I’ve run into an issue today.
I’m running Whonix 220.127.116.11.7 on an Ubuntu Server 18.04 host over KVM (libvirt 4.0.0).
Following the KVM Guide I was able to get everything up and running(*), including logging into both Gateway and Workstation VMs via console with the command
apt upgrade I wasn’t able to log in anymore as a regular user in both VMs, getting a “Permission denied” after entering the correct password. The only way to get access again was by rebooting the VM in recovery mode, logging in as root.
After some help from Patrick on the Whonix Telegram Group the issue could be traced to the recent addition of Console Lockdown. Adding the terminal
ttyS0, which you get connected to using
virsh console, to the list of allowed consoles for the
console group in
/etc/security/access-security-misc.conf resolved the issue.
(*): Had to change a line in the Workstation XML;
<codec type='output'/> to
<codec type='micro'/>, since
output is only supported since libvirt 4.4.0
: whonix /wiki/KVM
: whonix /wiki/Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown
: github /Whonix/security-misc/blob/master/etc/security/access-security-misc.conf
: libvirt /formatdomain.html#elementsSound