc/ipv6-1.png) In that case, system uplink connection have native IPv6. But in some cases it may not be true. Then some tunneling solution can be used (for example teredo). The same will apply when the user is connected to VPN service providing IPv6 support, regardless of user's internet connection. Such configuration can be expressed by enabling `ipv6` feature only on some subset of Qubes networking, for example by creating separate qube to encapsulate IPv6 traffic and setting `ipv6` to `1` only there. See diagram below -![ipv6-2](/attachment/wiki/IPv6/ipv6-2.png) +![ipv6-2](/attachment/doc/ipv6-2.png) Besides enabling IPv6 forwarding, standard Qubes firewall can be used to limit what network resources are available to each qube. Currently only `qvm-firewall` command support adding IPv6 rules, GUI firewall editor will have this ability later. diff --git a/developer/system/template-implementation.md b/developer/system/template-implementation.md index 67d45f7c..cdf525bf 100644 --- a/developer/system/template-implementation.md +++ b/developer/system/template-implementation.md @@ -49,7 +49,7 @@ TemplateVM has a shared root.img across all AppVMs that are based on it. This me There are two layers of the device-mapper snapshot device; the first one enables modifying root.img without stopping the AppVMs and the second one, which is contained in the AppVM, enables temporal modifications to its filesystem. These modifications will be discarded after a restart of the AppVM. -![TemplateSharing2.png](/attachment/wiki/TemplateImplementation/TemplateSharing2.png) +![TemplateSharing2.png](/attachment/doc/TemplateSharing2.png) ## Snapshot device in Dom0 diff --git a/introduction/faq.md b/introduction/faq.md index 6b56ceb2..c7aaf047 100644 --- a/introduction/faq.md +++ b/introduction/faq.md @@ -168,7 +168,7 @@ It also has a very unique GUI virtualization infrastructure. ### What about safe languages and formally verified microkernels? In short: these are non-realistic solutions today. -We discuss this in further depth in our [Architecture Specification document](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf). +We discuss this in further depth in our [Architecture Specification document](/attachment/doc/arch-spec-0.3.pdf). ### Why does Qubes use virtualization? @@ -195,7 +195,7 @@ Very paranoid users, or those who are high-profile targets, might use a dozen or ### Why does Qubes use Xen instead of KVM or some other hypervisor? In short: we believe the Xen architecture allows for the creation of more secure systems (i.e. with a much smaller TCB, which translates to a smaller attack surface). -We discuss this in much greater depth in our [Architecture Specification document](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf). +We discuss this in much greater depth in our [Architecture Specification document](/attachment/doc/arch-spec-0.3.pdf). ### How is Qubes affected by Xen Security Advisories (XSAs)? diff --git a/introduction/screenshots.md b/introduction/screenshots.md index d8d80757..51e7ca39 100644 --- a/introduction/screenshots.md +++ b/introduction/screenshots.md @@ -11,90 +11,90 @@ title: Screenshots --- -[![r4.0-xfce-desktop.png](/attachment/wiki/QubesScreenshots/r4.0-xfce-desktop.png)](/attachment/wiki/QubesScreenshots/r4.0-xfce-desktop.png) +[![r4.0-xfce-desktop.png](/attachment/doc/r4.0-xfce-desktop.png) The default desktop environment is Xfce4. * * * * * -[![r4.0-xfce-start-menu.png](/attachment/wiki/QubesScreenshots/r4.0-xfce-start-menu.png)](/attachment/wiki/QubesScreenshots/r4.0-xfce-start-menu.png) +[![r4.0-xfce-start-menu.png](/attachment/doc/r4.0-xfce-start-menu.png) Starting applications from different domains (AppVMs) is very easy. * * * * * -[![r4.0-xfce-three-domains-at-work.png](/attachment/wiki/QubesScreenshots/r4.0-xfce-three-domains-at-work.png)](/attachment/wiki/QubesScreenshots/r4.0-xfce-three-domains-at-work.png) +[![r4.0-xfce-three-domains-at-work.png](/attachment/doc/r4.0-xfce-three-domains-at-work.png) In this example, the word processor runs in the “work” domain, which has been assigned the “blue” label. It is fully isolated from other domains, such as the “untrusted” domain (assigned the “red” label -- “Watch out!”, “Danger!”) used for random Web browsing, news reading, as well as from the "work-web" domain (assigned the "yellow" label), which is used for work-related Web browsing that is not security critical. Apps from different domains run in different AppVMs and have different X servers, filesystems, etc. Notice the different color frames (labels) and VM names in the titlebars. These are drawn by the trusted Window Manager running in Dom0, and apps running in domains cannot fake them: * * * * * -[![r2b3-windows-seamless-1.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-1.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-1.png) +[![r2b3-windows-seamless-1.png](/attachment/doc/r2b3-windows-seamless-1.png) Qubes Release 2 can also run Windows AppVMs in seamless mode, integrated onto the common Qubes trusted desktop, just like Linux AppVMs! The seamless GUI integration has been introduced in Qubes R2 Beta 3. This requires [Qubes Windows Tools](https://github.com/Qubes-Community/Contents/blob/master/docs/os/windows/windows-tools.md) to be installed in the Windows VMs first. * * * * * -[![r2b3-windows-seamless-filecopy.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-filecopy.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-filecopy.png) +[![r2b3-windows-seamless-filecopy.png](/attachment/doc/r2b3-windows-seamless-filecopy.png) Windows AppVMs are fully integrated with the rest of the Qubes OS system, which includes things such as secure, policy governed, inter-VM file copy, clipboard, and generally our whole elastic qrexec infrastructure for secure inter-VM RPC! Starting with Qubes R2 Beta 3 we also support HVM-based templates allowing to instantly create many Windows AppVMs with shared "root filesystem" from the Template VM (but one should ensure their license allows for such instantiation of the OS in the template). Just like with Linux AppVMs! * * * * * -[![r4.0-xfce-programmers-desktop.png](/attachment/wiki/QubesScreenshots/r4.0-xfce-programmers-desktop.png)](/attachment/wiki/QubesScreenshots/r4.0-xfce-programmers-desktop.png) +[![r4.0-xfce-programmers-desktop.png](/attachment/doc/r4.0-xfce-programmers-desktop.png) Here we see Xfce4.14 Window Manager running in Dom0 (instead of KDE as on previous versions). Qubes supports customized Xfce4 in dom0 beginning with R2 Beta 2! * * * * * -[![r4.0-password-prompt.png](/attachment/wiki/QubesScreenshots/r4.0-password-prompt.png)](/attachment/wiki/QubesScreenshots/r4.0-password-prompt.png) +[![r4.0-password-prompt.png](/attachment/doc/r4.0-password-prompt.png) It is always clearly visible to which domain a given window belongs. Here it’s immediately clear that the passphrase-prompting window belongs to some domain with the “blue” label. When we look at the titlebar, we see “[qubes]”, which is the name of the actual domain. Theoretically, the untrusted application (here, the red Tor Browser running in a DisposableVM) beneath the prompt window could draw a similar looking window within its contents. In practice, this would be very hard, because it doesn’t know, e.g., the exact decoration style that is in use. However, if this is a concern, the user can simply try to move the more trusted window onto some empty space on the desktop such that no other window is present beneath it. Or, better yet, use the Expose-like effect (available via a hot-key). A malicious application from an untrusted domain cannot spoof the whole desktop because the trusted Window Manager will never let any domain “own” the whole screen. Its titlebar will always be visible. * * * * * -[![r4.0-xfce-tray-icons.png](/attachment/wiki/QubesScreenshots/r4.0-xfce-tray-icons.png)](/attachment/wiki/QubesScreenshots/r4.0-xfce-tray-icons.png) +[![r4.0-xfce-tray-icons.png](/attachment/doc/r4.0-xfce-tray-icons.png) Qubes is all about seamless integration from the user’s point of view. Here you can see how it virtualizes tray icons from other domains. Notice the network icon is in red. This icon is in fact managed by the Network Manager running in a separate NetVM. * * * * * -[![r4.0-manager-and-sysnet-network-prompt.png](/attachment/wiki/QubesScreenshots/r4.0-manager-and-sysnet-network-prompt.png)](/attachment/wiki/QubesScreenshots/r4.0-manager-and-sysnet-network-prompt.png) +[![r4.0-manager-and-sysnet-network-prompt.png](/attachment/doc/r4.0-manager-and-sysnet-network-prompt.png) All the networking runs in a special, unprivileged NetVM. (Notice the red frame around the Network Manager dialog box on the screen above.) This means that in the event that your network card driver, Wi-Fi stack, or DHCP client is compromised, the integrity of the rest of the system will not be affected! This feature requires Intel VT-d or AMD IOMMU hardware (e.g., Core i5/i7 systems) * * * * * -[![r4.0-software-update.png](/attachment/wiki/QubesScreenshots/r4.0-software-update.png)](/attachment/wiki/QubesScreenshots/r4.0-software-update.png) +[![r4.0-software-update.png](/attachment/doc/r4.0-software-update.png) Qubes lets you update all the software in all the domains all at once, in a centralized way. This is possible thanks to Qubes' unique TemplateVM technology. Note that the user is not required to shut down any AppVMs (domains) for the update process. This can be done later, at a convenient moment, and separately for each AppVM. * * * * * -[![r4.0-copy-paste.png](/attachment/wiki/QubesScreenshots/r4.0-copy-paste.png)](/attachment/wiki/QubesScreenshots/r4.0-copy-paste.png) +[![r4.0-copy-paste.png](/attachment/doc/r4.0-copy-paste.png) Qubes supports secure copy-and-paste operations between AppVMs. Only the user can initiate a copy or paste operation using a special key combination (Ctrl-Shift-C/V). Other AppVMs have no access to the clipboard buffer, so they cannot steal data from the clipboard. Only the user decides which AppVM should be given access to the clipboard. (This is done by selecting the destination AppVM’s window and pressing the Ctrl-Shift-V combination.) * * * * * -[!["r4.0-copy-to-other-appvm-1.png](/attachment/wiki/QubesScreenshots/r4.0-copy-to-other-appvm-1.png)](/attachment/wiki/QubesScreenshots/r4.0-copy-to-other-appvm-1.png) [![r4.0-copy-to-other-appvm-3.png](/attachment/wiki/QubesScreenshots/r4.0-copy-to-other-appvm-2.png)](/attachment/wiki/QubesScreenshots/r4.0-copy-to-other-appvm-2.png) +[!["r4.0-copy-to-other-appvm-1.png](/attachment/doc/r4.0-copy-to-other-appvm-2.png) Qubes also supports secure file copying between AppVMs. * * * * * -[![r4.0-open-in-dispvm-1.png](/attachment/wiki/QubesScreenshots/r4.0-open-in-dispvm-1.png)](/attachment/wiki/QubesScreenshots/r4.0-open-in-dispvm-1.png) [![r4.0-open-in-dispvm-2.png](/attachment/wiki/QubesScreenshots/r4.0-open-in-dispvm-2.png)](/attachment/wiki/QubesScreenshots/r4.0-open-in-dispvm-2.png) +[![r4.0-open-in-dispvm-1.png](/attachment/doc/r4.0-open-in-dispvm-2.png) Qubes' unique DisposableVMs (DispVMs) allow the user to open any file in a disposable VM in a matter of seconds! A file can be edited in a disposable VM, and any changes are projected back onto the original file. Currently, there is no way to mark files to be automatically opened in a disposable VM (one needs to right-click on the file and choose the "View in DisposableVM" or "Edit in DisposableVM" option), but this is planned for the R2 Beta 3 release. * * * * * -[![r4.0-convert-to-trusted-pdf-1.png](/attachment/wiki/QubesScreenshots/r4.0-convert-to-trusted-pdf-1.png)](/attachment/wiki/QubesScreenshots/r4.0-convert-to-trusted-pdf-1.png) [![r4.1-converting-pdf.png](/attachment/wiki/QubesScreenshots/r4.1-converting-pdf.png)](/attachment/wiki/QubesScreenshots/r4.1-converting-pdf.png) +[![r4.0-convert-to-trusted-pdf-1.png](/attachment/doc/r4.1-converting-pdf.png) Qubes provides an advanced infrastructure for programming inter-VM services, such as a PDF converter for untrusted files (which is described in [this article](https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html)). * * * * * -[![r4.0-manager-firewall.png](/attachment/wiki/QubesScreenshots/r4.0-manager-firewall.png)](/attachment/wiki/QubesScreenshots/r4.0-manager-firewall.png) +[![r4.0-manager-firewall.png](/attachment/doc/r4.0-manager-firewall.png) Qubes provides a dedicated firewall that itself runs in an isolated FirewallVM. @@ -102,6 +102,6 @@ Qubes provides a dedicated firewall that itself runs in an isolated FirewallVM. And some more screenshots: -[![r4.0-xfce-red-and-green-terminals.png](/attachment/wiki/QubesScreenshots/r4.0-xfce-red-and-green-terminals.png)](/attachment/wiki/QubesScreenshots/r4.0-xfce-red-and-green-terminals.png) +[![r4.0-xfce-red-and-green-terminals.png](/attachment/doc/r4.0-xfce-red-and-green-terminals.png) -[![r2b3-windows-seamless-2.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png) +[![r2b3-windows-seamless-2.png](/attachment/doc/r2b3-windows-seamless-2.png) diff --git a/user/advanced-topics/resize-disk-image.md b/user/advanced-topics/resize-disk-image.md index 527facd4..290cba01 100644 --- a/user/advanced-topics/resize-disk-image.md +++ b/user/advanced-topics/resize-disk-image.md @@ -30,7 +30,7 @@ There are risks attached to reducing the size of an image, and in general you sh There are several disk images which can be easily extended, but pay attention to the overall consumed space of your sparse/thin disk images. In most cases, the GUI tool Qube Settings (available for every qube from the Start menu, and also in the Qube Manager) will allow you to easily increase maximum disk image size. -![vm-settings-disk-image.png](/attachment/wiki/DiskSize/r4.0-vm-settings-disk-image.png) +![vm-settings-disk-image.png](/attachment/doc/r4.0-vm-settings-disk-image.png) In case of standalone qubes and templates, just change the Disk Storage settings above. In case of template-based qubes, the private storage (the /home directory and user files) can be changed in the qube's own settings, but the system root image is [inherited from the template](/doc/how-to-get-started/), and so it must be changed in the template settings. diff --git a/user/advanced-topics/standalones-and-hvm.md b/user/advanced-topics/standalones-and-hvm.md index 76d5a5a7..c1c27427 100644 --- a/user/advanced-topics/standalones-and-hvm.md +++ b/user/advanced-topics/standalones-and-hvm.md @@ -120,7 +120,7 @@ In this instance our DHCP server is not useful. In order to manually configure networking in a VM, one should first find out the IP/netmask/gateway assigned to the particular VM by Qubes. This can be seen e.g. in the Qube Manager in the qube's properties: -![r2b1-manager-networking-config.png](/attachment/wiki/HvmCreate/r2b1-manager-networking-config.png) +![r2b1-manager-networking-config.png](/attachment/doc/r2b1-manager-networking-config.png) Alternatively, one can use the `qvm-ls -n` command to obtain the same information, (IP/netmask/gateway). @@ -255,7 +255,7 @@ One problem at the moment however, is that after the whole system gets suspended This can be achieved under a Windows HVM by opening the Device Manager, selecting the actual device (such as a USB controller), 'Disabling' the device, and then 'Enabling' the device again. This is illustrated on the screenshot below: -![r2b1-win7-usb-disable.png](/attachment/wiki/HvmCreate/r2b1-win7-usb-disable.png) +![r2b1-win7-usb-disable.png](/attachment/doc/r2b1-win7-usb-disable.png) ## Converting VirtualBox VMs to Qubes HVMs diff --git a/user/downloading-installing-upgrading/installation-guide.md b/user/downloading-installing-upgrading/installation-guide.md index a5ceae3b..afdc134f 100644 --- a/user/downloading-installing-upgrading/installation-guide.md +++ b/user/downloading-installing-upgrading/installation-guide.md @@ -97,9 +97,9 @@ Be sure to select "DD image" mode (*after* selecting the Qubes ISO): Note: If you do this on Windows 10, you can only install Qubes without MediaTest, which is not recommended. -![Rufus menu](/attachment/wiki/InstallationGuide/rufus-menu.png) +![Rufus menu](/attachment/doc/rufus-menu.png) -![Rufus DD image mode](/attachment/wiki/InstallationGuide/rufus-dd-image-mode.png) +![Rufus DD image mode](/attachment/doc/rufus-dd-image-mode.png) If you are an advanced user, and you would like to customize your installation, please see [custom installation](/doc/custom-install/). Otherwise, follow the instructions below. @@ -113,7 +113,7 @@ This section will demonstrate a simple installation using mostly default setting Just after you power on your machine, make the Qubes OS medium available to the computer by inserting your DVD or USB drive. Shortly after the Power-on self-test (POST) is completed, you should be greeted with the Qubes OS boot screen. -![Boot screen](/attachment/wiki/InstallationGuide/boot-screen.png) +![Boot screen](/attachment/doc/boot-screen.png)