I renamed sys-whonix to something more useful (for me), and it broke the whonix-gw-16 template from updating DOH!
I seem to remember there is somewhere in dom0 you can manually change it. This is something I will actually change, from time to time, as I use different sources (usually private VPN’s) to update tor templates.
Thanks
It would be useful to tell which release you are using, but for 4.1 you’d like to check
/etc/qubes-rpc/policy/qubes.UpdatesProxy
as well as
/etc/qubes/policy.d/90-default.policy
For dom0 - in Global settings → qube defaults → Dom0 Update qube
Thanks, that was it!
You are welcome. You may want to flag the post as a solution so it could help other users too.
Great idea. I just looked around, don’t see an option to flag it as a solution. Do I edit the topic? add (solved) or something?
Thanks. it should be a checkbox next to the heart you flagged my post with.
I did flagged as “other” and sent a message asking if that’s how I flag as solved hah we’ll see
Never mind, thanks for trying. Its under the post, not at the end of the topic
Only posts in “User Support” can be selected as solution. This is because a “General discussion” by definition can’t have a “solution”.
If the topic starts with “How do I …” and a “solution” is possible, those are very good indicators of something belonging in “User Support”.
Moved the thread to “User Support” and selected the appropriate answer as “solution”.
Each time when starting/shutting down a disposable whonix qube, qrexec-policy-agent error popup message appears:
Denied: whonix.NewStatus
Denied whonix.NewStatus+status from
dispXXXX to sys-whonix
The 50-config-updates.policy has correct(renamed) targets.
90-default.policy updated to:
qubes.UpdatesProxy * @tag:whonix-updatevm @default allow target=my-sys-whonix
But the error continue to pop up
whonix.NewStatus is different from qubes.UpdatesProxy
The whonix.NewStatus policy only works for qubes that have the “anon-vm” tag, so make sure your disposable template has it:
# from dom0
qvm-tags <disposable template name> add anon-vm
Yeah, checked it following this: Weird notification -- Denied: whonix.newstatus - #7 by qubes
qvm-tags dispXXXX as well as my-anon-whonix and whonix-workstation-17-dvm prints it has anon-vm
Do you still have a “sys-whonix” qube? It seems to be based only on the “anon-gateway” tag for the target, so it could be hardcoded to sys-whonix with no way to change it?
I’m not sure if this is possible, but you could try forcing the target to your custom named gateway in /etc/qubes/policy.d/80-whonix.policy with target= like this:
whonix.NewStatus * @tag:anon-vm @tag:anon-gateway allow autostart=no target=my-sys-whonix
As renamed one – my-sys-whonix
Tried that and:
whonix.NewStatus * @tag:anon-vm my-sys-whonix allow autostart=no
Without success.
qvm-tags my-sys-whonix does have anon-gateway.
renaming my-sys-whonix back to sys-whonix removes the error.
Well, it may involve more steps then. I found this github issue that explains exactly your problem, but nothing has been done about it for now:
Edit:
I checked sdwdate manually, it does hardcode the gateway name to sys-whonix.
You can check this in these files, for example:
/usr/lib/python3/dist-packages/sdwdate_gui/sdwdate_watcher.py
/usr/libexec/sdwdate-gui/notify-shutdown
They contain something similar to this:
## Fallback.
## If gateway is not configured in config file, use default.
## Non-ideal.
## qrexec feature request: send this over qrexec to the NetVM I am connected to / sys-whonix hardcoded / sys-whonix unexpected autostart #5253
## https://github.com/QubesOS/qubes-issues/issues/5253
## Networks VMs are restarting themselves without valid reason #5930
## https://github.com/QubesOS/qubes-issues/issues/5930
## HARDCODED!
gateway = "sys-whonix"
The above is the workaround in case the gateway is not configured, as it says in the comments.
The correct way is to define the gateway in the /etc/dswdate-gui.d/50_user.conf
Without your help it would probably be very difficult for me to solve this.
Thank you.