Hi,
ade wrote (12 Feb 2013 18:59:26 GMT) :
> Step I did:
> 1. Install virtualbox
Just FTR, what host OS / version of VirtualBox were you using?
> 2. Modprobe remove the vboxnetflt kernel module
> 3. Setup various tails virtual machines to test them out, and ran
> do_not_ever_run_me script on all guests and the host machine to try out
> manual iptables configurations.
Just to be clear, did you reset the firewall rules on the host system
before or after starting the VirtualBox services and virtual machines?
(I'm concerned VirtualBox might play with firewall rules on the host
e.g. when starting a VM, so this may be worth double-checking.)
> As a result of unloading the vboxnetflt kernel module virtual machines
> would not start if they had a host-only networking adapter, or bridge mode
> networking adapter attached to them.
> This is what we expect.
OK.
> With vboxnetflt kernel module unloaded, the NAT networking mode still
> functioned correctly, but bridge mode would not. This is good.
> I did a very basic and quick test of iptables and with NAT mode networking
> enabled, the host iptables firewall was still able to control the virtual
> machines traffic.
> Setting the OUTPUT policy of the host machine iptables firewall to DROP
> stopped the guest tails from sending outbound pings to the host machines
> eth0 interface
Good.
> So it looks like Virtualbox could be shipped without support for bridge
> networking, or without any networking support at all. In future it looks
> promising that the NAT mode could be useful to provide the guest OS with
> Tor access. Lack of vboxnetflt should stop bridge mode and associated
> leaking from the guest OS if the host iptables firewall is configured
> appropriately.
Good to know.
> Is there any interest in shipping Virtualbox with bridge mode disabled (or
> no networking at all) but include a script that only root can run, to
> enable bridge mode for those that want to use it?
Well, either we are able to support networking without breaking Tails
properties, and in which case we should just enable it, or we are not
able to, and in which case I'd rather not ship such a script.
> What does everyone think about this?
I'm glad to see progress made on this, even though it's progress
targeted at the step after the next one, it's motivating! I'm still in
favor of shipping VirtualBox host software with no networking support
at all (baby steps!) ASAP, and *then* see how we can add
support networking.
I've tried to summarize the current state of things on
todo/add_virtualbox_host_software. Help is welcome for the next steps!
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc