I got Whonix running on KVM via libvirt’s
qemu:///session inside of a Docker container. I’m sharing here as this may be of interest to the forum, or at least of use to anyone attempting anything similar in the future.
Docker serves to simplify the configuration and management of the network and filesystem resources associated with Whonix virtual machines. This approach enables reproducibility and ease of management for custom configurations of Whonix-based environments. On the other side of the spectrum, this approach also enables contained, side effect-free, single-command setup and teardown of pre-baked Whonix environments for new users.
libvirt runs inside of a Docker container which runs with
--device /dev/kvm. virt-manager and virtual machine GUIs are forwarded to the host’s X11 session.
qemu:///session doesn’t have the privilege to manage virtual networking resources, so the container must set up the virtual networks on behalf of libvirt and then define them using
To work around a libvirt-related networking issue which I have yet to diagnose, I had to include a patch for the Whonix-Gateway firewall . This is a temporary hack which I will remove once I manage to find and resolve the underlying problem.