Error "Cannot open shared object file" after creating Standalone VM

I’m still pretty new to qubes-os, but really like the idea and concept. To add even more security to the VMs, I would like to block all internet traffic and allow only dedicated, trusted addresses for some vms.

The idea is to build a new VM like the sys-firewall, called sys-secure-dns and install there dnsmask and unbound. This solution allows me, in contrast to the firewall, block domain entries which can point to several IPS. I know that the direct access to sites by using their IPs is not restricted by DNS blocking.

The sys-secure-dns would be downstream in the chain:

user vm 1
user vm2 – sys-secure-dns – sys-firewall → Internet
user vm3 /

other user vm – sys-firewall → Internet

My intention was to build a standaloneVM based on the debian10 Template VM and install there unbound and dnsmask because this two applications are not intended to be used on other VMs.
I built the standalone VM with the Qube Manager, the VM is up and running. But as soon as I start the shell, I can read an error in the shell:
ERROR: ld.so: object '/usr/local/lib/AppProtection/libAppProtection.so from /etc/ld.so.preload (cannot open shared object file): ignored.

What did I wrong when setting up the standalone VM? Where to correct the error? I already rebuilt it once with the same result.
Reading through the documentary was only confirming myself, that I built the VM as intended but brought no solution.

Regards,
Dominic

Without knowing the detail of how you set up the standaloneVM and what
packages you installed there it’s really difficult to help you.
Try just creating a stock Debian10, then clone it and add unbound and
dnsmask one by one. Then you’ll be able to identify where the error
derives.
There isnt a Debian package that provides that object

I went to the Qube Manager and used the GUI button to create a new cube. I gave it the name sys-secure-dns, and made the following definitions in the drop down menue:

Type: «Qube based on a template VM (AppVM)», Template
Template: «default (debian-10)»
Networking: «default» (sys-firewall)

I left the advanced checkboxes unchecked.

Btw: A debian-10 Template VM was installed with the default stable release from Qubes OS.

The error shown in the command shell above is showed every time I start the shell without typing any commands, so I assume problems with priviledges of that VM (didn’t install/change anything on the VM so far).

Ok. So in this case you have an AppVM and not a TemplateVM.

My fault. I chose «Standalone qube copied from a template» and used the default template debian-10.

After the creation, I can see the template as «StandaloneVM».

1 Like

No one that can help me? The problem is still existent:

I built the standalone VM with the Qube Manager, the VM is up and running. But as soon as I start the shell, I can read an error in the shell:
ERROR: ld.so: object '/usr/local/lib/AppProtection/libAppProtection.so from /etc/ld.so.preload (cannot open shared object file): ignored.

What did I wrong when setting up the standalone VM? Where to correct the error?

It may be that this is not at all related to Qubes have you searched for this issue more generally on debian?

Not yet. The other VM with Debian-10 are not showing this error at all. Since I made a standanlone VM based on the existing default Debian-10 installations and made nothing more, I would be more than surprised when the problem is caused by Debian (from my point of view, in this case, the default debian-10 installation and all depending qubes should show the same problem what is not the case - its just in regard to the standalone vm).

Does the same problem occur when you make another standalone VM like this?

1 Like

I just made another testcube based on the TemplateVM. This new Testcube is showing the same error, too. Now, I opend an existing cube which is also based on the same Debian Template VM. The shell is showing the same problem here, too. Completely surprised, I opend the shell of the template VM itself, but there is the error not occuring.

From my point of view, a given Installation on the template VM itself is causing this error, but only for other cubes. Now, I’m totally overstrained how to solve this problem when I cannot see it in the template VM itself (how can localise the source of the error?)

1 Like

Perhaps this could add some clarity: TemplateVMs | Qubes OS.

Whenever a TemplateBasedVM is created, the contents of the /home directory of its parent TemplateVM are not copied to the child TemplateBasedVM’s /home . The child TemplateBasedVM’s /home is always independent from its parent TemplateVM’s /home , which means that any subsequent changes to the parent TemplateVM’s /home will not affect the child TemplateBasedVM’s /home .

I told you how to do this, and you haven’t done it.
It isn’t in the default template, so it is something you have done.
Start with a base template - install the packages one at a time - see
where the error arises.