On Tue, Mar 01, 2016 at 07:51:48PM +0000, bancfc@xxxxxxxxxxxxxxx wrote:
For better system anonymity (to decouple VM OS timestamps leaked in traffic from host ones) a feature can be added to the clock offset variable to select randomly from a specified range of seconds from instead of a fixed number of seconds. That way a guest's clock can vary unpredictably from the host's and confuse correlation by network adversaries. Full Disclosure: I am from the Tor centric Whonix Project - whonix.org and this would be a very useful feature for us.
Interesting idea. Should this be automated, I would expect this to be done above libvirt, using libvirt's APIs. Particularly virDomainSetTime [1] could be of use. There's a virsh command for that as well, called domtime that can be called from a script. HTH, Martin [1] https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainSetTime
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list