Can you reproduce the same issues in Whonix KVM?
1 Like
I can enter the cli shell from host console or through the option text console in VMM.
I can boot into recovery mode OK no errors of any kind.
1 Like
I’ve run into an issue today.
I’m running Whonix 15.0.0.8.7 on an Ubuntu Server 18.04 host over KVM (libvirt 4.0.0).
Following the KVM Guide[1] I was able to get everything up and running(*), including logging into both Gateway and Workstation VMs via console with the command virsh console.
After running whonixsetup and apt upgrade I wasn’t able to log in anymore as a regular user in both VMs, getting a “Permission denied” after entering the correct password. The only way to get access again was by rebooting the VM in recovery mode, logging in as root.
After some help from Patrick on the Whonix Telegram Group the issue could be traced to the recent addition of Console Lockdown[2]. Adding the terminal ttyS0, which you get connected to using virsh console, to the list of allowed consoles for the console group in /etc/security/access-security-misc.conf[3] resolved the issue.
(*): Had to change a line in the Workstation XML; <codec type='output'/> to <codec type='micro'/>, since output is only supported since libvirt 4.4.0[4]
[1]: whonix /wiki/KVM
[2]: whonix /wiki/Dev/Strong_Linux_User_Account_Isolation#Console_Lockdown
[3]: github /Whonix/security-misc/blob/master/etc/security/access-security-misc.conf
[4]: libvirt /formatdomain.html#elementsSound
2 Likes