HiddenVM KVM version

Hi Developers,

I have been working on a project called HiddenVM https ://github.com/IncognitoIceman/HiddenVM which is forked from https ://github.com/aforensics/HiddenVM . I decided to fork the project to use KVM instead of VirtualBox because it is insecure and Oracle’s track record of fixing security patch is very bad. I am a huge fan of Whonix because of it’s unbreakable design. This version of HiddenVM uses Tails OS as the host similar to the original version. The whole project is stored persistently in a Hidden veracrypt volume successfully implementing the Hidden OS feature of veracrypt. The project combines the benefits of Tails, Whonix and Veracrypt into one package providing an ultra secure ecosystem.

I am planning to bring the usage of Whonix to masses with the help of this project. This version of HiddenVM connects to the clearnet usage infrastructure of Tails OS. You can only connect to the clearnet version using qemu:///session I have verified this myself as an instance of libvirtd running as the clearnet user appears in system monitor when you run qemu:///session.

Unfortunately we have very limited network options when we run libvirt in qemu:///session mode as only usermode networking is allowed. This becomes a problem because the Whonix-Gateway requires a NAT connection to connect to the internet. I tried to create and start a Whonix external NAT network with no success because I keep getting a permission denied error when running the second command.

sudo -u clearnet virsh -c qemu:///session net-define Whonix_external*.xml

sudo -u clearnet virsh -c qemu:///session net-start Whonix-External

error creating bridge interface virbr1: Operation not permitted

I have tried giving elevated permissions to the clearnet user using polkit etc but have been unsuccessful. I have been working on the project for 3 months now and have hit a roadblock with this problem. The only solution looks like I have to manually edit the libvirt files but I figured I would get some help from the Whonix developers themselves first to solve this issue.

You don’t need to install my project to solve my issues. I just need a general hack on how to give elevated permissions temporarily to qemu:///session to create a network bridge but if you are interested in using the project you can install it on Tails OS. I test my project on a Virtual machine running Tails OS making it easier. The initial setup takes 4 minutes to install and successfully installs and launches virt-manager as qemu:///session user.

To install the proejct all you have to do is type ./AppRun in the terminal in the HiddenVM folder.

I would be very much grateful if you would be able to solve my problem as this idea is too good to be wasted on a permissions issue.

1 Like

I am sorry to say that I am disappointed if you took a good look at the project you would realize how much potential it has. This project is not a simple script if you see it for yourself. I only wanted some help to fix the permissions issue with my project which runs on KVM which is supported by Whonix. Whonix currently doesn’t have a powerful amnesic host like Tails OS which is something that this project uses.

As per this…

I’ve decided not to spend time on any hacks and instead work towards a Whonix-Host ISO live / installer.

If HiddenVM efforts were spent on Whonix-Host ISO instead of HiddenVM (Whonix on top of Tails) Whonix-Host ISO might already be available.

Meanwhile, there is:


Hi Patrick,

Thanks for your posts. I do see that Whonix can be installed on kicksecure by default but I think the process can be too complicated for a person wanting to use Whonix. My project is aims to be a one click solution for privacy activists. I see you are in the process of developing Whonix host which is good but we already have Tails which has a firewall (iptables). I don’t believe that this project is a simple hack as it runs VMs with no problems on tails something that i have tested but unfortunately only with usermode networking with qemu:///session.

True but now I see that nowadays HiddenVM supports other VMs too. Also non-Whonix VMs. That makes the project more useful and now I get the point a bit more.

(But this doesn’t materially change my above opinions, plans.)

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]