[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Whonix 8.6 KVM Error in Debian Stable

HulaHoop:
Can you fix the wiki instructions please? Only use “sudo” when necessary?

troubadour:
I guess the /usr/sbin/libvirtd AppArmor permission problem could be caused by the fact, that /usr/sbin/libvirtd does for example have no permission to read ~/Whonix-Gateway/Whonix-Gateway_kvm-*.xml. troubadour, what location would work by default? Perhaps we can modify our instructions to make that work easier (not requiring turning of libvirtd AppArmor profile)?

HulaHoop: Can you fix the wiki instructions please? Only use "sudo" when necessary?

Just tested and sudo is not necessary do any of these things so I won’t include it.

[quote=“HulaHoop, post:22, topic:368”][quote]HulaHoop:
Can you fix the wiki instructions please? Only use “sudo” when necessary?[/quote]

Just tested and sudo is not necessary do any of these things so I won’t include it.[/quote]

How?

I re-installed the VM’s (destroyed and undefined) and downloaded new images. I even changed the source of the images and location within the xml file to see if it was a permissions problem with the default image location.

I then booted up in regular kernel without grsecurity. I stopped all apparmor profiles and used the teardown option to unload fully.

I imported all the xml’s without sudo, and still when I try to start the Whonix network, I get the error…

error: Failed to start network Whonix
error: Cannot open network interface control socket: Operation not permitted

That’s from my experience, it doesn’t seem to need admin privileges.

ok, were you using debian stable?

There are still quite a few issues related to Debian stable…

Installed libvirt-bin and qemu-kvm from wheezy-backports.

dpkg -l | grep libvirt-bin ii libvirt-bin 1.2.4-1~bpo70+1 amd64 programs for the libvirt library

dpkg -l | grep qemu-kvm ii qemu-kvm 2.0.0+dfsg-4~bpo70+1 amd64 QEMU Full virtualization on x86 hardware (transitional package)

All import commands work without sudo, besides this one.

virsh net-start Whonix error: Failed to start network Whonix error: Cannot open network interface control socket: Operation not permitted

Not imported using sudo - can not be started with sudo.

sudo virsh net-start Whonix error: failed to get network 'Whonix' error: An error occurred, but the cause is unknown

Maybe all network commands have to be used using sudo? But that’s not all…

HulaHoop, can you get into the perspective of a Debian stable user please?

Get Debian stable running on some computer or inside a VM?

Document how to install required parts from wheezy-backports?

After having libvirt-bin and qemu-kvm installed from wheezy-backports, there is also an issue with install virt-manager. It wants to downgrade.

sudo apt-get install virt-manager Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: init-system-helpers libavahi-core7 Use 'apt-get autoremove' to remove them. The following extra packages will be installed: libvirt-bin libvirt0 python-libvirt qemu qemu-system qemu-utils virtinst Suggested packages: radvd qemu-user-static samba python-gnomekeyring hal python-guestfs The following packages will be REMOVED: qemu-kvm qemu-system-common qemu-system-x86 The following NEW packages will be installed: python-libvirt qemu qemu-system qemu-utils virt-manager virtinst The following packages will be DOWNGRADED: libvirt-bin libvirt0 0 upgraded, 6 newly installed, 2 downgraded, 3 to remove and 4 not upgraded. Need to get 33.7 MB/36.2 MB of archives. After this operation, 74.4 MB of additional disk space will be used. Do you want to continue [Y/n]?

But if you downgrade libvirt-bin, you cannot import VM xml files.

virsh define Whonix-Workstation_kvm.xml error: Failed to define domain from Whonix-Workstation_kvm.xml error: internal error unexpected domain type kvm, expecting vbox

Debian stable seems in a very difficult state. I fear we have to either recommend using Debian testing, or a different host operating system (which would be weird) or wait until Debian jessie becomes stable. Hopefully you can figure out a solution.

debian stable doesn’t have version 2.83 of apparmor because there is a bug in mod_apparmor, therefore debian still has an older version

(read permissions for /var/lib/libvirt/dnsmasq/* were added to the dnsmasq profile 2013-10-30, which means the fix is in 2.8.3)

for debian stable users, you can just copy the newer dnsmasq profile and replace existing: http://bazaar.launchpad.net/~apparmor-dev/apparmor/2.8/view/head:/profiles/apparmor.d/usr.sbin.dnsmasq

EDIT: Although this allowed me to manually add and start a default network within virt-manager without conflict with apparmor. When I try to start the Whonix network I still get this error:

error: Failed to start network Whonix
error: Cannot open network interface control socket: Operation not permitted

and to the above post by Patrick, yes all commands need to be sudo to start the network :frowning:

Maybe, maybe not:
https://bugs.launchpad.net/neutron/+bug/1009215

Regarding sudo vs non-sudo… gh0st found an interesting link:
https://www.redhat.com/archives/libvirt-users/2012-October/msg00140.html

To prevent sudo, maybe.

Will help. (Or something like this.) Can you try please?

HulaHoop, can you get into the perspective of a Debian stable user please?

Unfortunately I can’t help with this because I’m not running Debian stable.

Unfortunately I can’t help with this because I’m not running Debian stable.[/quote]

Do you think that importing and starting the VM’s as sudo is a more risky than just using debian testing?

Unfortunately I can’t help with this because I’m not running Debian stable.[/quote]
Can you install it in a VM?

[quote=“Patrick, post:26, topic:368”]After having libvirt-bin and qemu-kvm installed from wheezy-backports, there is also an issue with install virt-manager. It wants to downgrade.

sudo apt-get install virt-manager Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: init-system-helpers libavahi-core7 Use 'apt-get autoremove' to remove them. The following extra packages will be installed: libvirt-bin libvirt0 python-libvirt qemu qemu-system qemu-utils virtinst Suggested packages: radvd qemu-user-static samba python-gnomekeyring hal python-guestfs The following packages will be REMOVED: qemu-kvm qemu-system-common qemu-system-x86 The following NEW packages will be installed: python-libvirt qemu qemu-system qemu-utils virt-manager virtinst The following packages will be DOWNGRADED: libvirt-bin libvirt0 0 upgraded, 6 newly installed, 2 downgraded, 3 to remove and 4 not upgraded. Need to get 33.7 MB/36.2 MB of archives. After this operation, 74.4 MB of additional disk space will be used. Do you want to continue [Y/n]?

But if you downgrade libvirt-bin, you cannot import VM xml files.[/quote]
This was a problem with my host operating system. Perhaps a bug in apt-get. Difficult to reproduce. Nevertheless, now solved.

Instructions on how to install required software from Debian stable have been documented here and tested by me in a fresh Debian stable VM, works:

When we consistently apply “-c qemu:///system” to all invocations of “virsh”, sudo is not required for me, for nothing! Instructions have been updated to use “-c qemu:///system” :

Please try and say if it is working for you!

@gh0st:
Are you sure you have added yourself to the libvirt group?

No offense meant, that’s the reason why I could not use “virsh -c qemu:///system” as a user, only " virsh -c qemu:///session".

Not only libvirt, also to kvm group.

This might help. Updated wiki:

KVM supports nested virtualization, but I don’t know how to enable it. If anyone has tried and got it successfully running please share how so I could simulate what you are doing in a Whonix Guest.

I could document this once we have it working as its really cool. Just to be clear, I have tried to run nested before but I couldn’t get it working

…long time ago I already added my user to the groups by doing “adduser (user) kvm” and “adduser (user) libvirt”… if I do it again it says my user is already added to the group.

and I haven’t tried virsh -c qemu:///system yet… will try now

Is it just me… or is anyone else whos using debian stable getting mouse scroll issues and resolution issues? (taskbar gets cuttof when expanding resolution height over 720)

Happens for me as well. Is this an issue introduced by Whonix or does it also happen if Debian stable (currently: wheezy)? Have you tried or can you try please?

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]