I have been working on a project called HiddenVM https ://github.com/IncognitoIceman/HiddenVM which is forked from https ://github.com/aforensics/HiddenVM . I decided to fork the project to use KVM instead of VirtualBox because it is insecure and Oracle’s track record of fixing security patch is very bad. I am a huge fan of Whonix because of it’s unbreakable design. This version of HiddenVM uses Tails OS as the host similar to the original version. The whole project is stored persistently in a Hidden veracrypt volume successfully implementing the Hidden OS feature of veracrypt. The project combines the benefits of Tails, Whonix and Veracrypt into one package providing an ultra secure ecosystem.
I am planning to bring the usage of Whonix to masses with the help of this project. This version of HiddenVM connects to the clearnet usage infrastructure of Tails OS. You can only connect to the clearnet version using qemu:///session I have verified this myself as an instance of libvirtd running as the clearnet user appears in system monitor when you run qemu:///session.
Unfortunately we have very limited network options when we run libvirt in qemu:///session mode as only usermode networking is allowed. This becomes a problem because the Whonix-Gateway requires a NAT connection to connect to the internet. I tried to create and start a Whonix external NAT network with no success because I keep getting a permission denied error when running the second command.
sudo -u clearnet virsh -c qemu:///session net-define Whonix_external*.xml
sudo -u clearnet virsh -c qemu:///session net-start Whonix-External
error creating bridge interface virbr1: Operation not permitted
I have tried giving elevated permissions to the clearnet user using polkit etc but have been unsuccessful. I have been working on the project for 3 months now and have hit a roadblock with this problem. The only solution looks like I have to manually edit the libvirt files but I figured I would get some help from the Whonix developers themselves first to solve this issue.
You don’t need to install my project to solve my issues. I just need a general hack on how to give elevated permissions temporarily to qemu:///session to create a network bridge but if you are interested in using the project you can install it on Tails OS. I test my project on a Virtual machine running Tails OS making it easier. The initial setup takes 4 minutes to install and successfully installs and launches virt-manager as qemu:///session user.
To install the proejct all you have to do is type ./AppRun in the terminal in the HiddenVM folder.
I would be very much grateful if you would be able to solve my problem as this idea is too good to be wasted on a permissions issue.