I have been working on a project called HiddenVM https ://github.com/IncognitoIceman/HiddenVM which is forked from https ://github.com/aforensics/HiddenVM . I decided to fork the project to use KVM instead of VirtualBox because it is insecure and Oracle’s track record of fixing security patch is very bad. I am a huge fan of Whonix because of it’s unbreakable design. This version of HiddenVM uses Tails OS as the host similar to the original version. The whole project is stored persistently in a Hidden veracrypt volume successfully implementing the Hidden OS feature of veracrypt. The project combines the benefits of Tails, Whonix and Veracrypt into one package providing an ultra secure ecosystem.
I am planning to bring the usage of Whonix to masses with the help of this project. This version of HiddenVM connects to the clearnet usage infrastructure of Tails OS. You can only connect to the clearnet version using qemu:///session I have verified this myself as an instance of libvirtd running as the clearnet user appears in system monitor when you run qemu:///session.
Unfortunately we have very limited network options when we run libvirt in qemu:///session mode as only usermode networking is allowed. This becomes a problem because the Whonix-Gateway requires a NAT connection to connect to the internet. I tried to create and start a Whonix external NAT network with no success because I keep getting a permission denied error when running the second command.
error creating bridge interface virbr1: Operation not permitted
I have tried giving elevated permissions to the clearnet user using polkit etc but have been unsuccessful. I have been working on the project for 3 months now and have hit a roadblock with this problem. The only solution looks like I have to manually edit the libvirt files but I figured I would get some help from the Whonix developers themselves first to solve this issue.
You don’t need to install my project to solve my issues. I just need a general hack on how to give elevated permissions temporarily to qemu:///session to create a network bridge but if you are interested in using the project you can install it on Tails OS. I test my project on a Virtual machine running Tails OS making it easier. The initial setup takes 4 minutes to install and successfully installs and launches virt-manager as qemu:///session user.
To install the proejct all you have to do is type ./AppRun in the terminal in the HiddenVM folder.
I would be very much grateful if you would be able to solve my problem as this idea is too good to be wasted on a permissions issue.
Hi,
I am sorry to say that I am disappointed if you took a good look at the project you would realize how much potential it has. This project is not a simple script if you see it for yourself. I only wanted some help to fix the permissions issue with my project which runs on KVM which is supported by Whonix. Whonix currently doesn’t have a powerful amnesic host like Tails OS which is something that this project uses.
Thanks for your posts. I do see that Whonix can be installed on kicksecure by default but I think the process can be too complicated for a person wanting to use Whonix. My project is aims to be a one click solution for privacy activists. I see you are in the process of developing Whonix host which is good but we already have Tails which has a firewall (iptables). I don’t believe that this project is a simple hack as it runs VMs with no problems on tails something that i have tested but unfortunately only with usermode networking with qemu:///session.
True but now I see that nowadays HiddenVM supports other VMs too. Also non-Whonix VMs. That makes the project more useful and now I get the point a bit more.
(But this doesn’t materially change my above opinions, plans.)
I have been trying to find an answer to the following and thought you may be able to give me some insight:
Question:
I am using VirtualBox and Whonix from within a hidden veracrypt volume using Tails. The code that allows VirtualBox to be run from a non system hidden volume is from Github: aforensics/HiddenVM. When the HiddenVM code is run from Tails it installs VirtualBox with updates and connects it to your VirtualBox Gateway and Workstation VMs on the hidden volume. Is it OK to use Tor Project provided transport obfs4 bridges when connecting to Tor in Whonix Gateway? Or should the bridges be used when connecting to Tor within Tails before the Whonix Gateway and Workstation are started. Or will either of these just cause problems?
I have posted this question in the Whonix - Unsupported Platforms forum without a clear answer under the topic head: