I am running a Whonix Workstation 9.6 physical build on KVM using lvm logical volume.
Everything is fine except I cannot change the machine’s xml using virsh edit in order to make the changes to deactivate the kvmclock, it always returns to it’s original version.
how I proceed:
stop the lvm group (and all its logical volumes)
virsh dumpxml XYZ machine > XYZ.xml file
undefine the machine XYZ (this deletes the virsh xml)
edit the copied XYZ.xml file (add the line )
virsh define XYZ.xml
This is how it should be (?)…
But if I edit the virsh xml again, the inserted line is gone :-[
I am running a Whonix Workstation 9.6 physical build on KVM using lvm logical volume.
Everything is fine except I cannot change the machine's xml using virsh edit in order to make the changes to deactivate the kvmclock, it always returns to it's original version.
kvmclock is deactivated in the XML you don’t need to do it.
You can still edit a running machine’s XML but the changes won’t take effect until you stop and restart it. No need for undefining redefining anything. Simply edit the configuration that comes up by calling virsh edit machine name then save the changes and exit.
Why are you using LVM instead of the qcow images? An lvm misconfiguration could expose the real filesystem to malicious processes running on the guest. From what I know, the Whonix build script can still allow you to roll your own qcow image from source instead of using orebuilt ones provided here.
What version of libvirt are you running? Libvirt validation removes settings it doesn’t recognize from an edited XML file. Those settings can be about new features the old libvirt knows nothing about. Anything older than Jessie for host will give errors of features not being supported. Run libvirt 1.2.9 and above for best results.
About LVM check the warnings at the end of this page.
Thank-you for the advice. Using nas I use uuid for lvm anyway. Maybe it makes sense to investigate and compare security between lvm vg/lv and qcow.
I am still using libvirt from stable. I tried the backport version but then had big trouble with the devices of my other guests. A clean remove of the backport version didn’t work.
Good question^^ there is no timer listed at all, just the utc offset.
As mentioned before I want add
My guess is that when removing the libvirt stable the virt-xml-validate remained or is not included/updated in the backport. First I will install a fresh Debian with libvirt directly from backport just to exclude this possibility.
If that doesn’t help I will download the qcow2 images and compare the xml files.
I installed a fresh debian stable without qemu-kvm or libvirt.
Then I added qemu-kvm and libvirt from backport and installed the Whonix qcow using the kvm xml.
vhost-net fails at startup (should be kernel related? not a Whonix issue)
then checking with virt-xml-validate:
virt-xml-validate ~/Downloads/Whonix-Gateway_kvm-9.6.xmlRelax-NG validity error : Extra element devices in interleave
Whonix-Gateway_kvm-9.6.xml:30: element devices: Relax-NG validity error : Element domain failed to validate content
Whonix-Gateway_kvm-9.6.xml fails to validate
vhost-net fails at startup (should be kernel related? not a Whonix issue)
I have set KVM to prefer the kernel virtio network driver if present on the system or else it falls back to virtio-net. From what I gather, Debian stable kernel doesn’t enable vhost-net by default.
Juat ignore virt-xml-validate warnings. From my experience there is something buggy about it on Debian that makes it complain about perfectly good configurations as of recently.
By reporting tsc, it means your kvmclock clock is now gone and everything is working as expected.