Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default app qubes (work, personal, untrusted) have hardcoded netvm (instead of default) #9175

Closed
deeplow opened this issue Apr 29, 2024 · 1 comment · Fixed by QubesOS/qubes-mgmt-salt-dom0-virtual-machines#65
Closed

Default app qubes (work, personal, untrusted) have hardcoded netvm (instead of default) #9175

deeplow opened this issue Apr 29, 2024 · 1 comment · Fixed by QubesOS/qubes-mgmt-salt-dom0-virtual-machines#65
Labels
affects-4.2 This issue affects Qubes OS 4.2. C: installer diagnosed Technical diagnosis has been performed (see issue comments). P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. r4.2-host-stable r4.3-host-cur-test T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.

Comments

@deeplow
Copy link

deeplow commented Apr 29, 2024

How to file a helpful issue

Qubes OS release

4.2.1 (tried on fresh install)

Brief summary

Default app qubes like work have sys-firewall set as the default netvm. This means that if the user wants to set a VPN qube as the default netvm, the default VMs will not take in this new setting, potentially leading to opsec mistakes.

Steps to reproduce

  1. Be on a fresh install
  2. Inspect network settings for app qubes (work, personal, untrusted)

Expected behavior

Net qube is set to sys-firewall (default) for those app qubes.

Actual behavior

Net qube is set to sys-firewall instead of sys-firewall (default)
@deeplow deeplow added P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. labels Apr 29, 2024
@andrewdavidwong andrewdavidwong added C: installer needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. affects-4.2 This issue affects Qubes OS 4.2. labels Apr 30, 2024
@alimirjamali
Copy link

The salt sates for the mentioned VMs set the default NetVM to sys-firewall (personal, untrusted, work).

@marmarek marmarek mentioned this issue Aug 19, 2024
Merged
@qubesos-bot qubesos-bot mentioned this issue Sep 26, 2024
Open
@qubesos-bot qubesos-bot mentioned this issue Sep 26, 2024
Closed
@andrewdavidwong andrewdavidwong added diagnosed Technical diagnosis has been performed (see issue comments). pr submitted A pull request has been submitted for this issue. and removed needs diagnosis Requires technical diagnosis from developer. Replace with "diagnosed" or remove if otherwise closed. labels Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects-4.2 This issue affects Qubes OS 4.2. C: installer diagnosed Technical diagnosis has been performed (see issue comments). P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. r4.2-host-stable r4.3-host-cur-test T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Leave default netvm for default qubes marmarek/qubes-mgmt-salt-dom0-virtual-machines
4 participants
@alimirjamali @andrewdavidwong @qubesos-bot @deeplow