Page MenuHomePhabricator
Feed All Stories

Yesterday

HulaHoop added a comment to T509: Consider nftables as a replacement for iptables.

Starting with Bullseye nftables will be the default:

Thu, Oct 17, 7:29 PM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Tue, Oct 15

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

https://redmine.tails.boum.org/code/issues/17156

Tue, Oct 15, 9:26 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Sun, Oct 13

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Analysis by Cyrus cited here for completion:

Sun, Oct 13, 4:18 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Thu, Oct 10

HulaHoop renamed T931: Testing tpm2-pkcs11with KVM vTPM 2.0 from Testing tpm2-pk11 with KVM vTPM 2.0 to Testing tpm2-pkcs11with KVM vTPM 2.0.
Thu, Oct 10, 3:54 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop removed a project from T931: Testing tpm2-pkcs11with KVM vTPM 2.0: packaging.
Thu, Oct 10, 3:50 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop claimed T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Thu, Oct 10, 3:49 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop renamed T931: Testing tpm2-pkcs11with KVM vTPM 2.0 from Packaging for tpm2-pk11 to Testing tpm2-pk11 with KVM vTPM 2.0.
Thu, Oct 10, 3:49 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop added a comment to T931: Testing tpm2-pkcs11with KVM vTPM 2.0.

Already packaged in Debian but is currently orphaned and needs a maintainer accoridng to its ex-maintainer:

Thu, Oct 10, 3:47 PM · Whonix, Debian version 11 codename Bullseye

Mon, Oct 7

HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Mon, Oct 7, 11:29 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Mon, Oct 7, 11:13 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Mon, Oct 7, 9:40 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Mon, Oct 7, 9:28 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop added a comment to T543: TCP ISNs and Temperature induced clock skews.

An alternative proposal for editing ISNs without involving the kernel:

Mon, Oct 7, 3:11 AM · C Code, security, Whonix

Sun, Oct 6

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.
Sun, Oct 6, 10:53 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick closed T596: keep an eye on kloak anti keystroke deanonymization tool as Resolved.

Implemented for some time now.

Sun, Oct 6, 9:54 PM · Whonix 16, security, Whonix
Patrick updated subscribers of T530: CPU-induced latency Covert Channel Countermeasures.
Sun, Oct 6, 9:50 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Reported build failures:

Sun, Oct 6, 9:47 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0

Sun, Oct 6, 9:01 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.

Sun, Oct 6, 6:04 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Sat, Oct 5

HulaHoop added a comment to T931: Testing tpm2-pkcs11with KVM vTPM 2.0.

TPM hw not working. Troubleshooting thread:

Sat, Oct 5, 5:10 PM · Whonix, Debian version 11 codename Bullseye

Fri, Oct 4

madaidan added a comment to T670: Activating Lockdown.

It turns out, what I said only applies to the Debian package. The kernel patch and the package are actually two different things.

Fri, Oct 4, 8:37 PM · Debian version 10 codename Buster, Whonix
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Fri, Oct 4, 6:06 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Fri, Oct 4, 4:33 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop triaged T931: Testing tpm2-pkcs11with KVM vTPM 2.0 as Normal priority.
Fri, Oct 4, 4:22 PM · Whonix, Debian version 11 codename Bullseye

Sat, Sep 28

Patrick added a project to T930: whonix.SdwdateStatus service starts VMs that were killed: sdwdate-gui.
Sat, Sep 28, 10:44 AM · sdwdate-gui, Whonix

Fri, Sep 27

marmarek created T930: whonix.SdwdateStatus service starts VMs that were killed.
Fri, Sep 27, 8:46 PM · sdwdate-gui, Whonix

Mon, Sep 23

Patrick updated the task description for T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.
Mon, Sep 23, 10:10 AM · server-ssh-access-required, website, Whonix
Patrick updated the task description for T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.
Mon, Sep 23, 10:09 AM · server-ssh-access-required, website, Whonix

Sep 14 2019

Patrick updated the task description for T89: Whonix Control Panel.
Sep 14 2019, 7:45 PM · Whonix, Apps, enhancement, usability

Aug 31 2019

Patrick triaged T929: Whonix XFCE Wallpaper / Background Image as Normal priority.
Aug 31 2019, 3:50 PM · Whonix 16, whonix-xfce-desktop-config, Whonix
Patrick updated the task description for T919: Whonix Live Branding.
Aug 31 2019, 3:49 PM · live-mode, Whonix
Patrick updated the task description for T919: Whonix Live Branding.
Aug 31 2019, 3:49 PM · live-mode, Whonix
Patrick updated the task description for T919: Whonix Live Branding.
Aug 31 2019, 3:47 PM · live-mode, Whonix

Aug 30 2019

0brand added a comment to T900: Installation and setup of Kicksecure tutorials.

This forum thread will be used for community documentation discussions (currently under Organizational sub forum).

Aug 30 2019, 7:28 PM · Whonix, user documentation

Aug 23 2019

Patrick renamed T900: Installation and setup of Kicksecure tutorials from Installation and setup of Hardened Debian Linux tutorials to Installation and setup of Kicksecure tutorials.
Aug 23 2019, 2:20 PM · Whonix, user documentation
0brand claimed T900: Installation and setup of Kicksecure tutorials.

Season of Docs starts on Sep 02 2019.

Aug 23 2019, 12:22 PM · Whonix, user documentation
0brand triaged T900: Installation and setup of Kicksecure tutorials as High priority.
Aug 23 2019, 12:21 PM · Whonix, user documentation

Aug 21 2019

Patrick changed the status of T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on from Open to testing-in-next-build-required.

Should work on manual invocation.

Aug 21 2019, 9:13 AM · Whonix-Host, whonix-libvirt, Whonix, live-mode
Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

For the record, this is the diff being generated.

Aug 21 2019, 8:38 AM · Whonix-Host, whonix-libvirt, Whonix, live-mode

Aug 19 2019

Patrick triaged T928: install xfce4-power-manager on Whonix Host and Kicksecure Host as Normal priority.
Aug 19 2019, 4:22 PM · whonix-libvirt, live-mode, Whonix, Whonix-Host
Patrick closed T903: find new name for Hardened Debian and rename it as Resolved.

https://forums.whonix.org/t/hardened-debian-security-focused-linux-distribution-based-on-debian-in-development-feedback-wanted/5943/30?u=patrick

Aug 19 2019, 4:20 PM · Whonix-Host, Whonix
Patrick added projects to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on: whonix-libvirt, Whonix-Host.
Aug 19 2019, 3:47 PM · Whonix-Host, whonix-libvirt, Whonix, live-mode
Patrick claimed T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.
Aug 19 2019, 3:45 PM · Whonix-Host, whonix-libvirt, Whonix, live-mode
Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

By default, the VMs do not start because the virtual disks are not set to readonly. This is only needed when using the ISO though. Might stay this way as long as the user is correctly advised to change to set the disk to readonly mode.

Aug 19 2019, 3:45 PM · Whonix-Host, whonix-libvirt, Whonix, live-mode

Aug 17 2019

Patrick created T927: port to /etc/apparmor.d/abstractions.d in Debian 11 bullseye.
Aug 17 2019, 9:15 AM · Whonix, Debian version 11 codename Bullseye

Aug 16 2019

Patrick updated the task description for T911: xfce theming.
Aug 16 2019, 4:22 PM · Whonix, Whonix 15

Aug 11 2019

Patrick updated the task description for T215: install electrum bitcoin thin client by default?.
Aug 11 2019, 2:13 PM · anon-meta-packages, research, Whonix

Aug 9 2019

Patrick added a comment to T215: install electrum bitcoin thin client by default?.

install electrum appimage by default:
https://github.com/Whonix/anon-meta-packages/commit/71d40f5316ee7eb38eb04142d80d23c56a48407b

Aug 9 2019, 11:50 AM · anon-meta-packages, research, Whonix

Jul 27 2019

Patrick added a project to T803: coyIM: Debian version 11 codename Bullseye.
Jul 27 2019, 1:27 PM · Debian version 11 codename Bullseye, Whonix 16, anon-meta-packages, Whonix
Patrick added a comment to T912: qubes integration tools missing.

Looks like mine.

Jul 27 2019, 1:25 PM · Qubes, Whonix

Jul 25 2019

TNTBOMBOM renamed T926: TBB removed obfs3 support But still in ACW from TBB removed obfs3 suppor But still in ACW to TBB removed obfs3 support But still in ACW.
Jul 25 2019, 5:52 PM · graphical user interface, python, anon-connection-wizard, Whonix
Patrick added a project to T926: TBB removed obfs3 support But still in ACW: graphical user interface.
Jul 25 2019, 5:10 PM · graphical user interface, python, anon-connection-wizard, Whonix
Patrick added a project to T926: TBB removed obfs3 support But still in ACW: python.
Jul 25 2019, 5:10 PM · graphical user interface, python, anon-connection-wizard, Whonix
Patrick added a project to T926: TBB removed obfs3 support But still in ACW: anon-connection-wizard.
Jul 25 2019, 5:09 PM · graphical user interface, python, anon-connection-wizard, Whonix
Patrick edited projects for T921: Installing git-all will delete some Whonix packages , added: Whonix; removed anon-meta-packages, Whonix 16.
Jul 25 2019, 5:08 PM · Whonix
Patrick updated the task description for T921: Installing git-all will delete some Whonix packages .
Jul 25 2019, 5:08 PM · Whonix
Patrick added a comment to T921: Installing git-all will delete some Whonix packages .

remove qubes-core-agent dependency on initscripts
https://github.com/QubesOS/qubes-issues/issues/5133

Jul 25 2019, 5:08 PM · Whonix
TNTBOMBOM created T926: TBB removed obfs3 support But still in ACW.
Jul 25 2019, 3:50 PM · graphical user interface, python, anon-connection-wizard, Whonix
TNTBOMBOM added a comment to T921: Installing git-all will delete some Whonix packages .

but it doesnt happen on plain debian-qubes template , any idea why?

Jul 25 2019, 3:33 PM · Whonix
TNTBOMBOM added a comment to T912: qubes integration tools missing.
<?xml encoding="UTF-8" version="1.0"?>
<actions>
<action>
	<icon>utilities-terminal</icon>
	<name>Open Terminal Here</name>
	<unique-id>1555514114536034-1</unique-id>
	<command>exo-open --working-directory %f --launch TerminalEmulator</command>
	<description>Example for a custom action</description>
	<patterns>*</patterns>
	<startup-notify/>
	<directories/>
</action>
<action>
	<icon>folder-copy</icon>
	<name>Copy to VM</name>
	<unique-id>1507455450991127-4</unique-id>
	<command>/usr/lib/qubes/qvm-actions.sh copy %F</command>
	<description></description>
	<patterns>*</patterns>
	<directories/>
	<audio-files/>
	<image-files/>
	<other-files/>
	<text-files/>
	<video-files/>
</action>
<action>
	<icon>folder-move</icon>
	<name>Move to VM</name>
	<unique-id>1507455437157027-3</unique-id>
	<command>/usr/lib/qubes/qvm-actions.sh move %F</command>
	<description></description>
	<patterns>*</patterns>
	<directories/>
	<audio-files/>
	<image-files/>
	<other-files/>
	<text-files/>
	<video-files/>
</action>
<action>
	<icon>document-open</icon>
	<name>Open in VM</name>
	<unique-id>1507455471075266-5</unique-id>
	<command>/usr/lib/qubes/qvm-actions.sh openvm %F</command>
	<description></description>
	<patterns>*</patterns>
	<audio-files/>
	<image-files/>
	<other-files/>
	<text-files/>
	<video-files/>
</action>
<action>
	<icon>gtk-convert</icon>
	<name>Convert in DisposableVM</name>
	<unique-id>1507455488971315-6</unique-id>
	<command>/usr/lib/qubes/qvm-actions.sh pdf %F</command>
	<description></description>
	<patterns>*.pdf</patterns>
	<other-files/>
</action>
<action>
	<icon>gtk-convert</icon>
	<name>Convert in DisposableVM</name>
	<unique-id>1507455503129941-7</unique-id>
	<command>/usr/lib/qubes/qvm-actions.sh img %F</command>
	<description></description>
	<patterns>*</patterns>
	<image-files/>
</action>
<action>
	<icon>document-open</icon>
	<name>Edit in DisposableVM</name>
	<unique-id>1507455559234996-8</unique-id>
	<command>/usr/lib/qubes/qvm-actions.sh opendvm %F</command>
	<description></description>
	<patterns>*</patterns>
	<audio-files/>
	<image-files/>
	<other-files/>
	<text-files/>
	<video-files/>
</action>
<action>
	<icon>document-open</icon>
	<name>View in DisposableVM</name>
	<unique-id>1507455559234997-9</unique-id>
	<command>/usr/lib/qubes/qvm-actions.sh viewdvm %F</command>
	<description></description>
	<patterns>*</patterns>
	<audio-files/>
	<image-files/>
	<other-files/>
	<text-files/>
	<video-files/>
</action>
</actions>
Jul 25 2019, 2:45 PM · Qubes, Whonix

Jul 22 2019

HulaHoop closed T769: Add LUKS container GUI or CLI utility by default as Resolved.
Jul 22 2019, 3:04 AM · Whonix 15, Debian version 10 codename Buster
HulaHoop added a comment to T769: Add LUKS container GUI or CLI utility by default.

Yes Zulucrypt included and functional on KVM 15. However fixes for both zulucrypt and tomb haven't made it into Buster from what I've tested. Zulucrypt has a tomb plugin to open Tomb files too.

Jul 22 2019, 3:03 AM · Whonix 15, Debian version 10 codename Buster
HulaHoop added a comment to T893: Mouse cursor rarely works on KVM Whonix WS 14.0.1.3.8.

Whonix 15 has since come out. Has this been resolved? Not reproducible on Debian Buster either.

Jul 22 2019, 2:36 AM · KVM, Whonix
HulaHoop added a comment to T803: coyIM.

Problem has since been reported and fixed upstream. Let's look into re-including by Bullseye.

Jul 22 2019, 2:35 AM · Debian version 11 codename Bullseye, Whonix 16, anon-meta-packages, Whonix
HulaHoop added a comment to T897: Unable to write to '/sys/fs/cgroup/blkio/machine.slice/machine....

This bug does not exist on Debian stable after I upgraded. I have it documented for Arch and a work around for it. Nothing more to be done on my end.

Jul 22 2019, 2:34 AM · Whonix, KVM

Jul 21 2019

marmarek added a comment to T925: whonixcheck false positive in check_journal.

Sounds good, thanks.

Jul 21 2019, 8:26 PM · Whonix
Patrick added a comment to T925: whonixcheck false positive in check_journal.

Done in git master.

Jul 21 2019, 6:29 PM · Whonix
Patrick added a comment to T925: whonixcheck false positive in check_journal.

Sounds good?

Jul 21 2019, 6:07 PM · Whonix
marmarek added a comment to T925: whonixcheck false positive in check_journal.
Does lowering "severity could be lowered to "info" and not causing
non-zero exit codes" + `journalctl -p err -b` sound like a good solution?
Jul 21 2019, 3:26 PM · Whonix
Patrick added a comment to T925: whonixcheck false positive in check_journal.
journal keeps metadata about each message, so it's possible to avoid it with `journalctl -p err -b` (I've added `-b` to avoid listing messages from previous boot).
Jul 21 2019, 3:11 PM · Whonix
marmarek created T925: whonixcheck false positive in check_journal.
Jul 21 2019, 3:03 AM · Whonix

Jul 19 2019

Patrick placed T896: Hidden onion services GUI in sys-whonix up for grabs.
Jul 19 2019, 10:47 AM · qubes-whonix, usability, Whonix
Patrick added a comment to T896: Hidden onion services GUI in sys-whonix.

https://forums.whonix.org/t/focus-on-whonix-core-development/5036

Jul 19 2019, 10:47 AM · qubes-whonix, usability, Whonix

Jul 16 2019

marmarek added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
In T913#18744, @Patrick wrote:

Do you see any issues with "create home directory on first login" in Qubes?

Jul 16 2019, 1:07 AM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

Can you give some more context here?

Jul 16 2019, 12:42 AM · whonix-base-files, live-mode, Whonix, Whonix 15

Jul 15 2019

marmarek added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

Can you give some more context here? Is it the problem that user is created too early (before /etc/skel is fully populated)? Or is it a problem that it's created at all? Should there be a difference between Qubes and non-Qubes case?

Jul 15 2019, 11:58 PM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jul 15 2019, 6:23 PM · whonix-base-files, live-mode, Whonix, Whonix 15

Jul 14 2019

Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jul 14 2019, 9:29 AM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick updated subscribers of T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jul 14 2019, 8:42 AM · whonix-base-files, live-mode, Whonix, Whonix 15

Jul 11 2019

Patrick created T924: rename to bullseye-security.
Jul 11 2019, 9:12 AM · anon-apt-sources-list, Debian version 11 codename Bullseye, Whonix

Jul 8 2019

Patrick closed T631: re-enable tor-controlport-filter.service systemd hardening as Resolved.
Jul 8 2019, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Removed a few. Would not start without openat, so kept.

Jul 8 2019, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Jul 8 2019, 8:30 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Jul 8 2019, 1:06 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?

Jul 8 2019, 12:53 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 7 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Error back after reboot.

Jul 7 2019, 11:50 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 6 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Jul 6 2019, 4:23 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
marmarek added a comment to T857: Why? Keep? Qubes-Whonix /sbin/ethtool -K ${INTERFACE} sg off | /sbin/ethtool -K ${INTERFACE} tx off.

It was copied from native setup_ip script, details here:
https://github.com/qubesos/qubes-core-agent-linux/commit/5cbb38a2
https://github.com/qubesos/qubes-issues/issues/700
It definitely was relevant for old stubdomain hosting qemu (which is still possible to use in R4.0). Not sure if applies to new linux-based stubdomain.
It may be not needed anymore. To verify that, try removing those lines and check networking in Windows (or other OS without Xen PV drivers).

Jul 6 2019, 3:45 PM · Whonix 16, qubes-whonix, Whonix
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Jul 6 2019, 1:03 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T600: Integrating Guix/Nix Package Manager.

Any update?

Jul 6 2019, 12:40 PM · Whonix, packaging, research
Patrick added a comment to T622: Run unMessage on Whonix.

Dead upstream.

Jul 6 2019, 12:34 PM · Whonix
Patrick added a comment to T857: Why? Keep? Qubes-Whonix /sbin/ethtool -K ${INTERFACE} sg off | /sbin/ethtool -K ${INTERFACE} tx off.

Any idea? @marmarek

Jul 6 2019, 12:32 PM · Whonix 16, qubes-whonix, Whonix
Patrick closed T859: test as Resolved.
Jul 6 2019, 12:31 PM · Restricted Project, Whonix
Patrick added a comment to T904: make sure there is no swap by default.

There is none indeed for VMs but it has to be re-checked once/if Whonix-Host becomes a thing.

Jul 6 2019, 12:30 PM · Whonix, Whonix-Host
Patrick added a comment to T654: create an unMessage onion-grater profile.

Dead upstream.

Jul 6 2019, 12:28 PM · Whonix, onion-grater (Control Port Filter Proxy)

Jul 4 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder.

Jul 4 2019, 5:09 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/commit/8480cff304ea019b25dc49d91672e7c3f8599a07

Jul 4 2019, 7:59 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.

Jul 4 2019, 7:41 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 3 2019

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

I just re-read the error message. Try adding

Jul 3 2019, 5:10 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T670: Activating Lockdown.

I can test it but I doubt lockdown will help at all.

Jul 3 2019, 4:58 PM · Debian version 10 codename Buster, Whonix