Did a lot of debugging to figure out what was going wrong here. Turns out this is a limitation in GTK. There should be a solution that we can deploy in kloak.
What’s happening is that kloak creates emulated devices that are basically “wrappers” around actual input devices. kloak does its magic by taking events coming from real input devices and emitting them via the emulated devices it creates. In order to allow the system to distinguish between kloak’s emulated devices and real devices, kloak sets the name of each emulated device to kloak output device. This is a recent change, and was done while adding the ability for kloak to restart itself any time a new real input device was connected (thus cloaking newly-attached devices along with ones present at startup).
The problem with this is that VirtualBox emulates a USB tablet in order to allow mouse integration to work. This tablet looks like a touchscreen, and the only reason GTK doesn’t treat it as a touchscreen is because it has a hardcoded list of device names that it recognizes as “looks like a touchscreen but should not be treated as one”. One of those device names is virtualbox usb tablet. VirtualBox’s mouse integration would be treated as a touchscreen device if it wasn’t for this check, but GTK sees that the “tablet” is really from VirtualBox, so it doesn’t treat it as a touchscreen.
This is where things become a problem. When kloak runs, it creates an emulated input device for VirtualBox’s USB tablet that has all the same features as the USB tablet, and thus also looks like a touchscreen. But the name of this new “touchscreen” is kloak output device, which GTK does not have in its hardcoded list of “don’t treat this like a touchscreen” devices. Thus GTK sees the kloak output device, sees it has the features of a touchscreen. and proceeds to treat it like a touchscreen, resulting in touchscreen-specific features being enabled like text magnification.
So that’s the source of the bug. The solution for now is probably going to be to add code to kloak that detects when it is running in a VM. If kloak is running inside of a VM, it can choose to not rename the emulated device it creates, but instead preserve the name of the device it wraps. That way GTK will see kloak’s output device as being a virtualbox usb tablet or something similar, and can treat it properly. This will break dynamic device detection inside VMs, but most people don’t pass through physical input devices to their VMs as far as I am aware, so it shouldn’t be disruptive. Users who do pass through USB devices into Whonix can just restart kloak when they do so.