Hi, let me introduce what I do in order to give context to my questions.
I am currently working on porting the Whonix project to KVM
(Whonix.org). We use virtualization for its isolation properties to
guarantee that all traffic from the workstation vm is forced through TOR
that runs in the second, network-facing, gateway vm.
Timing and clock skews are very important in maintaining anonymity and
our objective is to make sure the guest clock is isolated from the
host's, so a network adversary would be unable to induce and correlate
active time modification in the host NTP to result in a skew inside the
Whonix vm.
First Question: Is there a way to configure clock=vm in a machine's xml
file via virsh?
Second Question: What are all the possible ways to accomplish this? Is
there another equivalent attribute we can use with virsh or any other
means?
Third Question: If not and its only possible through qemu-kvm
commandline as noted here:
https://doc.opensuse.org/products/draft/SLES/SLES-kvm_sd_draft/cha.qemu.running.html#cha.qemu.running.gen_opts.rtc
Is there a configuration file of some type to tell kvm to start a vm
with clock=vm or could it only be done through scripting?
Fourth Question: . I am not familiar with using qemu-kvm directly to
start whonix with all the settings I have applied to it from the GUI. Is
there a way to apply these settings automatically without referencing
them besides the -rtc clock=vm command?
Thanks In Advance
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
