Ah indeed. I’ve also tried that, it works in dom0 but doesn’t seem to be working in stubdom.
audio_domid=$(xenstore-ls -f | grep -oP '(?<=domain/)[0-9]+(?=/name = \"sys-audio\")')
I managed to find a very messy way of doing it:
cp /etc/libvirt/libxl/<nameofwindowsvm>.xml /etc/qubes/templates/libvirt/xen/by-name/
vim /etc/qubes/templates/libvirt/xen/by-name/<nameofwindowsvm>.xml (look for cmdline and add what I did after the netmask netmask=255.255.255.255,-qubes-audio:domid=1)
Now in stubdom:
audio_domid=0
vm_name=$(xenstore-read "/local/domain/$domid/name")
if [ $(echo "$vm_name" | grep -iEc '^windows') -eq 1 ]; then
audio_domid=$(echo "$dm_args" | grep -oE 'qubes-audio:domid=[0-9]+' | grep -oE '[0-9]+')
fi
pulseaudio --use-pid-file=no --daemonize=no --exit-idle-time=-1 --disable-shm=yes -n \
-L "module-native-protocol-unix auth-anonymous=1 socket=/tmp/pa.sock" \
-L "module-vchan-sink domid=$audio_domid" &
Now let’s create a libvirt hook that changes the value of the domid in the xml file to the correct one (the hook gets triggered every time sys-audio starts):
/etc/libvirt/hooks/libxl
#!/bin/bash
guest_name="$1"
libvirt_operation="$2"
if [ "$libvirt_operation" = "started" ]; then
(
exec 0</dev/null
exec 1>/dev/null
exec 2>/dev/null
if [ $(qvm-prefs $guest_name name) = "sys-audio" ]; then
sed -i 's/\(qubes-audio:domid=\)[0-9.]\+/\1'$(qvm-prefs sys-audio xid)'/' /etc/qubes/templates/libvirt/xen/by-name/<nameofwindowsvm>.xml
fi
) & disown
fi
chmod +x /etc/libvirt/hooks/libxl
That’s it. Hopefully someone comes with a cleaner solution soon.
1 Like
I don’t know if there’s any benefit but I personally use dispVM’s for everything besides sys-whonix, and yes if the template gets compromised the dispVM will be too.
While I know for sure it worked at the end of March, in May not sure, but today for sure I can’t extract stubdom
[user@dom0 stubdom-full]$
cpio -i -d -H newc --no-absolute-filenames < qemu-stubdom-linux-full-rootfs rm qemu-stubdom-linux-full-rootfs
64471 blocks
This is the only I got, command and the output are copy/pasted from dom0. Do you have any idea what might be wrong?
I can extract it with Ark with the whole structure, then edit init, then recreate it back with cpio/gzip, but then win qube won’t start with error in libxl-driver.log
2022-09-25 18:08:39.427+0000: libxl: libxl_dm.c:1975:libxl__build_device_model_args_new: Domain 27:Only 4 emulated IDE disks are supported.
Disk xvdi will be available via PV drivers but not as an emulated disk.
2022-09-25 18:09:19.848+0000: libxl: libxl_dm.c:2800:stubdom_xswait_cb: Domain 27:Stubdom 28 for 27 startup: startup timed out
2022-09-25 18:09:19.848+0000: libxl: libxl_create.c:1913:domcreate_devmodel_started: Domain 27:device model did not start: -9
2022-09-25 18:09:20.646+0000: libxl: libxl_device.c:1146:device_backend_callback: Domain 28:unable to remove device with path /local/domain/7/backend/vif/28/0
2022-09-25 18:09:22.494+0000: libxl: libxl_domain.c:1553:devices_destroy_cb: Domain 28:libxl__devices_destroy failed
Does cpio works for you and will your win qube start with init edited?
If I put original stubdomain back, win qube works well, but without audio since I can’t patch it successfully…
Even worse, each time I restart sys-audio it gets new xid although based on a template (it’s not disposable) and I really don’t know if that happened earlier…
But what we should do if we have more than 1 sound card which audio-qube changes its xid after each restart, even not being disposable?
Hey @jevank, this is now bigger issue than it was, since xid is changed whenever sys-audio (AppVM, not disposable) is restarted and if we want audio to work we need to patch stubdom each time, on the fly…
Any solution to this?