sys-whonix starting spontaneously after update

After a recent dom0(?) / TemplateVM(?) update sys-whonix has been starting spontaneoulsy. If I shut it down it starts right back up. I use a different naming convention to prevent confusion between, for example my Tor versioning based VMs and my default whonix-gw based VMs. I don’t often use my sys-whonix “named” VM. sys-whonix is not set to autostart, no VMs have sys-whonix as netvm and I don’t have sys-whonix set as default qubes-prefs or updatevm.

Journalctl output from dom0 keeps showing sys-whonix (sdwdate) logs to VMs that are not even conected to sys-whonix

user@host:~/QubesIncoming/dom0$ cat sys-whonix-bug 
Sep 15 06:19:40 dom0 qrexec[10822]: whonix.SdwdateStatus: sys-whonix -> `$somevm`: allowed to `$somevm`
Sep 15 06:19:40 dom0 qrexec[10824]: whonix.SdwdateStatus: sys-whonix -> `$somevm1`: allowed to `$somevm1`
[...]

1 Like

Quote sdwdate-gui: Secure Distributed Web Date Graphical User Interface

Qubes-Whonix - Unexpected Autostart of sys-whonix

Follow instructions multiple Qubes-Whonix ™ Whonix-Workstation ™. [1]



[1] Qubes bug report: qrexec feature request: send this over qrexec to the net qube I am connected to / sys-whonix hardcoded / sys-whonix unexpected autostart · Issue #5253 · QubesOS/qubes-issues · GitHub

Anything that can be done if using multiple named DispVMs (based on the same dvm) with each named DispVM using a differnt sys-whonix-VM? For Example

anon-whonix-disp-1 is based on whonix-dvm-1 which uses sys-whonix-1 as netvm.

anon-whonix-disp-2 is based on whonix-dvm-1 which uses sys-whonix-2 as netvm.

pretty sure I know the answer. :frowning_face:

Edit: What if someone wants to change the netvm of their anon-whonix DispVM from sys-whonix-1 to sys-whonix-2 on the fly?

If /usr/local/etc/sdwdate-gui.d/50_user.conf contains gateway=sys-whonix-1 wouldn’t it cause issues if netvm is changed to sys-whonix-2?

Note: in the context of NOT disabing sdwdate autostart

1 Like

Yes, that config file is a bash fragment. Therefore supports scripting. The contents of the gateway setting variable could be derived from output of qubesdb-read /name.

Will still send sdwdate-gui notifications to old gateway.

Tested in simulation (setting vm_name variable) but not actually tested on real system.

#!/bin/bash

## Copyright (C) 2019 - 2019 Patrick Schleizer <adrelanos@riseup.net>
## See the file COPYING for copying conditions.

set -x
set -e

vm_name="$(qubesdb-read /name)"

## example vn_name:
## anon-whonix-disp-1

vm_number="$(echo "$vm_name" | str_replace "anon-whonix-disp-" "")"

## example vm_number:
## 1

target_gateway="sys-whonix-${vm_number}"

## example target_gateway:
## sys-whonix-1

gateway="$target_gateway"

Works for me. No issues since using the script. Thank You!

1 Like