Re: [Tails-dev] Tails 0.14 rc1 virtualization testing & howt…

Nachricht löschen

Nachricht beantworten
Autor: adev
Datum:  
To: tails-dev
Betreff: Re: [Tails-dev] Tails 0.14 rc1 virtualization testing & howto install virtualbox and vmplayer
> hi,
>
> adev@??? wrote (26 Oct 2012 15:43:09 GMT) :
>> Tails 0.14 rc1 686-pae sees all my cpu cores and RAM
>
> Nice to hear.
>
>> Time to test virtualization.
>
> Ah. FYI this is tracked on
> https://tails.boum.org/todo/add_virtualbox_host_software/


Thanks, I'll see if I can add anything useful there


>
> (I'll ignore the proprietary vmware thing in what follows.)
>
>> virtualbox 4.2 will now install, compile & insert kernel modules
>
> Nice to read!
>
>> https://www.virtualbox.org/wiki/Linux_Downloads is verified by verisign,
>> so you only get verisign/ssl-level security
>
> A long-term solution for Tails would have to be based on Debian,
> rather than on Oracle's packages. Current status in Tails is a bit
> kludgy: we are shipping a 4.1.10-dfsg-1~bpo60+1 custom backport of the
> guest tools and drivers (custom because they are built against the
> xorg from squeeze-backports).



I retested the steps to install virtualbox using only debian packages,
this is what I came up with:


>From within tails-livecd 0.14 rc1, as root, over tor, in this order:

# apt-get update
# apt-get intall gcc
# ln -s /usr/bin/gcc-4.4 /usr/bin/gcc-4.6
# apt-get install make
# apt-get install linux-headers-3.2.0-4-686-pae
# apt-get install virtualbox-dkms
# apt-get install virtualbox-qt


^Now virtual box is installed & works, kernel modules compiled & inserted,
and a link in the Applications menu is installed to the virtualbox
graphical frontend


After apt-get install virtualbox-dkms, apt-get showed:
Get:1 http://backports.debian.org/debian-backports/ squeeze-backports/main
virtualbox i386 4.0.10-dfsg-1~bpo60+1 [15.0 MB]

So it appears to use backports for the virtualbox host binaries
version 4.0.10-dfsg-1~bpo60+1


>we are shipping a 4.1.10-dfsg-1~bpo60+1 custom backport of the guest tools

Good to know, can this present any problems with shipping the virtualbox
host binaries? It looks all compatible to me



>
>> TODO:
>> 1. Calculate what size requirements there would be if virtualbox was
>> ever
>> shipped with tails
>> 2. See how a git patch could be made that is easy simple and just makes
>> everything work well
>
> + check that issue, quoted directly from the aforementioned ticket:


Ballpark 20MB on the tracking webpage
https://tails.boum.org/todo/add_virtualbox_host_software/ so not too much


>
> IIRC, VirtualBox host software sets iptables/netfilter up in a way
> that makes the guest system bypass the existing firewall / or be
> blocked by it, so some care should be taken on this side.


One idea is to use host-only networking in the virtualbox guest, and the
apps in the guest can connect to appropriate socks-port(s) on the hosts
host-only adapter



Bridge mode is the problem, it would be worth checking if the amnesia user
can leverage the virtualbox bridge kernel module/driver to bypass tor.
This would violate tails design because currently the amnesia user is not
allowed direct internet access.

Bridge mode and NAT support could simply be left out alltogether from
tails, any drivers deleted/not-installed

If the kernel modules for bridge and NAT adapters is left out of tails,
that would leave only the host-only networking adapter.

That leaves problems for users who have legitimate reasons to use bridge
or NAT mode (like me).




>
>> What does everyone think about virtualization and tails?
>
> Personally, I'd be very happy to see todo/add_virtualbox_host_software
> solved, but I lack time to do it any time soon. You are most welcome
> to go on working on this! :)


I'll do what I can and continue working on this. Unfortunately after
looking at it, it appears creating a git patch/branch that implements all
this is beyond my current skill level. I'll do what work on this I'm able
to do however :)