sudo or not.
The usage of \n
(which is included in that command) does not work.
Please look at the resulting configuration file and check if it looks as intended. It doesn’t.
sudo or not.
The usage of \n
(which is included in that command) does not work.
Please look at the resulting configuration file and check if it looks as intended. It doesn’t.
The forum software is formatting my quotes into the italic type that would indeed not give proper formatting but the ones I used on my end were the normal ones.
Please use code tags for code, not quote. Like this:
```
code
```
Fixed:
Mistake with video setting in GW, kicksecure and custom WS prevents them form starting.
Removed rombar off because having it enabled for more than 1 NIC caused the GW to freak out
Question: Are we already providing Kicksecure releases?
I’ll do another build once accepted since 15.0.0.6.8 includes these problems. I don’t see the point of linking to that build now.
Life would be easier if users actually bothered testing these things and reported back…
A post was merged into an existing topic: AppArmor for Complete System - Including init, PID1, Systemd, Everything! - Full System MAC policy
Merged.
Yes.
3 posts were merged into an existing topic: use sudoedit in Whonix documentation and Whonix software
@Patrick just noticed xpdf silently fails to run when trying to open a pdf in 15.0.0.6.6
can you reproduce that? Any logs needed?
Scratch that, the file is malformed
@Patrick git instruction on the dev page - git doesn’t seem to recognize the --recursive-submodules parameter but this worked:
git checkout --recurse-submodules 15.0.0.7.1-developers-only
Thanks, fixed.
Yes I’m using it as we speak
Could you please the following KVM parameters and check if we’re already using secure defaults? //cc @madaidan
kvm.ignore_msrs=[KVM] Ignore guest accesses to unhandled MSRs.
Default is 0 (don’t ignore, but inject #GP)kvm.enable_vmware_backdoor=[KVM] Support VMware backdoor PV interface.
Default is false (don’t support).kvm.mmu_audit= [KVM] This is a R/W parameter which allows audit
KVM MMU at runtime.
Default is 0 (off)kvm.nx_huge_pages=
[KVM] Controls the software workaround for the
X86_BUG_ITLB_MULTIHIT bug.
force : Always deploy workaround.
off : Never deploy workaround.
auto : Deploy workaround based on the presence of
X86_BUG_ITLB_MULTIHIT.Default is 'auto'. If the software workaround is enabled for the host, guests do need not to enable it for nested guests.
kvm.nx_huge_pages_recovery_ratio=
[KVM] Controls how many 4KiB pages are periodically zapped
back to huge pages. 0 disables the recovery, otherwise if
the value is N KVM will zap 1/Nth of the 4KiB pages every
minute. The default is 60.kvm-amd.nested= [KVM,AMD] Allow nested virtualization in KVM/SVM.
Default is 1 (enabled)kvm-amd.npt= [KVM,AMD] Disable nested paging (virtualized MMU)
for all guests.
Default is 1 (enabled) if in 64-bit or 32-bit PAE mode.kvm-arm.vgic_v3_group0_trap=
[KVM,ARM] Trap guest accesses to GICv3 group-0
system registerskvm-arm.vgic_v3_group1_trap=
[KVM,ARM] Trap guest accesses to GICv3 group-1
system registerskvm-arm.vgic_v3_common_trap=
[KVM,ARM] Trap guest accesses to GICv3 common
system registerskvm-arm.vgic_v4_enable=
[KVM,ARM] Allow use of GICv4 for direct injection of
LPIs.kvm-intel.ept= [KVM,Intel] Disable extended page tables
(virtualized MMU) support on capable Intel chips.
Default is 1 (enabled)kvm-intel.emulate_invalid_guest_state=
[KVM,Intel] Enable emulation of invalid guest states
Default is 0 (disabled)kvm-intel.flexpriority=
[KVM,Intel] Disable FlexPriority feature (TPR shadow).
Default is 1 (enabled)kvm-intel.nested=
[KVM,Intel] Enable VMX nesting (nVMX).
Default is 0 (disabled)kvm-intel.unrestricted_guest=
[KVM,Intel] Disable unrestricted guest feature
(virtualized real and unpaged mode) on capable
Intel chips. Default is 1 (enabled)kvm-intel.vmentry_l1d_flush=[KVM,Intel] Mitigation for L1 Terminal Fault
CVE-2018-3620.Valid arguments: never, cond, always always: L1D cache flush on every VMENTER. cond: Flush L1D on VMENTER only when the code between VMEXIT and VMENTER can leak host memory. never: Disables the mitigation Default is cond (do L1 cache flush in specific instances)
kvm-intel.vpid= [KVM,Intel] Disable Virtual Processor Identification
feature (tagged TLBs) on capable Intel chips.
Default is 1 (enabled)