Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <bancfc <at> openmailbox.org>
Subject: Isolating the Guest clock from Host
Newsgroups: gmane.comp.emulators.kvm.devel
Date: Thursday 20th March 2014 02:32:00 UTC (over 3 years ago)
Hi, let me introduce what I do in order to give context to my questions. 
I am currently working on porting the Whonix project to KVM 
(Whonix.org). We use virtualization for its isolation properties to 
guarantee that all traffic from the workstation vm is forced through TOR 
that runs in the second, network-facing, gateway vm.

Timing and clock skews are very important in maintaining anonymity and 
our objective is to make sure the guest clock is isolated from the 
host's, so a network adversary would be unable to induce and correlate 
active time modification in the host NTP to result in a skew inside the 
Whonix vm.

First Question: Is there a way to configure clock=vm in a machine's xml 
file via virsh?

Second Question: What are all the possible ways to accomplish this? Is 
there another equivalent attribute we can use with virsh or any other 
means?

Third Question: If not and its only possible through qemu-kvm 
commandline as noted here: 
https://doc.opensuse.org/products/draft/SLES/SLES-kvm_sd_draft/cha.qemu.running.html#cha.qemu.running.gen_opts.rtc

Is there a configuration file of some type to tell kvm to start a vm 
with clock=vm or could it only be done through scripting?


Fourth Question: . I am not familiar with using qemu-kvm directly to 
start whonix with all the settings I have applied to it from the GUI. Is 
there a way to apply these settings automatically without referencing 
them besides the -rtc clock=vm command?


Thanks In Advance
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms