On Wed, Mar 02, 2016 at 11:09:20AM +0100, Martin Kletzander wrote: > On Tue, Mar 01, 2016 at 07:51:48PM +0000, bancfc@xxxxxxxxxxxxxxx wrote: > >For better system anonymity (to decouple VM OS timestamps leaked in > >traffic from host ones) a feature can be added to the clock offset > >variable to select randomly from a specified range of seconds from > >instead of a fixed number of seconds. That way a guest's clock can vary > >unpredictably from the host's and confuse correlation by network > >adversaries. > > > >Full Disclosure: I am from the Tor centric Whonix Project - whonix.org > >and this would be a very useful feature for us. > > > > Interesting idea. Should this be automated, I would expect this to be > done above libvirt, using libvirt's APIs. Particularly virDomainSetTime > [1] could be of use. There's a virsh command for that as well, called > domtime that can be called from a script. Agreed, this feature is really a specific usage policy. Libvirt aims to focus on providing mechanism, letting specific policies be implemented by the management applications using libvirt. We already allow the time offset to be set to an arbitrary number of seconds, so apps starting a guest can change that value as desired each time. So I don't think there is anything should do in libvirt for this. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list