fixed virtual disk size

bomet · February 25, 2023, 3:17pm

hello
100GB dynamic disks are a huge problem in my usage case.
What is the best option to have whonix GW vm disk limited to 5GB and whonix WKS to 10GB?
thanks

Patrick · February 25, 2023, 3:57pm

Same as for VirtualBox when using any other VM.

bomet · February 25, 2023, 3:59pm

I cannot shrink default vdisks from 100GB to 5GB/10GB at install

Patrick · February 25, 2023, 4:54pm

If VirtualBox cannot do that, then I do not have a solution either.

Your only option then:
Shrink Virtual Hard Disk Size chapter Build from Source Code in Kicksecure wiki
(Just now documented.)
(Whonix is based on Kicksecure.)

Step 1: build from source code

Step 2: use the vmsize option

--vmsize 50G

bomet · February 25, 2023, 4:58pm

what about starting with a Debian install and then follow “Installation_from_Repository” ?

Patrick · February 25, 2023, 5:25pm

At time of writing:

This is unsupported, not tested by any Whonix ™ contributors and might need some work. What’s missing?
…

That wiki page was updated a bit just now. Maybe that helps.

bomet · February 25, 2023, 5:37pm

what about booting in recovery mode and doing “resize2fs /dev/sda1 10G” ? will it be enough to prevent virtual disk expansion ?

Patrick · February 25, 2023, 5:48pm

I didn’t test that command but in theory that might work.

If it’s sufficient I don’t know. There are “usually” no such issues as you described:

You’re the first one in 11 that I can recall to have an issue with this. So maybe XyProblem and easier to fix the root cause?

A slightly more popular (still rare) request is to release space in a VM that was biger in the past, now has files deleted how to release the deleted space. That however should be doable the normal Linux / VirtualBox way, i.e. unspecific to Whonix.

But the 100GB dynamic disk could under some rare threat models be seen as a local DOS issue. If running multiple untrusted VMs that might attempt a local DOS by expanding to the maximum available 100GB, that could be an issue.

In that case it depends, could the attack run the opposite of that command and undo what you just did?

If yes, then that command is insufficient.
If no, then that command might be sufficient.

That threat model is rare because usually users don’t assume their VMs getting compromised and the attacker attempting local DOS.

bomet · February 25, 2023, 5:58pm

whonix virtual disks grows pretty quickly with updates and normal use.
I dont have much space left on my ssd, sure not 100GB to shrink the virtual disk with zerofree and vboxmanage -compact

bomet · February 25, 2023, 6:43pm

no it wont work.

what about adding a second 10GB virtual disk and rsync on it the content of the first disk, make it bootable and then remove the first disk?

bomet · February 25, 2023, 8:21pm

it worked!

Patrick · February 27, 2023, 1:53pm

No objection.

Great!