0brand
September 15, 2019, 10:18am
1
After a recent dom0(?) / TemplateVM(?) update sys-whonix has been starting spontaneoulsy. If I shut it down it starts right back up. I use a different naming convention to prevent confusion between, for example my Tor versioning based VMs and my default whonix-gw based VMs. I don’t often use my sys-whonix “named” VM. sys-whonix is not set to autostart, no VMs have sys-whonix as netvm and I don’t have sys-whonix set as default qubes-prefs or updatevm.
Journalctl output from dom0 keeps showing sys-whonix (sdwdate) logs to VMs that are not even conected to sys-whonix
user@host:~/QubesIncoming/dom0$ cat sys-whonix-bug
Sep 15 06:19:40 dom0 qrexec[10822]: whonix.SdwdateStatus: sys-whonix -> `$somevm`: allowed to `$somevm`
Sep 15 06:19:40 dom0 qrexec[10824]: whonix.SdwdateStatus: sys-whonix -> `$somevm1`: allowed to `$somevm1`
[...]
1 Like
Patrick
September 15, 2019, 10:38am
2
Quote sdwdate-gui: Secure Distributed Web Date Graphical User Interface
Qubes-Whonix - Unexpected Autostart of sys-whonix
Follow instructions multiple Qubes-Whonix ™ Whonix-Workstation ™ . [1]
opened 09:51AM - 18 Aug 19 UTC
T: enhancement
C: core
P: default
https://groups.google.com/forum/#!topic/qubes-devel/DEQNltD2_kc
> Start sdwda… te-gui [5] [6], which is a systray by default in Whonix-Gateway.
> Due to sdwdate-gui, Qubes-Whonix who use multiple Whonix-Gateway [7] should note updated instructions for multiple Whonix-Workstation [8] due introduction of sdwdate-gui. Essentially, Whonix-Workstation's using any Whonix-Gateway named other than sys-whonix need to configure their Whonix-Workstation by declaring the name of their Whonix-Gateway VM.
> Not following these instructions would lead to the following confusion. Someone who didn't start sys-whonix, starting an AppVM using sys-whonix-two would wonder why sys-whonix gets started. It would get started by Qubes qrexec. The sdwdate-gui entry for that AppVM would be registered in sys-whonix's sdwdate-gui rather than in sys-whonix-two's sdwdate-gui.
> [5] https://www.whonix.org/wiki/sdwdate-gui
> [6] https://github.com/Whonix/sdwdate-gui
> [7] https://www.whonix.org/wiki/Multiple_Whonix-Gateway
> [8] https://www.whonix.org/wiki/Multiple_Whonix-Workstation#qubes
As discussed, solution would be a new qrexec feature `send this over qrexec to the NetVM I am connected to`.
This would also be a better than https://github.com/QubesOS/qubes-issues/issues/4117.
----
Related:
* [Troubleshooting - Qubes-Whonix - Unexpected Autostart of sys-whonix](https://www.whonix.org/wiki/Sdwdate-gui#Qubes-Whonix_-_Unexpected_Autostart_of_sys-whonix)
* [Disable sdwdate-gui Autostart](https://www.whonix.org/wiki/Sdwdate-gui#Disable_Autostart)
[1] Qubes bug report: qrexec feature request: send this over qrexec to the net qube I am connected to / sys-whonix hardcoded / sys-whonix unexpected autostart · Issue #5253 · QubesOS/qubes-issues · GitHub
0brand
September 16, 2019, 11:08pm
3
Anything that can be done if using multiple named DispVMs (based on the same dvm) with each named DispVM using a differnt sys-whonix-VM? For Example
anon-whonix-disp-1 is based on whonix-dvm-1 which uses sys-whonix-1 as netvm.
anon-whonix-disp-2 is based on whonix-dvm-1 which uses sys-whonix-2 as netvm.
pretty sure I know the answer.
Edit: What if someone wants to change the netvm of their anon-whonix DispVM from sys-whonix-1 to sys-whonix-2 on the fly?
If /usr/local/etc/sdwdate-gui.d/50_user.conf contains gateway=sys-whonix-1 wouldn’t it cause issues if netvm is changed to sys-whonix-2?
Note: in the context of NOT disabing sdwdate autostart
1 Like
Yes, that config file is a bash fragment. Therefore supports scripting. The contents of the gateway setting variable could be derived from output of qubesdb-read /name.
Will still send sdwdate-gui notifications to old gateway.
Patrick
September 17, 2019, 8:04am
5
Tested in simulation (setting vm_name variable) but not actually tested on real system.
#!/bin/bash
## Copyright (C) 2019 - 2019 Patrick Schleizer <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
set -x
set -e
vm_name="$(qubesdb-read /name)"
## example vn_name:
## anon-whonix-disp-1
vm_number="$(echo "$vm_name" | str_replace "anon-whonix-disp-" "")"
## example vm_number:
## 1
target_gateway="sys-whonix-${vm_number}"
## example target_gateway:
## sys-whonix-1
gateway="$target_gateway"
0brand
September 17, 2019, 11:37pm
6
Works for me. No issues since using the script. Thank You!
1 Like
