libvirt can be told to ignore a guest’s request for restart. The actual action would be a silent shutdown. Same for when a crash happens, libvirt would just leave the machine in its shutdown state instead of booting it again.
This all hinges on what you think about the attack i described earlier. Should we just advise people not to do things on their host that would leak timestamps? Like browsing for instance. From what I got from the wiki, this is the only thing done on a Linux host that could leak this information.
I don’t think that would be beneficial. Why would an adversary who compromised the machine want to restart? The adversary can just run arbitrary malicious code, see the whole VM desktop, log all VM keystrokes, (after root compromise) load kernel modules, kexec (=boot) to new kernel without reboot and so forth.
I don’t think Linux is more affected by this compared to other operating systems.
We don’t really know in which places time stamps are leaked. Browser TLS is one thing. Other updaters may leak this as well, especially on Windows.
At very least it contains code to extract Tor entry guards and to put them into an iptables firewall.
Just now posted an related feature request:
So some day at least there should be a host firewall we can advice using. Or even better, there should be a Whonix host operating system, that does this and other security related improvements.