Page MenuHomePhabricator
Projects Whonix

WhonixProject
ActivePublic
Watch Project

Members (2)
View All

Watchers
View All

  • This project does not have any watchers.

Details

Description

https://www.whonix.org

Recent Activity
View All

Tue, Jul 16

marmarek added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
In T913#18744, @Patrick wrote:

Do you see any issues with "create home directory on first login" in Qubes?

Tue, Jul 16, 1:07 AM · whonix-base-files, live-mode, Whonix 15, Whonix
Patrick added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
In T913#18743, @marmarek wrote:

Can you give some more context here?

Tue, Jul 16, 12:42 AM · whonix-base-files, live-mode, Whonix 15, Whonix

Mon, Jul 15

marmarek added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

Can you give some more context here? Is it the problem that user is created too early (before /etc/skel is fully populated)? Or is it a problem that it's created at all? Should there be a difference between Qubes and non-Qubes case?

Mon, Jul 15, 11:58 PM · whonix-base-files, live-mode, Whonix 15, Whonix
Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Mon, Jul 15, 6:23 PM · whonix-base-files, live-mode, Whonix 15, Whonix

Sun, Jul 14

Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Sun, Jul 14, 9:29 AM · whonix-base-files, live-mode, Whonix 15, Whonix
Patrick updated subscribers of T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Sun, Jul 14, 8:42 AM · whonix-base-files, live-mode, Whonix 15, Whonix

Thu, Jul 11

Patrick created T924: rename to bullseye-security.
Thu, Jul 11, 9:12 AM · anon-apt-sources-list, Whonix, Debian version 11 codename Bullseye

Mon, Jul 8

Patrick closed T631: re-enable tor-controlport-filter.service systemd hardening as Resolved.
Mon, Jul 8, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Removed a few. Would not start without openat, so kept.

Mon, Jul 8, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Mon, Jul 8, 8:30 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Mon, Jul 8, 1:06 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?

Mon, Jul 8, 12:53 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sun, Jul 7

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Error back after reboot.

Sun, Jul 7, 11:50 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sat, Jul 6

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Sat, Jul 6, 4:23 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
marmarek added a comment to T857: Why? Keep? Qubes-Whonix /sbin/ethtool -K ${INTERFACE} sg off | /sbin/ethtool -K ${INTERFACE} tx off.

It was copied from native setup_ip script, details here:
https://github.com/qubesos/qubes-core-agent-linux/commit/5cbb38a2
https://github.com/qubesos/qubes-issues/issues/700
It definitely was relevant for old stubdomain hosting qemu (which is still possible to use in R4.0). Not sure if applies to new linux-based stubdomain.
It may be not needed anymore. To verify that, try removing those lines and check networking in Windows (or other OS without Xen PV drivers).

Sat, Jul 6, 3:45 PM · Whonix 16, qubes-whonix, Whonix
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Sat, Jul 6, 1:03 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T600: Integrating Guix/Nix Package Manager.

Any update?

Sat, Jul 6, 12:40 PM · Whonix, packaging, research
Patrick added a comment to T622: Run unMessage on Whonix.

Dead upstream.

Sat, Jul 6, 12:34 PM · Whonix
Patrick added a comment to T857: Why? Keep? Qubes-Whonix /sbin/ethtool -K ${INTERFACE} sg off | /sbin/ethtool -K ${INTERFACE} tx off.

Any idea? @marmarek

Sat, Jul 6, 12:32 PM · Whonix 16, qubes-whonix, Whonix
Patrick closed T859: test as Resolved.
Sat, Jul 6, 12:31 PM · Restricted Project, Whonix
Patrick added a comment to T904: make sure there is no swap by default.

There is none indeed for VMs but it has to be re-checked once/if Whonix-Host becomes a thing.

Sat, Jul 6, 12:30 PM · Whonix, Whonix-Host
Patrick added a comment to T654: create an unMessage onion-grater profile.

Dead upstream.

Sat, Jul 6, 12:28 PM · Whonix, onion-grater (Control Port Filter Proxy)

Thu, Jul 4

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder.

Thu, Jul 4, 5:09 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/commit/8480cff304ea019b25dc49d91672e7c3f8599a07

Thu, Jul 4, 7:59 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.

Thu, Jul 4, 7:41 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Wed, Jul 3

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

I just re-read the error message. Try adding

Wed, Jul 3, 5:10 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T670: Activating Lockdown.

I can test it but I doubt lockdown will help at all.

Wed, Jul 3, 4:58 PM · Debian version 10 codename Buster, Whonix
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

That's weird. Onion-grater is trying to write to somewhere that's being mounted read-only by systemd.

Wed, Jul 3, 4:56 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick updated subscribers of T670: Activating Lockdown.

Could you test this please by installing in VM and/or host please? @madaidan

Wed, Jul 3, 8:45 AM · Debian version 10 codename Buster, Whonix

Mon, Jul 1

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Merged your changes.

Mon, Jul 1, 10:11 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sat, Jun 29

marmarek added a comment to T324: Add package needrestart.
In T324#18696, @Patrick wrote:

What is a good way to detect that users are using VM kernel in Qubes? @marmarek If uname -r outputs 4.19.43-1.pvops.qubes.x86_64 i.e. matches *pvops* it means that no VM kernel is being used?

Sat, Jun 29, 12:55 PM · upstream, usability, enhancement, anon-meta-packages, Whonix
Patrick updated subscribers of T324: Add package needrestart.

needrestart works good enough for it to be implemented as a test in whonixcheck (--verbose?).

Sat, Jun 29, 12:13 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Thu, Jun 27

Patrick added a comment to T818: simplify tb-starter function tb_detect_starter_bin.

Blocked by Qubes.
Qubes start menu incompatible with DispVMs launching GUI applications into the background
https://github.com/QubesOS/qubes-issues/issues/5129

Thu, Jun 27, 3:26 PM · Whonix, Whonix 16, tb-starter
marmarek added a comment to T923: Some texts on whonix connection wizard are truncated.

I see.
BTW it's certainly about fonts. here you can select whonix_firstrun-whonix-14-firstrun-20180915 from the dropdown above the screenshot (click eye icon at the right) and slide vertical bar to see old and new version.

Thu, Jun 27, 2:47 PM · anon-connection-wizard, Whonix, Whonix 15
Patrick added a comment to T923: Some texts on whonix connection wizard are truncated.

marmarek (Marek Marczykowski-Górecki):

Is there a reason for fixed geometry of those widgets, instead of letting Qt figure it out based on the content?

Thu, Jun 27, 2:40 PM · anon-connection-wizard, Whonix, Whonix 15
marmarek added a comment to T923: Some texts on whonix connection wizard are truncated.

Maybe different fonts installed? Is there a reason for fixed geometry of those widgets, instead of letting Qt figure it out based on the content? I suppose there may be more problems like this in the future. Especially if proper HiDPI support will come into play...

Thu, Jun 27, 2:34 PM · anon-connection-wizard, Whonix, Whonix 15
Patrick added a project to T923: Some texts on whonix connection wizard are truncated: anon-connection-wizard.

I have no idea why this started happening without changes. Perhaps due to underlying libraries changes. Anyhow, fixed in git master.

Thu, Jun 27, 2:15 PM · anon-connection-wizard, Whonix, Whonix 15
marmarek created T923: Some texts on whonix connection wizard are truncated.
Thu, Jun 27, 1:26 PM · anon-connection-wizard, Whonix, Whonix 15
Patrick updated the task description for T215: install electrum bitcoin thin client by default?.
Thu, Jun 27, 12:59 PM · anon-meta-packages, research, Whonix
Patrick updated the task description for T689: use whonixcheck Whonix News to count Whonix users.
Thu, Jun 27, 12:51 PM · Whonix 14, Whonix, whonixcheck
Patrick removed a project from T912: qubes integration tools missing: Whonix 15.
Thu, Jun 27, 10:53 AM · Whonix, Qubes
Patrick added a comment to T912: qubes integration tools missing.

Work for me too in new build https://forums.whonix.org/t/qubes-whonix-15-templatevms-debian-buster-based-4-0-1-201906232114-testers-wanted/7601

Thu, Jun 27, 10:53 AM · Whonix, Qubes
Patrick removed a project from T891: upgrade build_sources/rpi-preferences for Debian 10/ buster: Whonix 15.
Thu, Jun 27, 10:35 AM · build, Whonix
Patrick added a comment to T869: Install Firejail by default inside Whonix.

Implementation looks good enough for now.

Thu, Jun 27, 10:34 AM · Whonix 15, firejail, Whonix
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Will keep watching what Tails is doing.

Thu, Jun 27, 10:33 AM · Whonix 16, research, Whonix
Patrick edited projects for T582: revisit handling of /var/lib/dbus/machine-id, added: Whonix 16; removed Whonix 15.
Thu, Jun 27, 10:33 AM · Whonix 16, research, Whonix
Patrick removed a project from T922: Tor-Control-Panel has extra bridge (snowflake) feature which are missed in ACW & normal TBB: Whonix 15.
Thu, Jun 27, 10:32 AM · anon-connection-wizard, python, Whonix
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

Seems ok after full removal and re-creation.

Thu, Jun 27, 10:31 AM · Whonix 15, qubes-template-whonix, Whonix
Patrick added a comment to T818: simplify tb-starter function tb_detect_starter_bin.

https://github.com/Whonix/tb-starter/commit/11ed26d14ed308891db5fc366a1002da41bdd3c1

Thu, Jun 27, 9:13 AM · Whonix, Whonix 16, tb-starter

Tue, Jun 25

madaidan added a comment to T869: Install Firejail by default inside Whonix.

GUI isolation is very important, no?

Tue, Jun 25, 10:43 PM · Whonix 15, firejail, Whonix
Whonix Issue Tracker · Unread Notifications · Open Issues · Homepage · Blog · Forum · Github · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer