Page MenuHomePhabricator
Feed Advanced Search

Oct 15 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

https://redmine.tails.boum.org/code/issues/17156

Oct 15 2019, 9:26 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Oct 13 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Analysis by Cyrus cited here for completion:

Oct 13 2019, 4:18 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Oct 6 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 10:53 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick updated subscribers of T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 9:50 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Reported build failures:

Oct 6 2019, 9:47 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0

Oct 6 2019, 9:01 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.

Oct 6 2019, 6:04 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Dec 7 2018

Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 15.
Dec 7 2018, 12:06 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Apr 13 2017

Patrick edited projects for T530: CPU-induced latency Covert Channel Countermeasures, added: Whonix 15; removed Whonix 14.
Apr 13 2017, 11:11 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Jan 18 2017

Patrick removed a project from T530: CPU-induced latency Covert Channel Countermeasures: Whonix 13.
Jan 18 2017, 7:00 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Dec 28 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Another LAN/Public wifi fingerprinting attack that Ethan's code can defeat:

Dec 28 2016, 2:08 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Nov 28 2016

HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Done. Added io limit commits to open pull requests. Each vm can only use a maximum of 25% of the host io resources.

Nov 28 2016, 12:18 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 20 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Yes.

Nov 20 2016, 5:07 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Should limits be enforced for GW too?

Nov 20 2016, 4:16 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 19 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

HulaHoop (HulaHoop):

HulaHoop added a comment.
Though I agree with anonym's argument that resource exhaustion goes
against the purpose of advanced malware that wants to hide

Nov 19 2016, 6:51 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Though I agree with anonym's argument that resource exhaustion goes against the purpose of advanced malware that wants to hide - I still looked at io limits in case you still think its valuable to set.

Nov 19 2016, 5:39 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 12 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

HulaHoop (HulaHoop):

HulaHoop added a comment.

There's a problem with setting this. SSD vs HDD io throughput is very different. What is reasonable for one will be excessive or too low for the other.
Nov 12 2016, 3:22 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

There's a problem with setting this. SSD vs HDD io throughput is very different. What is reasonable for one will be excessive or too low for the other.

Nov 12 2016, 12:20 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 11 2016

Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 11 2016, 3:55 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 11 2016, 3:54 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

blkiotune and iotune can restrict io (KVM only)
https://libvirt.org/formatdomain.html#elementsBlockTuning

Nov 11 2016, 3:45 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Oct 11 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Looks like I overlooked python3-netfilterqueue-packager.

Oct 11 2016, 10:40 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Sep 8 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I've now added Debian packaging support to the actual filter. Both packages install correctly and work well.

Sep 8 2016, 10:38 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Sep 6 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I'm thinking that, from an architecture standpoint, we probably want to have one package for kti/python-netfilterqueue, and another one for my NetfilterQueue handler, rather than merge them both into the same package. This would be good if we end up with more than one NetfilterQueue handler (which seems likely; see, for example, T543). I'll also be creating a Debian package for my NetfilterQueue handler in the coming days.

Sep 6 2016, 7:52 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Sep 2 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I've created some bash scripts to create a Debian package for kti/python-netfilterqueue. They're available in this GitHub repository, and I've uploaded a version of the package created on my Debian Jessie system here. There are still a few issues I'll be resolving in the coming days, including the lack of a source package, but it's overall completely functional.

Sep 2 2016, 7:59 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 24 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

The Debian package you mentioned is actually a completely different library serving the same purpose. I'll probably end up porting my code over to use that

As it turns out, that other library chokes whenever the packet handler releases the GIL (which is the only way to get the packet skewing we want). We can't use the Debian package python-nfqueue.
That really leaves us with two options:

  • I could rewrite the handler entirely in C, in which case all we need is Debian's libnetfilter-queue package. However, I generally consider writing security-critical code in C to be a bad idea, especially when threads are involved like they are here.
Aug 24 2016, 10:48 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

First off, this would likely better be discussed directly on T543, as it's largely unrelated to ping latency covert channels.

Aug 24 2016, 1:45 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

The Debian package you mentioned is actually a completely different library serving the same purpose. I'll probably end up porting my code over to use that

Aug 24 2016, 7:42 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 23 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

If the attacker's goal is to judge clock skew (which can get to be tens of milliseconds), then it's completely practical

Aug 23 2016, 12:00 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 22 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Could it be replaced with the Debian package python-nfqueue? Is it the same?

Aug 22 2016, 8:30 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 19 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

The following is an issue for us. (Since upgrades come outside of apt-get which makes it hard to keep it up to date for users as linux distribution maintainer. Package manager security and whatnot.)

Aug 19 2016, 5:22 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Thanks for researching this and contributing a fix.

Aug 19 2016, 6:57 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.
In T530#9956, @Patrick wrote:

Could you please post (and license Open Source) your fix to github? @ethanwhite

Aug 19 2016, 3:24 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 18 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Could you please post (and license Open Source) your fix to github? @ethanwhite

Aug 18 2016, 7:43 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick added a parent task for T530: CPU-induced latency Covert Channel Countermeasures: T540: Advanced Attacks Meta Ticket.
Aug 18 2016, 7:33 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop renamed T530: CPU-induced latency Covert Channel Countermeasures from Covert Channel Data Leaks and Countermeasures to CPU-induced latency Covert Channel Countermeasures.
Aug 18 2016, 5:34 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 10 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Would it be correct to say that the fix developed also defends against the earlier attack described by Steven Murdoch?

Aug 10 2016, 6:03 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 9 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Would it be correct to say that the fix developed also defends against the earlier attack described by Steven Murdoch? - Therefore closing up this entire class of threats.

Aug 9 2016, 12:11 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 8 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

We would like your feedback on the TCP ISN attack/mitigation info (or on the covert channel attack in general) on the wiki page.

Aug 8 2016, 10:17 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Can you please implement the same protections for IPv6/ICMP6 if its not too much work.

It's a matter of using ip6tables as well as iptables; I've added a shell script to configure them both automatically as well, for ease of use. However, none of the machines I have access to seem to have good IPv6 support, so I wasn't able to test it properly.

Aug 8 2016, 5:22 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 7 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I'm not aware of any other issues. Performance seems to be decent as well; although this obviously increases the average latency, it can easily handle 10mbps of traffic.

Aug 7 2016, 2:02 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 6 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Can you please implement the same protections for IPv6/ICMP6 if its not too much work.

Aug 6 2016, 5:32 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 5 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Can you please implement the same protections for IPv6/ICMP6 if its not too much work. We plan to roll out the package for Whonix hosts (to end this attack for other VMs besides Whonix) where some users may have no choice but to connect with IPv6 because of their ISP.

Aug 5 2016, 8:28 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Here I found an example of someone using libnetfilter_queue to manipulate ICMP packet timing. Though their goal is different - they embed covert patterns while we are preventing them. [1]

Aug 5 2016, 3:44 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 4 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

After looking at the netem documentation I'm pretty sure there is something here we can use.

Aug 4 2016, 9:35 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Aug 3 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Here is someone using tc (traffic control) [1] and netem [2] to delay packets in a queue. It can be applied to all traffic [3]
Another way to delay packets is using the libnetfilter_queue interface. [4]

Aug 3 2016, 6:23 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

it is definitely possible to disable c-states as a guest operating system

Aug 3 2016, 4:41 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick added a project to T530: CPU-induced latency Covert Channel Countermeasures: Whonix 14.
Aug 3 2016, 4:13 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick updated the task description for T530: CPU-induced latency Covert Channel Countermeasures.
Aug 3 2016, 4:13 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Aug 3 2016, 4:09 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

May 14 2016

Patrick added a comment to T144: automatic shared folder mounting in VMs.

https://github.com/Whonix/shared-folder-help/commit/d797f2ad9e4f385d4873ad137056a1e9807b9ecb

May 14 2016, 4:40 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Mar 16 2016

Patrick closed T144: automatic shared folder mounting in VMs as Resolved.

@HulaHoop reported it works in KVM.

Mar 16 2016, 4:42 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Nov 29 2015

Patrick added a comment to T144: automatic shared folder mounting in VMs.

do not let systemd service enter failed state of host config has not been applied:
https://github.com/Whonix/shared-folder-help/commit/24143991888ab900effe4b11f7eb55172af6793d

Nov 29 2015, 7:38 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Nov 24 2015

Patrick updated the task description for T437: sort out clocksource and wall clock for VirtualBox to prevent Clock Correlation Attack.
Nov 24 2015, 7:47 PM · Whonix, virtualizer, security, VirtualBox
Patrick renamed T437: sort out clocksource and wall clock for VirtualBox to prevent Clock Correlation Attack from sort out clocksource and wallclock for VirtualBox to prevent Clock Correlation Attack to sort out clocksource and wall clock for VirtualBox to prevent Clock Correlation Attack.
Nov 24 2015, 3:18 PM · Whonix, virtualizer, security, VirtualBox
Patrick renamed T437: sort out clocksource and wall clock for VirtualBox to prevent Clock Correlation Attack from sort out clocksource and wallclock for VirtualBox to sort out clocksource and wallclock for VirtualBox to prevent Clock Correlation Attack.
Nov 24 2015, 3:18 PM · Whonix, virtualizer, security, VirtualBox
Patrick created T437: sort out clocksource and wall clock for VirtualBox to prevent Clock Correlation Attack.
Nov 24 2015, 3:11 PM · Whonix, virtualizer, security, VirtualBox

Nov 20 2015

Patrick added a comment to T144: automatic shared folder mounting in VMs.
In T144#6289, @Patrick wrote:

Merged. Requires testing when new test images get available.

Nov 20 2015, 4:17 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Aug 6 2015

Patrick changed the status of T144: automatic shared folder mounting in VMs from Open to Review.

Merged. Requires testing when new test images get available.

Aug 6 2015, 5:27 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Jun 26 2015

Patrick added a project to T144: automatic shared folder mounting in VMs: Whonix 12.
Jun 26 2015, 8:46 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Jun 21 2015

HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

https://github.com/Whonix/shared-folder-help/pull/1
https://github.com/Whonix/shared-folder-help/pull/2
https://github.com/Whonix/shared-folder-help/pull/3
https://github.com/Whonix/shared-folder-help/pull/4

Jun 21 2015, 7:34 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Jun 15 2015

HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

OK I edited my comment and added those in under the Unit section.

Jun 15 2015, 1:50 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
Patrick added a comment to T144: automatic shared folder mounting in VMs.

How to find out? Look manually into /etc/init.d/virtualbox-guest-utils
(or systemd unit files if it had those) and/or 'grep -i provides
/etc/init.d/virtualbox-guest-utils'.

Jun 15 2015, 1:45 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

What is the name of the systemd vbox guest additions service so I can add it? KVM does not rely on spice or a guest additions equivalent to share folders.

Jun 15 2015, 1:04 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Jun 14 2015

Patrick added a comment to T144: automatic shared folder mounting in VMs.
  • In section [Unit] it should probably use After= something. I.e. make it run after VBox / KVM guest additions.
  • debian/rules modifications
  • debian/control modifications
  • use /lib/systemd/system/
  • commit to shared-folder-help package
  • build package, test if it actually works
Jun 14 2015, 10:37 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

Great news! automatic shared folders is now achieved :D

Jun 14 2015, 9:25 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
Patrick added a comment to T144: automatic shared folder mounting in VMs.

I don't think you need a separate script. Instead of running a single
line script, you could try running the mount command directly from the
systemd unit file.

Jun 14 2015, 4:49 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

Ok I see what you're talking about.

Jun 14 2015, 3:32 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
Patrick added a comment to T144: automatic shared folder mounting in VMs.

HulaHoop (HulaHoop):

A solution you probably won't like is patching the fstab file directly.

Jun 14 2015, 2:53 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

A solution you probably won't like is patching the fstab file directly.

Jun 14 2015, 2:43 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Jun 13 2015

HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

This option is dead because of some rare bug. There are only 4 search results for it and none of the situations really applies to our setup here.

Jun 13 2015, 11:36 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

How far I've gone:
I managed to debug errors until I corrected the parameters in the unit files so they should be correct. The remaining error has something to do with the 9p kernel module and I'm not sure where to go from here.

Jun 13 2015, 11:16 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
Patrick added a comment to T144: automatic shared folder mounting in VMs.

Nice. Much better than manually running mount from systemd.

Jun 13 2015, 9:29 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

Excellent example of shared folder mounting with systemd files in Arch documentation. It will take changing them from vmware to suit KVM and drop them in the same paths for testing:

Jun 13 2015, 8:39 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
Patrick added a comment to T144: automatic shared folder mounting in VMs.

If the manual mount command that does not involve /etc/fstab, i.e. mount -t 9p -o trans=virtio shared /mnt/shared -oversion=9p2000.L work for you in terminal, then a systemd unit file could do the same. Also without requiring /etc/fstab.

Jun 13 2015, 4:58 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

systemd can understand mount entries but they still have to be specified in /etc/fstab which won't solve anything.

Jun 13 2015, 4:47 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
Patrick removed a project from T144: automatic shared folder mounting in VMs: Whonix 12.
Jun 13 2015, 4:48 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
Patrick added a comment to T144: automatic shared folder mounting in VMs.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666163 says fstab.d support has been removed. Not a great long term solution.

Jun 13 2015, 4:48 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

fstab.d should be available in the libmount version in Jessie:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666163

Jun 13 2015, 1:40 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Jun 7 2015

HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

virsh can set disk activity limits per vm:

Jun 7 2015, 5:52 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

May 25 2015

HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

For CPU, setting the Linux scheduler to the Nice level for a VM process can limit effect of CPU DoS. Using cgroups, virtual machines can also be restricted to CPU limits which supports the prevention of denial of service.

May 25 2015, 3:14 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

May 23 2015

Patrick updated subscribers of T12: virtualizer: enforce maximum system resources a virtual machine may use.
May 23 2015, 1:39 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

May 3 2015

Patrick added a project to T144: automatic shared folder mounting in VMs: Whonix 12.
May 3 2015, 6:05 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
Patrick added a comment to T144: automatic shared folder mounting in VMs.

Neither easier nor harder.

May 3 2015, 6:05 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix
HulaHoop added a comment to T144: automatic shared folder mounting in VMs.

With the migration to systemd, is it now easier to add this?

May 3 2015, 2:42 AM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Feb 7 2015

Patrick created T144: automatic shared folder mounting in VMs.
Feb 7 2015, 6:25 PM · Whonix 12, virtualizer, KVM, VirtualBox, systemd, usability, shared-folder-help, Whonix

Nov 26 2014

Patrick added a project to T12: virtualizer: enforce maximum system resources a virtual machine may use: Whonix.
Nov 26 2014, 5:01 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 20 2014

Patrick changed the visibility for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 20 2014, 7:49 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick created T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 20 2014, 7:38 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer