Interesting, but using stem is hard since that requires Tor already running. We’d have to start with DisableNetwork 1 which is cumbersome / may be unstable (script not disabling that again). Need to use the information from the disk.
Looks good. What is the used since date? How to calculate the unixtime when these time out?
Any way we can test that? Can’t really simulate a Tor entry guard cycle since if clock is too much off, Tor refuses to connect. Setting clock 10 years into future didn’t result in change of entry guard for me.
i cannot speak on that authoritatively yet. however i can note that the guard entries that contain a unique “confirmed_idx” variable also have a unique “confirmed_on” variable which is not present for other guard entries. so “confirmed_on” may be the likely variable. the date in the entries i am viewing have not changed in weeks.
as for testing it, can probably manually edit the various date entries for the guards to set them back a year and see if it triggers a rotate. that will get around the issue with playing with the clock and tor.
Hey. Please help solve the problem. Debian Kicksecure Host Installed grub-live. When running grub-live on the host, I cannot start the KVM virtual machine.
Startup error: internal error: child reported
(status = 125): unable to set user and group to
‘64055: 64055’ on '/ var / lib / libvirt / images / Whonix-
Gateway.qcow2 ': No device left
VirtualBox has the same problem. Swears at "No device left
free space "When running a host in normal mode (non-live-mode) everything works fine. Both in VirtualBox and in KVM
mem: total - 15Gi used 404Mi free 14Gi shared 70Mi buff/cache 383Mi available 14Gi
Maybe I turned on / off something extra on the host? (I changed a lot of settings, installed other recommended software (on the wiki)
Read-only mode KVM - worked. (non grub-live on host)
When metadata only copy up feature is enabled, overlayfs will only copy up metadata (as opposed to whole file), when a metadata specific operation like chown/chmod is performed. Full file will be copied up later when file is opened for WRITE operation.
In other words, this is delayed data copy up operation and data is copied up when there is a need to actually modify data.
There are multiple ways to enable/disable this feature.
union=overlay Yes to keep it, probably redundant, but you never know when the default changes
ip=frommedia Yes, " Seems required to not write /etc/network/interfaces , ok."
noeject Yes, let’s keep it, maybe better for quick shutdown.
nopersistence, Seems we could remove this one. Maybe persistence (like Tails) could be a nice feature in the future for Whonix-Host
Btw I have just noticed that default Whonix-Host ISO (Isolinux, didn’t check on GRUB yet) does not have these kernel parameters. Is this on purpose? Or should we harmonize it and have the same exact parameters for VMs and Whonix-Host live-mode?
Edit by Patrick:
added bullet points for easier readability
Btw installing package debug-misc on Whonix-Host ISO wouldn’t increase debugging because current implementation ignores that raw image’s /boot/grub/grub.cfg (which is created from /etc/default/grub.d, i.e. /etc/default/grub.d is ignored) (for now hardcoded).
Could use a script to sanity check if kernel boot parameters are sync (no differences for Whonix-Host ISO) but not easy.
Why are kernel boot paramaters (such as spectre_v2=on spec_store_bypass_disable=on tsx=off …) defined in both files: