-
-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UpdateVM system defaults should only list NetVMs and ProxyVMs #1831
Comments
Why? It is perfectly fine to have any AppVM set there. For example a VM behind Tor, or VPN, to be sure that yumdownloader/ntpdate will not see real IP. |
those VMs are ProxyVMs, no? |
I can't think of a single use-case where a user should be putting their network traffic through a "qube" (AppVM) or a template, rather than a ProxyVM. |
But those ProxyVMs itself see the real IP. Only VMs behind are are really isolated. I think Whonix gateway is some exception here - it also torify traffic originating directly from it. (I agree templates are useless on that list) |
Marek Marczykowski-Górecki:
Yes. |
So, then perhaps the solution I think @mfc is after (making this selection process more simple + safe for users) is to only show AppVMs, or Whonix gateway so as to not allow users to accidentally leak their real IP |
IIUC, this part is much more complicated. See:
|
Small fix to Qubes Manager to open the context menu slightly to the right of the mouse to avoid accidental clicks. Originally created by @unman , ported to 3.2 branch. references QubesOS/qubes-issues#1831
Automated announcement from builder-github The package
|
Automated announcement from builder-github The package
Or update dom0 via Qubes Manager. |
Currently in Qubes VM Manager > System > System defaults > UpdateVM, it lists all VMs as possibilities for
UpdateVM
. It should only list netvms and proxyvms. Probably the same should be done forClockVM
.The text was updated successfully, but these errors were encountered: