No Internet Connection inside Whonix-Workstation KVM with NordVPN with Kill-Switch on Host

KVM
16

Progress.

Untested! But looks promising.

Major changes:

  • rootless
  • using unix domain socket files
  • Images must now be placed in folder /home/user/.local/share/libvirt/images to avoid rootless usage.
  • Whonix-External.xml and Whonix-Internal.xml deleted because no longer required.
  • New host dependency: sudo apt install passt

Advantages:

Disadvantages:

  • Hardcoded paths:
    • Path to /home/user is literal and hardcoded. Users using a different Linux account name than “user” will need to adjust their XML file. As far as I know, libvirt does not support ~, "$HOME` or similar.
      • TODO: Please post and upstream feature request.
    • Path to unix doman socket files are stored in folder /run/user/1000 is similarly hardcoded. /run/user does not refer to account “user”. That’s just a constant independent of Linux user account names. And 1000 is a id --user, which will be different on user systems unfortunately.
      • TODO: See if there is a better path for the unix domain socket files.
  • XML files using <qemu:commandline>.
    • (Feature requests exist. Linked above.)

Branch:
GitHub - Kicksecure/libvirt-dist at rootless-kvm-session · GitHub

XML files in branch rootless-kvm-session:
libvirt-dist/usr/share/libvirt-dist/xml at rootless-kvm-session · Kicksecure/libvirt-dist · GitHub

Pull request:
port to rootless and unix domain sockets by adrelanos · Pull Request #119 · Kicksecure/libvirt-dist · GitHub

Diff (file changes):
port to rootless and unix domain sockets by adrelanos · Pull Request #119 · Kicksecure/libvirt-dist · GitHub

Observations:

Notes:

  • The source code changes have been assisted by Claude Code.
  • This forum post has been fully hand-written by myself.

TODO: @HulaHoop:

  • Please test, extend, fix, commit on top of my branch, edit wiki, etc.
Rootless virtual machines with KVM and QEMU