What’s the status of KVM vs Protocol Leak and Fingerprinting Protection ? Up to date? Specifically…
CPU model and capabilities.
Hidden or non-hidden?
Obsolete. Output will show exact host CPU flags and properties. Don’t have a choice.
No longer hidden from guest.
2 Likes
Do Whonix KVM VMs have a virtual DVD or floppy drive by default?
No. I exclude the virtual DVD drive to decrease attack surface.
1 Like
What’s a good virtual CPU count for KVM?
Currently it’s 1.
Maybe 2 would be better? Any disadvantages of that?
Would that workaround bug Slow shutdown of version 15 workstation and gateway?
Maybe if there are 4 physical CPUs, one should not assign 4 virtual CPUs to a KVM VM? Could have a similar issue as VirtualBox?
https://www.virtualbox.org/ticket/19500
Which performance benefit are you referring to?
In my experience one seems to cut it for most tasks including hd video playback. Building Whonix of course needs more cpus allocated, but not many are doing that. The disadvantage is we over commit resources which puts a hard limit on use with dual core machines unless a user decides to edit the settings manually. (yes there are dual core machines out there with 4gb ram go figure). Adding one more core to ws pushes total requirement for Whonix to 3 cores because we don’t allow gw and ws to use same cores.
No this looks like a strange software bug that I hope gets ironed out by stable next.
Yeah you should never assign all cores to VMs. At least one free one should be left to the host or you run into deadlocks and freezing of the host.
1 Like
Bumping up vcpu core count while only one is pinned doesn’t give you increased cpu perf, but results in terrible stability and freeze ups of the VM.
1 Like
HulaHoop via Whonix Forum:
No this looks like a strange software bug that I hope gets ironed out by stable next.
Alright. Since that bug
doesn’t get fixed, there’s no urgency to change anything.
In my experience one seems to cut it for most tasks including hd video
playback.
OK.
Building Whonix of course needs more cpus allocated, but not many are
doing that.
Agreed. Not a criteria.
The disadvantage is we over commit resources which puts a hard limit
on use with dual core machines unless a user decides to edit the
settings manually. (yes there are dual core machines out there with 4gb
ram go figure). Adding one more core to ws pushes total requirement for
Whonix to 3 cores because we don’t allow gw and ws to use same cores.
OK. Maybe CPU assignment could be more automatic, better once
Whonix-Host is a reality.
13 posts were split to a new topic: Host to KVM VM Communication
Please review:
KVM: Difference between revisions - Whonix
1 Like
What an excellent edit. I always welcome prefixing things with GNU 
Seriously thanks for clarifying which tool to use though.
1 Like
https://www.whonix.org/w/index.php?title=KVM&type=revision&diff=58711&oldid=58390
virsh -c qemu:///system net-autostart default
==== AUTHENTICATING FOR org.libvirt.unix.manage ===
System policy prevents management of local virtualized systems
Could you please check all Whonix ™ for KVM if it mentions becoming root or suggests using sudo whenever required?
I don’t see how virsh -c qemu:///system net-autostart default could work without root/sudo since this is a system wide change? It’s on a Kicksecure based host for development purposes. Perhaps that broke pkexec or something and therefore sudo is required?
1 Like
Confirmed. You are right sudo is required for defining and interacting with the virsh net command. Otherwise a regular user cannot even see the networks.
This is even the case in upstream documentation:
I will modify the wiki.
1 Like
Also related: interacting with virt-manager without having to input the root password every time you will have to add the user to the libvirt and kvm groups
That specific message is related to polkit policy that can have a rule added to deal with it:
1 Like
HulaHoop via Whonix Forum:
Also related: interacting with virt-manager without having to input the root password every time you will have to add the user to the libvirt and kvm groups
It was indeed related to forgotten application of addgroups and reboot
instructions.
1 Like
13 posts were split to a new topic: Whonix Software Signature Verification Documentation Discussion - VirtualBox vs KVM - GPG / signify / codecrypt
Could you review KVM: Difference between revisions - Whonix please?
1 Like
Not sure what we wanted to use comments earlier?
New answer. “Comments in libvir xml files now possible.”
Could you try please if now comments can be persisted?
1 Like
Doesn’t work for me unfortunately. Either not supported in this version of libvirt or it’s non-functional. The metadata tag has been in use fr a long time according tot the libvirt manual, but it is for defining custom app XML schema:
The metadata node can be used by applications to store custom metadata in the form of XML nodes/trees. Applications must use custom namespaces on their XML nodes/trees, with only one top-level element per namespace (if the application needs structure, they should have sub-elements to their namespace element). Since 0.9.10.
Unrelated but interesting - when searching he manual I found there is a new feature for disk BackingStores added which seems to me similar to the concept of Qubes Templates. Theoretically one could have one main disk image that shares common elements of both GW and WS while a second one contains only the diff, saving on image sizedramatically, but probably too complex to implement.
1 Like