We now have the initial packages and can add more dependencies as required.
whonix-host-xfce-kvm-freedom
whonix-host-xfce-kvm-nonfreedom
Most dependencies (such as live-config perhaps etc) should be added to whonix-host-xfce-kvm-freedom. This is because whonix-host-xfce-kvm-nonfreedom has Depends: on whonix-host-xfce-kvm-freedom.
to the xml file.
But as you said it needs to be changed to readwrite afterwards when using the installed host OS.
iirc just using the correct settings for the xml file should be sufficient i.e. you maybe don’t need to change the permissions of the file.
In this case one could maybe come up with some script which checks if we boot from an iso and accordingly sets the read only tag.
Another way would maybe be using virt-install instead of importing the VMs via the xml.
Could be because systemd time daemon is conflicting with what sdwdate is setting. @Patrick can we switch the time daemon on every Debian derivative we make to sdwdate exclusively?
Would this be part of the whonix libvirt host package? If so it would depend on detecting live mode is enabled and then it would edit the VM configs with somehting like sed. Since exiting amnesic mode would revert it, no need for code to undo.
install anon-connection-wizaard on the host too. (And then have user duplicate that work inside Whonix-Gateway.) [In theory, OneVM where Tor runs on the host would make more sense to avoid duplicate Tor config and duplicate Tor connections but OneVM may also be harder to get right in terms of leak protection, never thought that through.]
drop “give user option to not connect to the public Tor network”.
Would this be part of the whonix libvirt host package? If so it would depend on detecting live mode is enabled and then it would edit the VM configs with somehting like sed. Since exiting amnesic mode would revert it, no need for code to undo.
Something like this.
What’s the config that has to be changed?
Or what’s the command line command to be run to change that?
I notice several parameters that escaped me when reading the host hardening guide. Will the installation scripts be designed such that they can be applied to an existing Debian host? If not, would it be possible to document them Arch Wiki style in order to easily replicate the config?
I notice several parameters that escaped me when reading the host hardening guide. Will the installation scripts be designed such that they can be applied to an existing Debian host?
Yes, more or less as a byproduct we’ll get sudo apt-get install whonix. Will be documented when time has come, not ready yet.
(Developers can already do it if that was to help with debugging.) Not
sure yet if sudo apt-get install whonix will be supported for users
since more can go wrong compared to a ISO installer build where all
default installed packages can be defined by developers.
If not, would it be possible to document them Arch Wiki style in order to easily replicate the config?
Both product Hardened Debian and product Whonix Host (temporary
names) won’t apply all steps from host hardening guide. Only what’s
doable / realistic / etc. Some are too specific like router settings to
be done by a host operating system.
I am not sure whonix-libvirt is the ideal place for detection of live mode and the adjustment of image write options. Perhaps the grub-live package is a better place.
However wouldn’t doing this break VM usage since ro-mode-init is not our first choice for using it?
As per Whonix Live KVM instructions - Live Mode for Kicksecure - even the grub-live package says:
To increase security, the VM disks can be set to read-only.
grub-live is compatible with virtualizer read-only setting, even recommended.
Does this solve your concern?
This is really good. Could be done using systemd unit file.
Not sure too. whonix-libvirt package also seems wrong since not tied to Whonix only (also hardened debian). Since there is the grub-live and grub-default-live package, it would have to be duplicated or yet another grub-live-shared package would have to be invented. On the other hand, setting disk to read only in virtualizer settings is not generic for any VM but Whonix KVM VMs only so maybe whonix-libvirt is a good place?
Oh now I see… didn’t know that. Yes it solves my question.
The grub-live host package would be absoutely ideal. It’s a conditional command that makes sense there.
Unless you plan on making Whonix Desktop support other virtualizers, it doesn’t matter if it’s not generic. It fits within the context of a Linux host and hypervisor IMO.
@Patrick Hello, sorry I haven’t contributed much lately, a bit busy period. I will have more time in July. Many thanks for all your feedback, I’ll get back to it when I have some more spare time available.