Gateway VM barely runs on KVM, can't get swdate to run

Apologies if I am missing any info, I am very new to this. My base OS is Fedora 39 (KDE), vanilla setup. I followed the install steps exactly (afaik).

The Gateway VM has serious problems. It takes ~10 min to launch, even in TTY mode (256 MB memory). I gave it 8GB and ran it with a GUI and this will sometimes start after several minutes, but it takes ~30 sec to register each button press, if it does it at all.

It isn’t functional enough to run systemcheck outside of the cli, but throws a ton of errors when it actually runs. I’ve included them below:

AppArmor
AVC apparmor=“DENIED” operation=“open” profile=“/usr/bin/onioncircuits” name=“/etc/ssl/openss.cnf” comm=“onioncircuits” requested_mask=“r” denied_mask=“r”

Warnings
Mostly about tor being compiled with zstd 1.5.2. Only notable warning was for host tor[956] Option ‘DisableNetwork’ used more than once: all but the last value will be ignored.

Failed

• localhost kernel: pinctrl core: failed to create debugfs directory
• localhost kernel: regulator: Failed to create debugfs directory
• localhost kernel: regulator-dummy: Failed to create debugfs directory
• localhost kernel: zswap: debugfs initialization failed
• localhost kernel: tirdad: module verification failed: signature and/or required key missing - tainting kernel
• host audit: CONFIG_CHANGE op=set audit_failure=1 old=1 auid=4294967295 ses=4294967295 subj=unconfined res=1
• host augenrules[687]: failure 1
• hosts udisksd[736]: Failed to load the ‘mdraid’ libblockdev plugin
• host vanguards[937]: NOTICE … : Tor daemon connection failed: [Errno 2] No such file or directory. Trying again…
• host spice-vdagent[1220]: display: failed to call GetCurrentState from mutter over DBUS
• host systemd[1]: system-jounald.service: Failed with result ‘watchdog’
• host systemd[1]: systemd-udevd.service: Failed with result ‘watchdog’
• host systemd[1]: systemd-logind.service: Failed with result ‘watchdog’
• Looks like the above systemd processes were killed, log was from host audit
• host sdwdate[1053]: [wrong datestamp] - sdwdate - INFO - failed_urls: 3 allowed_failures: 6
• NOTICE[wrong datestamp]: Tor has been failing all circuits for 319 seconds!
• host spice=vdagent[1220] get_alsa_default_mixer_by_name fail: No such file or directory
• host spice=vdagent[1220]: Fail to sync playback volume
• host spice=vdagent[1220]: get_alsa_default_mixer_by_name fail: No such file or directory
• host spice=vdagent[1220]: Fail to sync record volume
• host systemd[1]: systemd-journald.service: Failed with result ‘watchdog’
• host systemd[1]: systemd-udevd.service: Failed with result ‘watchdog’
• host systemd[1]: systemd-logind.service: Failed with result ‘watchdog’
• another notice about Tor failing all cirucits for > 300 seconds

Errors

• host sdwdate-pre[717]: + gcc /usr/src/sdwdate/sclockadj.c -o /usr/libexec/sdwdate/sclockadj -ldl - D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=3 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relo -Wl,-z,now
• host lightdm[967]: Error getting user list from orgfreedesktop.Accounts: GDBus.Error.org.freedesktop.DBus.Error.ServiceUnknown: The name ord.freedesktop.Accounts was not provided by any service files
• host spice-vdagent[1220]: error message: Cannot invoke method: proxy is for the well-known name org.gnome.Mutter.DisplayConfig without an owner, and proxy was constructed with the G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START flag
• host mate-notificati[1265] AT-SPI: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
• host sdwdate[1053]: sdwdate - ERROR - General Timeout Error: Internet connection might be down.

Any help here would be greatly appreciated!

Which virtualizer? VirtualBox?

Sounds like host operating system issues and/or hardware issues. This is most likely not an issue caused by Whonix.

The only way to debug this is to go through this checklist:
General VirtualBox Troubleshooting Steps

Hey Patrick, thanks. Its on KVM (I put it in the title but didn’t add it to the post). I logged in as the admin user and it fixed the AppArmor error. Why do you think these are related to the host OS? I thought it was supposed to be largely isolated?

Also, its worth mentioning that aside from having no internet the workstation works fine. The problems I have are 100% confined to the Gateway

That is a symptom of VMs with Secure Boot enabled.

Did you enable Secure Boot somehow inside the VM?

Or is the host’s Secure Boot influence KVM VMs? It should not as far as I know, but I didn’t test that.

It’s supposed to be indeed but dependent on the host operating system.

In the past, differnt kernel versions not yet supported by VirtualBox have broken Linux distributions (any, not limited to Whonix) inside VirtualBox. Here is one example:
Linux Host Kernel versus Tor Browser and other Crashes

Pretty severe issue. Very broken system if these are broken. Such severe issues would be caught before release by testers running systemcheck. And all releases are tested before stable release.

Whonix is used by thousands of users. It’s easy to use. It’s not beyond broken. There aren’t such severe issue by default in Whonix.

In the past, users have reported to have fixed similar issues by using a different host operating system and/or hardware.

There is likely nothing that can be fixed on the level of Whonix.

In case of KVM, you can try this checklist here: General Troubleshooting

Note: I am not a maintainer of Whonix KVM.

I had a similar issue, you may want to remove the cpuset='1' in the vcpu tag of the VM config.

See: Whonix 15: increasing allocated CPU number makes the VM incredibly slow