Whonix on Fedora Silverblue

Leibi · May 18, 2023, 8:10pm

Hello everyone,

I’d like to use Whonix on Fedora Silberblue 38 but did not manage to do so.
Has somebody here a hint to a tutorial or could describe the needed steps?
I would be really thankfull!

tpm · May 19, 2023, 2:40pm

This is more of a Fedora Silverblue question than a Whonix question.
Virtualbox installation is… problematic, but not recommended anyway.
As for QEMU/KVM, follow the same instructions from the wiki for Fedora Workstation, but use rpm-ostree instead of dnf to install virt-manager. For example: rpm-ostree install virt-manager. Currently, the virt-manager package is sufficient to run Whonix.
Tip: if you want to avoid having to type the root password each time you start Virtual Machine Manager for the first time after logging in, instead of trying to add yourself to the libvirt/kvm groups, you’ll want to add a polkit rule for that.

extraextra · May 19, 2023, 7:43pm

Which virtualizer? Which issue did you experience?

Leibi · January 6, 2024, 7:53am

I have to start somewhere…

I did, thanks.

If I start and open one of the VMs all I see is this screen:

Leibi · January 7, 2024, 11:22am

Log:

2024-01-07 10:23:56.756+0000: starting up libvirt version: 9.7.0, package: 1.fc39 (Fedora Project, 2023-09-04-13:12:57, ), qemu version: 8.1.3qemu-8.1.3-1.fc39, kernel: 6.6.9-200.fc39.x86_64, hostname: XXX
LC_ALL=C \
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
HOME=/var/lib/libvirt/qemu/domain-1-Whonix-Gateway \
XDG_DATA_HOME=/var/lib/libvirt/qemu/domain-1-Whonix-Gateway/.local/share \
XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain-1-Whonix-Gateway/.cache \
XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain-1-Whonix-Gateway/.config \
/usr/bin/qemu-system-x86_64 \
-name guest=Whonix-Gateway,debug-threads=on \
-S \
-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain-1-Whonix-Gateway/master-key.aes"}' \
-machine pc-i440fx-8.1,usb=off,vmport=off,dump-guest-core=off,mem-merge=off,memory-backend=pc.ram,hpet=off,acpi=on \
-accel kvm \
-cpu host,migratable=on,kvmclock=on,kvm-pv-unhalt=on,pmu=off \
-m size=1048576k \
-object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' \
-overcommit mem-lock=off \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid 45026b03-a90c-4afc-ab24-6420e0cce02f \
-device '{"driver":"vmgenid","guid":"0efde9fb-3a6a-4035-b776-d1164537f80d","id":"vmgenid0"}' \
-no-user-config \
-nodefaults \
-chardev socket,id=charmonitor,fd=33,server=on,wait=off \
-mon chardev=charmonitor,id=monitor,mode=control \
-rtc base=utc,clock=vm,driftfix=slew \
-global kvm-pit.lost_tick_policy=delay \
-no-shutdown \
-global PIIX4_PM.disable_s3=1 \
-global PIIX4_PM.disable_s4=1 \
-boot menu=off,strict=on \
-device '{"driver":"piix3-usb-uhci","id":"usb","bus":"pci.0","addr":"0x1.0x2"}' \
-device '{"driver":"virtio-serial-pci","id":"virtio-serial0","bus":"pci.0","addr":"0x5"}' \
-blockdev '{"driver":"file","filename":"/var/lib/libvirt/images/Whonix-Gateway.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":null}' \
-device '{"driver":"virtio-blk-pci","bus":"pci.0","addr":"0x6","drive":"libvirt-1-format","id":"virtio-disk0","bootindex":1}' \
-netdev '{"type":"tap","fd":"34","id":"hostnet0"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet0","id":"net0","mac":"52:54:00:ea:9a:bf","bus":"pci.0","addr":"0x3"}' \
-netdev '{"type":"tap","fd":"36","id":"hostnet1"}' \
-device '{"driver":"virtio-net-pci","netdev":"hostnet1","id":"net1","mac":"52:54:00:1b:e4:6a","bus":"pci.0","addr":"0x4"}' \
-chardev pty,id=charserial0 \
-device '{"driver":"isa-serial","chardev":"charserial0","id":"serial0","index":0}' \
-chardev spicevmc,id=charchannel0,name=vdagent \
-device '{"driver":"virtserialport","bus":"virtio-serial0.0","nr":1,"chardev":"charchannel0","id":"channel0","name":"com.redhat.spice.0"}' \
-audiodev '{"id":"audio1","driver":"spice"}' \
-spice port=5900,addr=127.0.0.1,disable-ticketing=on,disable-agent-file-xfer=on,seamless-migration=on \
-device '{"driver":"virtio-vga","id":"video0","max_outputs":1,"bus":"pci.0","addr":"0x2"}' \
-object '{"qom-type":"rng-random","id":"objrng0","filename":"/dev/urandom"}' \
-device '{"driver":"virtio-rng-pci","rng":"objrng0","id":"rng0","bus":"pci.0","addr":"0x7"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
-msg timestamp=on
char device redirected to /dev/pts/2 (label charserial0)
2024-01-07T10:24:33.667007Z qemu-system-x86_64: terminating on signal 15 from pid 8496 (<unknown process>)
2024-01-07 10:24:33.867+0000: shutting down, reason=destroyed

Maybe not Fedora Silverblue related.
See also: No bootable device
Can you help @HulaHoop ?

Patrick · January 8, 2024, 4:30am

Meaning:

Unlikely…

Last post 2 non-KVM: Oct, 23.
Last post KVM: 7 Sept 23.

Was recently updated:

HulaHoop · February 10, 2024, 6:02pm

Could be a SELinux permissions problem preventing libvirt from accessing the image directory. Try setting it to permissive mode and see if this fixes things. If not then try searching upstream tickets for similar error codes. All else fails, just move to a more stable distro so you can move on with life. Definitely worked out for me.

Leibi · March 4, 2024, 8:51pm

I solved my issue. It was about missing packages.
One has to use

rpm-ostree install libvirt qemu-system-x86