As I said in one of my previous answers:
All you have to do is run one of them, in your case the second one, in a dom0 terminal. There are no surprises, just write it and let it do the rest.
Global Settings of what? Where they are? In settings manager I never seen any ClockVM. In settings of any cube too. Qubes absolutely new OS for me and for the first days too many settings everywhere so I probably seen those Global Settings somewhere (sounds like something familiar), but can’t remember where. Or maybe my brain is a little overheated these days because of so many operations I had to do only to start using this f… interesting (and hopefully) good OS. 
Global Settings is different from the qube settings menu. If you open the Qubes Manager (where you have the list of all qubes), you will be able to open it by clicking on the globe icon at the top. There you will see a line with “ClockVM” or “Clock qube”, that’s what you need to change.
1 Like
The same result. It has error:
The following requisites were not found: require: sls: qvm.sys-net
.And further result:
configuration failed, not continuing
Can you run this first and see what happens?
sudo qubesctl state.sls qvm.sys-net
Oh, I really seen it! This is it! I found that line and changed cube to my new sys-net. Thanks!
1 Like
Do I need to rename my actual sys-net cube to “sys-net” before entering this command? It has different name now because the old sys-net cube was not deleted yet.
If you can delete the old sys-net, then do so. Then rename the new one to “sys-net” by going into its settings and clicking the “rename” button (it must be turned off first).
1 Like
Yes, I know. If this is needed for completing that command then I can’t do it now, because I update now my Debian template. So I can’t to stop sys-net to rename it. I only can to delete the old sys-net. If this is enough for starting that command, I will try. Otherwise I need to wait update finishing.
Let the update finish first, then do the delete/rename thing. It’s just to make sure your system is running fine and not out of order, so it’s easier for me to understand what’s wrong if errors occur.
1 Like
Seems I’m finally starting to understand what this command does. When entered with sys-net it returned no error and completed successfully.
With sys-usb was the same result (I mean like all previous results - failed. Returned an error). But now, when I’m starting to understand this command, it seems that it says that most of what you asked is fine. At least it says that usb is locked from dom0. Anyway providing full log of operation:
sudo qubesctl state.sls qvm.sys-usb
local:ID: debian-11-dvm Function: qvm.vm Result: True Comment: ====== ['present'] ====== [SKIP] A VM with the name 'debian-11-dvm' already exists. ====== ['prefs'] ====== [SKIP] template_for_dispvms: True [SKIP] label : red ====== ['features'] ====== [SKIP] Feature already in desired state: ENABLE 'appmenus-dispvm' = Enabled Started: 15:10:35.224359 Duration: 189.309 ms Changes:
ID: echo -e 'firefox.desktop\nxterm.desktop' | qvm-appmenus --set-whitelist=- --update debian-11-dvm Function: cmd.run Result: True Comment: Command "echo -e 'firefox.desktop\nxterm.desktop' | qvm-appmenus --set-whitelist=- --update debian-11-dvm" run Started: 15:10:35.416131 Duration: 702.066 ms Changes: ---------- pid: 40206 retcode: 0 stderr: debian-11-dvm: Creating appmenus sys-firewall: Creating appmenus stdout:
ID: hide-usb-from-dom0-uefi Function: cmd.run Name: sed -i -e 's/^kernel=.*/\0 rd.qubes.hide_all_usb/' /boot/efi/EFI/qubes/xen.cfg Result: True Comment: onlyif condition is false unless condition is false Started: 15:10:36.118675 Duration: 1518.484 ms Changes:
ID: hide-usb-from-dom0-grub Function: file.append Name: /etc/default/grub Result: True Comment: File /etc/default/grub is in correct state Started: 15:10:37.637685 Duration: 31.454 ms Changes:
ID: grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg Function: cmd.run Result: True Comment: State was not run because none of the onchanges reqs changed Started: 15:10:37.669728 Duration: 0.004 ms Changes:
ID: sys-net-usb Function: qvm.prefs Name: sys-net Result: False Comment: The following requisites were not found: require: sls: qvm.sys-net Started: 15:10:37.669910 Duration: 0.003 ms Changes:
ID: qubes-input-proxy Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 15:10:37.681934 Duration: 513.672 ms Changes:
ID: sys-usb-input-proxy Function: file.prepend Name: /etc/qubes-rpc/policy/qubes.InputMouse Result: True Comment: File /etc/qubes-rpc/policy/qubes.InputMouse is in correct state Started: 15:10:38.196192 Duration: 2.702 ms Changes:
ID: /etc/systemd/system/qubes-vm@sys-net.service.d/50_autostart.conf Function: file.managed Result: True Comment: File /etc/systemd/system/qubes-vm@sys-net.service.d/50_autostart.conf is in the correct state Started: 15:10:38.199017 Duration: 23.73 ms Changes:Summary for local
Succeeded: 8 (changed=1)
Failed: 1Total states run: 9
Total run time: 2.981 s
DOM0 configuration failed, not continuing
What do you say? Check that error with missing qvm.sys-net.
It’s still configured to create a sys-net-usb setup it seems.
Can you run the following command and confirm that you see sys-net-as-usbvm in the list?
sudo qubesctl top.enabled pillar=True
1 Like
Seems you’re right.
sudo qubesctl top.enabled pillar=True
local:
----------
base:
- /srv/pillar/_tops/base/qvm.top
- /srv/pillar/_tops/base/qvm.disposable-sys-net.top
- /srv/pillar/_tops/base/qvm.disposable-sys-usb.top
- /srv/pillar/_tops/base/qvm.disposable-sys-firewall.top
- /srv/pillar/_tops/base/qvm.sys-net-as-usbvm.top
- /srv/pillar/_tops/base/topd.config.top
Good, then run these commands:
sudo qubesctl top.disable qvm.disposable-sys-net pillar=True
sudo qubesctl top.disable qvm.sys-net-as-usbvm pillar=True
If you get an error, you can safely ignore it. The change will be applied anyway.
Then run the previous command again:
sudo qubesctl state.sls qvm.sys-usb
1 Like
Done. Seems now everything’s OK. What to do next?
sudo qubesctl state.sls qvm.sys-usb
local:ID: debian-11-dvm Function: qvm.vm Result: True Comment: ====== ['present'] ====== [SKIP] A VM with the name 'debian-11-dvm' already exists. ====== ['prefs'] ====== [SKIP] template_for_dispvms: True [SKIP] label : red ====== ['features'] ====== [SKIP] Feature already in desired state: ENABLE 'appmenus-dispvm' = Enabled Started: 16:11:47.969053 Duration: 216.842 ms Changes:
ID: echo -e 'firefox.desktop\nxterm.desktop' | qvm-appmenus --set-whitelist=- --update debian-11-dvm Function: cmd.run Result: True Comment: Command "echo -e 'firefox.desktop\nxterm.desktop' | qvm-appmenus --set-whitelist=- --update debian-11-dvm" run Started: 16:11:48.188291 Duration: 720.746 ms Changes: ---------- pid: 44075 retcode: 0 stderr: debian-11-dvm: Creating appmenus sys-firewall: Creating appmenus stdout:
ID: hide-usb-from-dom0-uefi Function: cmd.run Name: sed -i -e 's/^kernel=.*/\0 rd.qubes.hide_all_usb/' /boot/efi/EFI/qubes/xen.cfg Result: True Comment: onlyif condition is false unless condition is false Started: 16:11:48.909444 Duration: 1544.464 ms Changes:
ID: hide-usb-from-dom0-grub Function: file.append Name: /etc/default/grub Result: True Comment: File /etc/default/grub is in correct state Started: 16:11:50.454379 Duration: 30.298 ms Changes:
ID: grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg Function: cmd.run Result: True Comment: State was not run because none of the onchanges reqs changed Started: 16:11:50.485316 Duration: 0.003 ms Changes:
ID: sys-usb Function: qvm.vm Result: True Comment: ====== ['present'] ====== /usr/bin/qvm-create sys-usb --class=DispVM --template=debian-11-dvm --label=red --property=memory=400 --property=provides_network=True --property=netvm= ====== ['prefs'] ====== [SKIP] netvm : None ====== ['service'] ====== Started: 16:11:50.485526 Duration: 4767.228 ms Changes: ---------- qvm.prefs: ---------- qvm.create: ---------- autostart: ---------- new: True old: *default* pcidevs: ---------- new: - 00:14.0 old: virt_mode: ---------- new: hvm old: *default* qvm.service: ---------- qvm.service: ---------- meminfo-writer: ---------- new: Disabled old: Missing network-manager: ---------- new: Disabled old: Missing
ID: qubes-input-proxy Function: pkg.installed Result: True Comment: All specified packages are already installed Started: 16:11:55.273579 Duration: 620.307 ms Changes:
ID: sys-usb-input-proxy Function: file.prepend Name: /etc/qubes-rpc/policy/qubes.InputMouse Result: True Comment: Prepended 1 lines Started: 16:11:55.894433 Duration: 2.371 ms Changes: ---------- diff: --- +++ @@ -1,2 +1,3 @@ +sys-usb dom0 ask,user=root,default_target=dom0 sys-net dom0 ask,user=root,default_target=dom0 $anyvm $anyvm deny
ID: /etc/systemd/system/qubes-vm@sys-usb.service.d/50_autostart.conf Function: file.managed Result: True Comment: File /etc/systemd/system/qubes-vm@sys-usb.service.d/50_autostart.conf updated Started: 16:11:55.896957 Duration: 23.327 ms Changes: ---------- diff: New fileSummary for local
Succeeded: 9 (changed=4)
Failed: 0Total states run: 9
Total run time: 7.926 s
You are basically done now. sys-usb can be started and should handle all your usbs (check the devices in sys-usb settings to make sure the controller(s) are selected).
You can remove the sys-net line (sys-net dom0 ask,user=root,default_target=dom0) in /etc/qubes-rpc/policy/qubes.InputMouse (dom0) since sys-net is no longer a usbvm.
1 Like
What command does it? I don’t know such commands.
I checked that new sys-usb cube’s settings. Is it OK if this cube has such settings as:
- “Provides network”. I thought it should not have because for this purpose modem will be connected to sys-net via sys-usb. And sys-usb should not have internet access itself.
- Has Network Manager in services.
Usb controller was already connected by default.
Quick command to remove it:
sudo sed -i "/sys-net/d" /etc/qubes-rpc/policy/qubes.InputMouse
“Provides Network” is enabled by default in sys-usb because some users can use an external network device, for example, connected via USB. So it’s easier for them. If you don’t have any use case or if you want to transfer to sys-net like you said, you can disable it.
NetworkManager can also be unchecked/removed if you don’t need it.
1 Like
Thank you, my friend, for all the help that you provided! You do a great job here, on this forum! 
1 Like
About qrexec. I disabled auto-connection to the Internet, so sys-whonix complaining it can’t connect to the qrexec during 60 seconds. It happens when sys-whonix starts automatically after system start while I didn’t turn Internet on yet. Then sys-whonix automatically is shutting down.