Running with gcow Files In Home Folder

So I had a 1.5 year old as of now version of Whonix running this way. I did this because my computer is dual booted with Mint as hypervisor for Whonix and I have ecryptfs home. I hadnt used it for a while and tried using it again recently and nothing on Tor would load properly so I did a backup of my data and then updated my hypervisor software by reinstall then started reinstalling Whonix on KVM. I tried searching the forums here to see if I had help with it before and nothing comes up so I must not have asked and found a workaround on my own, it was so long ago I dont remember. Whonix for KVM guide says to put them in a subdirectory of /var/ but I do not want to do this because that leaves them unencrypted inside the root directories and I only have 30 GB available in my root partition vs the 500 GB for my home partition.

So I followed the KVM guide all the way until edit config XML files and point them to my directory in /home/username/ I made for my .gcow files then follow rest of guide besides copy to the /var/ subdirectory for reasons stated above. Then when I go to run machines in Virtual Machine Manager I always get "Error starting domain: Cannot access storage file ‘[absolute directory of gcow file]’ (as uid:64055, gid:108). After running command lines to see which user and group this was I get “libvirt-qemu” and “kvm:x:108:[Linux username of root account]” respectively. From here I figure, I must of just changed permissions to make it work last time. So first I try adding “libvirt-qemu” to “[Linux username of account]” group then set the directory with the gcow files and all the files within as 770 then 750 for all folders going back to root. This didnt work so then I try chmod to make the folder with gcow owned by the “kvm” group. Same exact error every time.

How do I get Whonix in KVM to work without leaving the .gcow files unencrypted outside of my home directory and letting KVM run as user root, which also sounds very insecure to do? I’ve been up all night trying to figure it out and its making me want to pull my hair out as I know you can do it as I did it before and had it work until the software expired and had to update the software.

You are better off reinstalling your host and having it LUKS encrypted from the start and not bother with home folder encryption. Your current setup is probably leaking stuff on the unencrypted portion of your disk because all kinds of stuff is being written to your swap partition during VM operation.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]