Information
ID: 440
PHID: PHID-TASK-khrsuf7uo2lh2exifsla
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal
Description
Edit the VM xml and change:
<clock offset='utc'>
to
<clock offset='variable' adjustment='123456' basis='utc'>
The adjustment attribute takes any arbitrary value of seconds. Pick a random number of seconds from 0 to 900 (15 minute range). Let’s see if also negative values are possible. I.e. a random number between + and - 900.
Why?
preventing Clock Correlation Attacks
Related to:
make sure Qubes-Whonix has no access to clocksource=xen (T389)
Related Qubes upstream bug:
libvirt domain validation error; virsh edit issue
Comments
Patrick
2016-03-22 10:42:58 UTC