7516737fae
This allows to specify tight network isolation for a VM, and finally close one remaining way for leaking traffic around TorVM. Now when VM is connected to for example TorVM, its DispVMs will be also connected there. The new property can be set to: - default (uses_default_dispvm_netvm=True) - use the same NetVM/ProxyVM as the calling VM itself - including none it that's the case - None - DispVMs will be network-isolated - some NetVM/ProxyVM - will be used, even if calling VM is network-isolated Closes qubesos/qubes-issues#862
138 lines
6.7 KiB
ReStructuredText
138 lines
6.7 KiB
ReStructuredText
=========
|
|
qvm-prefs
|
|
=========
|
|
|
|
NAME
|
|
====
|
|
qvm-prefs - list/set various per-VM properties
|
|
|
|
:Date: 2012-04-11
|
|
|
|
SYNOPSIS
|
|
========
|
|
| qvm-prefs -l [options] <vm-name>
|
|
| qvm-prefs -s [options] <vm-name> <property> [...]
|
|
|
|
|
|
OPTIONS
|
|
=======
|
|
-h, --help
|
|
Show this help message and exit
|
|
-l, --list
|
|
List properties of a specified VM
|
|
-s, --set
|
|
Set properties of a specified VM
|
|
|
|
PROPERTIES
|
|
==========
|
|
|
|
include_in_backups
|
|
Accepted values: ``True``, ``False``
|
|
|
|
Control whenever this VM will be included in backups by default (for now works only in qubes-manager). You can always manually select or deselect any VM for backup.
|
|
|
|
pcidevs
|
|
PCI devices assigned to the VM. Should be edited using qvm-pci tool.
|
|
|
|
label
|
|
Accepted values: ``red``, ``orange``, ``yellow``, ``green``, ``gray``, ``blue``, ``purple``, ``black``
|
|
|
|
Color of VM label (icon, appmenus, windows border). If VM is running, change will be applied at first VM restart.
|
|
|
|
netvm
|
|
Accepted values: netvm name, ``default``, ``none``
|
|
|
|
To which NetVM connect. Setting to ``default`` will follow system-global default NetVM (managed by qubes-prefs). Setting to ``none`` will disable networking in this VM.
|
|
|
|
*Notice:* when setting to ``none``, firewall will be set to block all traffic - it will be used by DispVM started from this VM. Setting back to some NetVM will _NOT_ restore previous firewall settings.
|
|
|
|
dispvm_netvm
|
|
Accepted values: netvm name, ``default``, ``none``
|
|
|
|
Which NetVM should be used for Disposable VMs started by this one. ``default`` is to use the same NetVM as the VM itself.
|
|
|
|
maxmem
|
|
Accepted values: memory size in MB
|
|
|
|
Maximum memory size available for this VM. Dynamic memory management (aka qmemman) will not be able to balloon over this limit. For VMs with qmemman disabled, this will be overridden by *memory* property (at VM startup).
|
|
|
|
memory
|
|
Accepted values: memory size in MB
|
|
|
|
Initial memory size for VM. This should be large enough to allow VM startup - before qmemman starts managing memory for this VM. For VM with qmemman disabled, this is static memory size.
|
|
|
|
kernel
|
|
Accepted values: kernel version, ``default``, ``none``
|
|
|
|
Kernel version to use (only for PV VMs). Available kernel versions will be listed when no value given (there are in /var/lib/qubes/vm-kernels). Setting to ``default`` will follow system-global default kernel (managed via qubes-prefs). Setting to ``none`` will use "kernels" subdir in VM directory - this allows having VM-specific kernel; also this the only case when /lib/modules is writable from within VM.
|
|
|
|
template
|
|
Accepted values: TemplateVM name
|
|
|
|
TemplateVM on which VM base. It can be changed only when VM isn't running.
|
|
|
|
vcpus
|
|
Accepted values: no of CPUs
|
|
|
|
Number of CPU (cores) available to VM. Some VM types (eg DispVM) will not work properly with more than one CPU.
|
|
|
|
kernelopts
|
|
Accepted values: string, ``default``
|
|
|
|
VM kernel parameters (available only for PV VMs). This can be used to workaround some hardware specific problems (eg for NetVM). Setting to ``default`` will use some reasonable defaults (currently different for VMs with PCI devices and without). Some helpful options (for debugging purposes): ``earlyprintk=xen``, ``init=/bin/bash``
|
|
|
|
name
|
|
Accepted values: alphanumerical name
|
|
|
|
Name of the VM. Can be only changed when VM isn't running.
|
|
|
|
drive
|
|
Accepted values: [hd:\|cdrom:][backend-vm:]path
|
|
|
|
Additional drive for the VM (available only for HVMs). This can be used to attach installation image. ``path`` can be file or physical device (eg. /dev/sr0). The same syntax can be used in qvm-start --drive - to attach drive only temporarily.
|
|
|
|
mac
|
|
Accepted values: MAC address, ``auto``
|
|
|
|
Can be used to force specific of virtual ethernet card in the VM. Setting to ``auto`` will use automatic-generated MAC - based on VM id. Especially useful when some licencing depending on static MAC address.
|
|
For template-based HVM ``auto`` mode means to clone template MAC.
|
|
|
|
default_user
|
|
Accepted values: username
|
|
|
|
Default user used by qvm-run. Note that it make sense only on non-standard template, as the standard one always have "user" account.
|
|
|
|
debug
|
|
Accepted values: ``on``, ``off``
|
|
|
|
Enables debug mode for VM. This can be used to turn on/off verbose logging in many qubes components at once (gui virtualization, VM kernel, some other services).
|
|
For template-based HVM, enabling debug mode also disables automatic reset root.img (actually volatile.img) before each VM startup, so changes made to root filesystem stays intact. To force reset root.img when debug mode enabled, either change something in the template (simple start+stop will do, even touch its root.img is enough), or remove VM's volatile.img (check the path with qvm-prefs).
|
|
|
|
qrexec_installed
|
|
Accepted values: ``True``, ``False``
|
|
|
|
This HVM have qrexec agent installed. When VM have qrexec agent installed, one can use qvm-run to start VM process, VM will benefit from Qubes RPC services (like file copy, or inter-vm clipboard). This option will be automatically turned on during Qubes Windows Tools installation, but if you install qrexec agent in some other OS, you need to turn this option on manually.
|
|
|
|
guiagent_installed
|
|
Accepted values: ``True``, ``False``
|
|
|
|
This HVM have gui agent installed. This option disables full screen GUI virtualization and enables per-window seemless GUI mode. This option will be automatically turned on during Qubes Windows Tools installation, but if you install qubes gui agent in some other OS, you need to turn this option on manually. You can turn this option off to troubleshoot some early HVM OS boot problems (enter safe mode etc), but the option will be automatically enabled at first VM normal startup (and will take effect from the next startup).
|
|
|
|
*Notice:* when Windows GUI agent is installed in the VM, SVGA device (used to full screen video) is disabled, so even if you disable this option, you will not get functional full desktop access (on normal VM startup). Use some other means for that (VNC, RDP or so).
|
|
|
|
autostart
|
|
Accepted values: ``True``, ``False``
|
|
|
|
Start the VM during system startup. The default netvm is autostarted regardless of this setting.
|
|
|
|
timezone
|
|
Accepted values: ``localtime``, time offset in seconds
|
|
|
|
Set emulated HVM clock timezone. Use ``localtime`` (the default) to use the same time as dom0 have. Note that HVM will get only clock value, not the timezone itself, so if you use ``localtime`` setting, OS inside of HVM should also be configured to treat hardware clock as local time (and have proper timezone set).
|
|
|
|
AUTHORS
|
|
=======
|
|
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
|
|
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
|
|
| Marek Marczykowski <marmarek at invisiblethingslab dot com>
|