suzanne.soy/qubes-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'awokd-patch-4'

Browse Source
This commit is contained in:
Andrew David Wong 2018-02-13 23:20:58 -06:00
commit 29aa6ab6b1
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
1 changed files with 22 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
configuration/config-files.md
View File

@ -12,13 +12,11 @@ redirect_from:
Qubes specific VM config files Qubes specific VM config files
============================== ==============================
Those files are placed in /rw, which survives VM restart, so can be These files are placed in /rw, which survives a VM restart.
used to customize single VM (not all VMs based on the same template). That way, they can be used to customize a single VM instead of all VMs based on the same template.
The scripts here all run as root. The scripts here all run as root.
- `/rw/config/rc.local` - script run at VM startup. Good place to - `/rw/config/rc.local` - script runs at VM startup. Good place to change some service settings, replace config files with its copy stored in /rw/config, etc. Example usage:
change some service settings, replace config files with its copy stored
in /rw/config etc. Example usage:
~~~ ~~~
# Store bluetooth keys in /rw to keep them across VM restarts # Store bluetooth keys in /rw to keep them across VM restarts
@ -26,29 +24,24 @@ in /rw/config etc. Example usage:
ln -s /rw/config/var-lib-bluetooth /var/lib/bluetooth ln -s /rw/config/var-lib-bluetooth /var/lib/bluetooth
~~~ ~~~
- `/rw/config/qubes-ip-change-hook` - script run in NetVM after - `/rw/config/qubes-ip-change-hook` - script runs in NetVM after every external IP change and on "hardware" link status change.
external IP change (or connection to the network)
- `/rw/config/qubes-firewall-user-script` - script run in ProxyVM - `/rw/config/qubes-firewall-user-script` - script runs in ProxyVM/AppVM with `qvm-features <vmname> qubes-firewall true` after each firewall update.
after each firewall update. Good place to write own custom firewall Good place to write own custom firewall rules.
rules
- `/rw/config/suspend-module-blacklist` - list of modules (one per - `/rw/config/suspend-module-blacklist` - list of modules (one per line) to be unloaded before system goes to sleep.
line) to be unloaded before system going to sleep. The file is used The file is used only in a VM with PCI devices attached.
only in VM with some PCI devices attached. Supposed to be used for Intended for use with problematic device drivers.
problematic device drivers.
Note that scripts need to be executable (chmod +x) to be used. Note that scripts need to be executable (chmod +x) to be used.
Also take a look at [bind-dirs](/doc/bind-dirs) for instructions on Also, take a look at [bind-dirs](/doc/bind-dirs) for instructions on how to easily modify arbitrary system files in an AppVM and have those changes persist.
how to easily modify arbitrary system files in AppVM and have those changes persist.
GUI and audio configuration in dom0 GUI and audio configuration in dom0
=================================== ===================================
GUI configuration file `/etc/qubes/guid.conf` in one of few not managed The GUI configuration file `/etc/qubes/guid.conf` in one of a few not managed by qubes-prefs or the Qubes Manager tool.
by qubes-prefs nor Qubes Manager tool. Sample config (included in Sample config (included in default installation):
default installation):
~~~ ~~~
# Sample configuration file for Qubes GUI daemon # Sample configuration file for Qubes GUI daemon
@ -78,25 +71,18 @@ VM: {
Currently supported settings: Currently supported settings:
- `allow_fullscreen` - allow VM to request its windows to go - `allow_fullscreen` - allow VM to request its windows to go fullscreen (without any colorful frame).
fullscreen (without any colorful frame).
**Note:** Regardless of this setting, you can always put a window into **Note:** Regardless of this setting, you can always put a window into fullscreen mode in Xfce4 using the trusted window manager by right-clicking on a window's title bar and selecting "Fullscreen".
fullscreen mode in Xfce4 using the trusted window manager by right-clicking on This functionality should still be considered safe, since a VM window still can't voluntarily enter fullscreen mode.
a window's title bar and selecting "Fullscreen". This functionality should still The user must select this option from the trusted window manager in dom0.
be considered safe, since a VM window still can't voluntarily enter fullscreen To exit fullscreen mode from here, press `alt` + `space` to bring up the title bar menu again, then select "Leave Fullscreen".
mode. The user must select this option from the trusted window manager in dom0.
To exit fullscreen mode from here, press `alt` + `space` to bring up the title
bar menu again, then select "Leave Fullscreen".
- `allow_utf8_titles` - allow to use UTF-8 in window titles, - `allow_utf8_titles` - allow the use of UTF-8 in window titles; otherwise, non-ASCII characters are replaced by an underscore.
otherwise non-ASCII characters are replaced by underscore.
- `secure_copy_sequence` and `secure_paste_sequence` - key sequences - `secure_copy_sequence` and `secure_paste_sequence` - key sequences used to trigger secure copy and paste.
used to trigger secure copy and paste
- `windows_count_limit` - limit on concurrent windows count. - `windows_count_limit` - limit on concurrent windows.
- `audio_low_latency` - force low-latency audio mode (about 40ms - `audio_low_latency` - force low-latency audio mode (about 40ms compared to 200-500ms by default).
compared to 200-500ms by default). Note that this will cause much Note that this will cause much higher CPU usage in dom0.
higher CPU usage in dom0.