Singer
July 11, 2024, 2:11pm
1
Dear Qubes community,
I have installed Waydroid in Fedora 38 (Qubes 4.2) to be able to use Android programs. But for Waydroid to be able to use the internet connection, something has to be done additionally. The VM is behind sys-firewall without any special firewall configurations. IPv6 is activated.
With “ip addr show” “waydroid0” also appears. I cannot use the “firewall-cmd” command recommended by Waydroid to solve the problem, because if you install the associated package, the Qubes packages will be removed. Does anyone here know what to do?
See also: Networking Issues | Waydroid
Configure firewall like this:
This guide is for creating Waydroid template that can be used to create AppVMs based on it.
The Android image is installed in template and applications and their configuration will be installed in AppVMs.
This guide is for setting up minimal Waydroid template. You may want to install additional packages like GUI terminal, file manager, passwordless root etc.
Singer
July 11, 2024, 4:19pm
3
Thank you for this great guide. In which file should I place the firewall rules: Waydroid template
cat << 'EOF' | tee /etc/systemd/system/waydroid-firewall.service >/dev/null
[Unit]
ConditionPathExists=!/run/qubes/this-is-templatevm
PartOf=waydroid-container.service
After=waydroid-container.service
BindsTo=waydroid-container.service
Requires=qubes-iptables.service
After=qubes-iptables.service
BindsTo=qubes-iptables.service
[Service]
Type=oneshot
ExecStart=/usr/bin/bash -c "if (nft create chain ip qubes waydroid-input) &>/dev/null; then nft add rule ip qubes custom-input jump waydroid-input; fi"
ExecStart=/usr/bin/bash -c "if (nft create chain ip qubes waydroid-forward) &>/dev/null; then nft add rule ip qubes custom-forward jump waydroid-forward; fi"
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-input iifname "waydroid0" meta l4proto {tcp, udp} th dport { 53, 67 } accept
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-forward iifname "waydroid0" oifgroup 1 accept
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-forward oifname "waydroid0" iifgroup 1 accept
ExecStop=/usr/sbin/nft flush chain ip qubes waydroid-input
ExecStop=/usr/sbin/nft flush chain ip qubes waydroid-forward
RemainAfterExit=yes
[Install]
WantedBy=waydroid-container.service
EOF
systemctl daemon-reload
systemctl enable waydroid-firewall.service
Just copy this code block and paste it in your waydroid template terminal to run it.
Singer
July 12, 2024, 7:14am
5
This part of the first command does not work:cat << 'EOF'
Failed to enable unit: Unit file waydroid-firewall.service does not exist.
What could be the problem here?
What was the error?
cat << 'EOF' | sudo tee /etc/systemd/system/waydroid-firewall.service >/dev/null
[Unit]
ConditionPathExists=!/run/qubes/this-is-templatevm
PartOf=waydroid-container.service
After=waydroid-container.service
BindsTo=waydroid-container.service
Requires=qubes-iptables.service
After=qubes-iptables.service
BindsTo=qubes-iptables.service
[Service]
Type=oneshot
ExecStart=/usr/bin/bash -c "if (nft create chain ip qubes waydroid-input) &>/dev/null; then nft add rule ip qubes custom-input jump waydroid-input; fi"
ExecStart=/usr/bin/bash -c "if (nft create chain ip qubes waydroid-forward) &>/dev/null; then nft add rule ip qubes custom-forward jump waydroid-forward; fi"
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-input iifname "waydroid0" meta l4proto {tcp, udp} th dport { 53, 67 } accept
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-forward iifname "waydroid0" oifgroup 1 accept
ExecStart=/usr/sbin/nft add rule ip qubes waydroid-forward oifname "waydroid0" iifgroup 1 accept
ExecStop=/usr/sbin/nft flush chain ip qubes waydroid-input
ExecStop=/usr/sbin/nft flush chain ip qubes waydroid-forward
RemainAfterExit=yes
[Install]
WantedBy=waydroid-container.service
EOF
sudo systemctl daemon-reload
sudo systemctl enable waydroid-firewall.service
Singer
July 12, 2024, 7:55am
7
Now it worked. Thank you!
Singer
July 12, 2024, 10:41am
8
I can search with Google in Waydroid now, but if I try to reach the playstore website, the browser says: Error, domain name not resolved. Hm, do you know this error?
I can access https://play.google.com in the browser inside Waydroid. Are you able to access other websites besides google.com ?
Singer
July 12, 2024, 11:43am
10
Suddenly it works. But I do not find a version of Google play store on the internet which works with waydroid. The installed versions crash on startup.
Did you try the Waydroid image with GAPPS?
-s SYSTEM_TYPE | --system_type SYSTEM_TYPE : System type (options: VANILLA, FOSS or GAPPS; default is VANILLA)