While Qubes was being installed, I had the option to have sys-net be disposable, but I did not check the box. On other topics a few members have said to edit file /var/lib/qubes/qubes.xml but I tried that twice and all changes to the file were reverted after restart and sys-net is still a AppVM.
Simply reinstall Qubes OS.
2 Likes
Create a new qubes as a dispvm and then go into it’s settings and duplicate those of sys-net (eg. Add the Ethernet and other network cards to devices, switch the virtualization settings to HVM from PVH, turn off memory balancing, add the services etc etc). Then point sys-firewall to the new sys-net
Nevermind… Don’t seem to be able to add services
1 Like
Not worth the effort, trust me just backup all and reinstall. @FranklyFlawless is right.
3 Likes
I guess this is worth a read cause there are some things which are not backed up by default (changes to dom0)…
1 Like
Why are you all saying this? See:
2 Likes
How to make it disposable? I see
{% if salt['pillar.get']('qvm:sys-net:disposable', false) %}
in
/srv/formulas/base/virtual-machines-formula/qvm/sys-net.sls
but don’t know how to pass “disposable:true” or the like to the command.
Also, see these guys telling to reinstall Qubes just because user forgot checking box “Disposable sys-net” on initial installation?
1 Like
The quoted command and/or topic does not create a disposable sys-net.
In the scenario described by @motility, if someone sets sys-net as a disposable template, creates a new disposable VM based on that template, and then routes sys-firewall through this disposable VM, what potential issues or risks could arise?
If there’s a risk that sys-net has contaminated through use, would it be safer to create a new, standard sys-net following @solene’s recent guide and then convert that into a disposable template?
1 Like
Why did you merge it? I intentionally posted it there to receive needed answer from @unman on how to make it disposable.
The command certainly accepts disposable to create a disposable sys-net instead; it just happened that I don’t know how, but it’s certainly trivial for @unman to answer. You can indeed verify that by looking at /srv/formulas/base/virtual-machines-formula/qvm/sys-net.sls, the line I mentioned above.
Also, see the post @solene just created. It has the way of creating it even without Salt, although I see no reason to follow the guide and not utilize qubesctl state.apply qvm.sys-net.
1 Like
The guide should work, just create the new sys-net qube as a disposable 
1 Like
Do you see a reason of doing any of all this and not utilize qubesctl state.apply qvm.sys-net?
1 Like
Could you please explain what this command does exactly?
1 Like
It creates a new sys-net.
It runs /srv/formulas/base/virtual-machines-formula/qvm/sys-net.sls, which is Salt. Salt (management software) | Qubes OS - Salt (software) - Wikipedia
This is what Qubes initial installation itself uses to create sys-net for you when you first install Qubes.
1 Like
Standard sys-net using the default template?
1 Like
Yes.
If you want a disposable sys-net, you have to set the pillar
appropriately.
This is straightforward -
sudo su
cd /srv/pillar/_tops/base
ln -s /srv/pillar/base/qvm/disposable-sys-net.top .
qubesctl state.apply qvm.sys-net
This will create a disposable sys-net, and allocate to it the
networking devices. All settings as original set-up.
N.B If you have changed the default default-dvm, the new sys-net will
use that
If you want to revert to a non-disposable, remove that symlink, and
rerun the qubesctl command.
salting like this is much better than copying long command lines imo
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
1 Like
I’ve just posted on this.
In the years I’ve been using Qubes and working with clients I have
almost never been forced to reinstall Qubes to solve an issue. There
is always a better way.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
2 Likes
Why has everyone tried to make this all so much harder than it has to be?
It is literally a case of creating a guest that is disposable and adding the NIC to it.
Using the GUI, is super easy. Takes 15 seconds. No need to reinstall either.
I made a sys-net2, set it as disposable, told it provides network to other qubes.
Takes longer to set it as the default network guest than it does to create it.
Seriously… Easy…
2 Likes
What disposable template will be used for a disposable sys-net?
I assume it’s default-dvm?
If so, that means there’s no straightforward way to persistently save a Wi-Fi password in the disposable template for use in the disposable sys-net?
1 Like
If you want DISPOSABLE, then no.
But on that machines startup, you can have a Domain-0 script that executes the connection in the guest and adds all the details for configuration including the WiFi password.
Meaning that every time it starts, you would have to re-enter the key, or run the script. If you have it running automatically then if you are out and about it would try to connect to it and search for it, and essentially give away your key to any malicious person that is there.
I have my TemplateVM, then I have disposable guests based on that template.
my disposable network would just be a disposable guest based on my normal template just like any other guest, but it would be configured as a networking guest and one that also provides networking.
So it doesn’t use a disposable guest as a template, it uses a template and then that one guest becomes disposable.
So not based on the “default-dvm” as that itself is based on another template.
1 Like