Skip to content

port to rootless and unix domain sockets #119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
adrelanos wants to merge 11 commits into
base: master
Choose a base branch
from
Open

port to rootless and unix domain sockets #119

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
3af75f6
port to rootless and unix domain sockets
claude Jun 3, 2026
6de4959
use header `<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas…
adrelanos Jun 3, 2026
5b22d3a
system -> session
adrelanos Jun 4, 2026
b558ecc
test
adrelanos Jun 4, 2026
726008f
test
adrelanos Jun 4, 2026
8f14e3d
pin internal NIC to fixed PCI slot (bus=pcie.0,addr=0x10)
claude Jun 4, 2026
cdacccc
Merge remote-tracking branch 'gitlab-adrelanos/rootless-kvm-session' …
adrelanos Jun 4, 2026
097c8a6
Update Kicksecure.xml
HulaHoop0 Jun 7, 2026
4e90548
Port to QEMU Session
HulaHoop0 Jun 7, 2026
6ad4794
Port to QEMU Session
HulaHoop0 Jun 7, 2026
a44c78f
Port to QEMU Session
HulaHoop0 Jun 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions debian/control
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ Rules-Requires-Root: no

Package: libvirt-dist
Architecture: all
Depends: adduser, qemu-kvm, libvirt-daemon-system, libvirt-clients,
virt-manager, gir1.2-spiceclientgtk-3.0, dnsmasq-base, helper-scripts,
Depends: adduser, qemu-kvm, libvirt-daemon, libvirt-clients,
virt-manager, gir1.2-spiceclientgtk-3.0, passt, helper-scripts,
msgcollector, ${misc:Depends}
Provides: whonix-libvirt
Replaces: whonix-libvirt
Expand Down
20 changes: 10 additions & 10 deletions usr/libexec/libvirt-dist/install
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,14 +32,14 @@ chmod 777 /mnt/workstation-shared

## TODO: proper error handling. '|| true' can probably be removed.

virsh -c qemu:///system net-autostart "default" || true
virsh -c qemu:///system net-start "default" || true
virsh -c qemu:///system net-define "/usr/share/libvirt-dist/xml/Whonix-External.xml" || true
virsh -c qemu:///system net-define "/usr/share/libvirt-dist/xml/Whonix-Internal.xml" || true
virsh -c qemu:///system net-autostart "Whonix-External" || true
virsh -c qemu:///system net-start "Whonix-External" || true
virsh -c qemu:///system net-autostart "Whonix-Internal" || true
virsh -c qemu:///system net-start "Whonix-Internal" || true
virsh -c qemu:///session net-autostart "default" || true
virsh -c qemu:///session net-start "default" || true
virsh -c qemu:///session net-define "/usr/share/libvirt-dist/xml/Whonix-External.xml" || true
virsh -c qemu:///session net-define "/usr/share/libvirt-dist/xml/Whonix-Internal.xml" || true
virsh -c qemu:///session net-autostart "Whonix-External" || true
virsh -c qemu:///session net-start "Whonix-External" || true
virsh -c qemu:///session net-autostart "Whonix-Internal" || true
virsh -c qemu:///session net-start "Whonix-Internal" || true

## Doing the following in a temporary directory to avoid modified files should
## this be interrupted in the middle.
Expand Down Expand Up @@ -80,8 +80,8 @@ fi
test -f "$temp_dir/xml/Whonix-Gateway.xml"
test -f "$temp_dir/xml/Whonix-Workstation.xml"

virsh -c qemu:///system define "$temp_dir/xml/Whonix-Gateway.xml" || true
virsh -c qemu:///system define "$temp_dir/xml/Whonix-Workstation.xml" || true
virsh -c qemu:///session define "$temp_dir/xml/Whonix-Gateway.xml" || true
virsh -c qemu:///session define "$temp_dir/xml/Whonix-Workstation.xml" || true

virt-xml "Whonix-Gateway" --add-device --filesystem source=/mnt/gateway-shared,target=shared,type=mount,accessmode=mapped || true
virt-xml "Whonix-Workstation" --add-device --filesystem source=/mnt/workstation-shared,target=shared,type=mount,accessmode=mapped || true
Expand Down
91 changes: 21 additions & 70 deletions usr/share/libvirt-dist/ci_test
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,7 @@
set -x
set -e

if printf '%s\n' "$PWD" | grep -- travis >/dev/null 2>/dev/null; then
true "travis detected, ok."
elif [ ! "$CI" = "true" ]; then
if [ ! "$CI" = "true" ]; then
true "ERROR: You probably do not want to run this outside of a CI \
environment, because it uses virsh to undefine virtual machines."
exit 1
Expand All @@ -18,13 +16,13 @@ cd ..
cd ..

## Debugging.
cat /etc/apt/sources.list || true
ls -la /etc/apt/sources.list.d/* || true
cat /etc/apt/sources.list.d/* || true
ls -la /etc/apt/apt.conf.d/ || true
cat /etc/apt/apt.conf.d/* || true
ls -la /etc/apt/preferences.d/ || true
cat /etc/apt/preferences.d/* || true
# cat /etc/apt/sources.list || true
# ls -la /etc/apt/sources.list.d/* || true
# cat /etc/apt/sources.list.d/* || true
# ls -la /etc/apt/apt.conf.d/ || true
# cat /etc/apt/apt.conf.d/* || true
# ls -la /etc/apt/preferences.d/ || true
# cat /etc/apt/preferences.d/* || true

## Version closer to Debian release.
# sudo --non-interactive rm -f /etc/apt/sources.list || true
Expand All @@ -37,7 +35,7 @@ cat /etc/apt/preferences.d/* || true
apt-get update

## Sanity tests.
apt-get --yes dist-upgrade
#apt-get --yes dist-upgrade
dpkg --configure -a

apt-get --yes install sudo virt-what lintian
Expand All @@ -47,12 +45,6 @@ apt-get install --no-install-recommends -y qemu-kvm libvirt-daemon-system libvir

apt-get install --no-install-recommends -y kmod || true

service libvirtd start || true
service virtlockd start || true
service virtlogd start || true
service virtlockd-admin start || true
service virtlogd-admin start || true

true "------------------------------------------------------------"
true "------------------------------------------------------------"
true "------------------------------------------------------------"
Expand All @@ -63,47 +55,10 @@ true "------------------------------------------------------------"
true "------------------------------------------------------------"
true "------------------------------------------------------------"

#sudo --non-interactive chmod o+rwx /run/libvirt/libvirt-sock

true "------------------------------------------------------------"
true "------------------------------------------------------------"
true "------------------------------------------------------------"

test -f ./usr/share/libvirt-dist/xml/Whonix-External.xml

## /usr/bin/virt-xml-validate: cannot determine schema type for ./usr/share/libvirt-dist/xml/Whonix-External.xml
virt-xml-validate ./usr/share/libvirt-dist/xml/Whonix-External.xml || true

virsh -c qemu:///system net-define ./usr/share/libvirt-dist/xml/Whonix-External.xml
virsh -c qemu:///system net-autostart Whonix-External
virsh -c qemu:///system net-start Whonix-External || true

true "------------------------------------------------------------"
true "------------------------------------------------------------"
true "------------------------------------------------------------"

test -f ./usr/share/libvirt-dist/xml/Whonix-Internal.xml

virt-xml-validate ./usr/share/libvirt-dist/xml/Whonix-Internal.xml || true

virsh -c qemu:///system net-define ./usr/share/libvirt-dist/xml/Whonix-Internal.xml
virsh -c qemu:///system net-autostart Whonix-Internal
virsh -c qemu:///system net-start Whonix-Internal || true

true "------------------------------------------------------------"
true "------------------------------------------------------------"
true "------------------------------------------------------------"

## Debugging.

virsh -c qemu:///system net-dumpxml default
virsh -c qemu:///system net-dumpxml default --inactive

virsh -c qemu:///system net-dumpxml Whonix-External
virsh -c qemu:///system net-dumpxml Whonix-External --inactive

virsh -c qemu:///system net-dumpxml Whonix-Internal
virsh -c qemu:///system net-dumpxml Whonix-Internal --inactive
virsh -c qemu:///session net-dumpxml default
virsh -c qemu:///session net-dumpxml default --inactive

true "------------------------------------------------------------"
true "------------------------------------------------------------"
Expand All @@ -118,17 +73,15 @@ true "------------------------------------------------------------"
true "------------------------------------------------------------"
true "------------------------------------------------------------"

## Travis CI issue:
## + virsh domxml-to-native qemu-argv ./usr/share/libvirt-dist/xml/Whonix-Gateway.xml
## error: invalid argument: could not find capabilities for domaintype=kvm
search="<domain type='kvm'>"
replace="<domain type='qemu'>"
search="<domain type='kvm'"
replace="<domain type='qemu'"
sed -i -e "s/$search/$replace/g" ./usr/share/libvirt-dist/xml/Whonix-Gateway.xml
sed -i -e "s/$search/$replace/g" ./usr/share/libvirt-dist/xml/Whonix-Workstation.xml
sed -i -e "s/$search/$replace/g" ./usr/share/libvirt-dist/xml/Whonix-Custom-Workstation.xml
sed -i -e "s/$search/$replace/g" ./usr/share/libvirt-dist/xml/Kicksecure.xml

## Travis CI issue:
## + virsh domxml-to-native qemu-argv ./usr/share/libvirt-dist/xml/Whonix-Gateway.xml
## error: unsupported configuration: CPU mode 'host-passthrough' for x86_64 qemu domain on x86_64 host is not supported by hypervisor
search="<cpu mode='host-passthrough'/>"
Expand All @@ -138,7 +91,6 @@ sed -i -e "s#$search#$replace#g" ./usr/share/libvirt-dist/xml/Whonix-Workstation
sed -i -e "s#$search#$replace#g" ./usr/share/libvirt-dist/xml/Whonix-Custom-Workstation.xml
sed -i -e "s#$search#$replace#g" ./usr/share/libvirt-dist/xml/Kicksecure.xml

## Travis CI issue:
## + virsh domxml-to-native qemu-argv ./usr/share/libvirt-dist/xml/Whonix-Gateway.xml
## error: Unable to open /dev/net/tun, is tun module loaded?: No such file or directory
modprobe tun || true
Expand All @@ -147,7 +99,6 @@ true "------------------------------------------------------------"
true "------------------------------------------------------------"
true "------------------------------------------------------------"

## TODO: virt-xml-validate does not work in Travis CI.
## /usr/bin/virt-xml-validate: cannot determine schema type for ./usr/share/libvirt-dist/xml/Whonix-Gateway.xml
virt-xml-validate ./usr/share/libvirt-dist/xml/Whonix-Gateway.xml || true
virt-xml-validate ./usr/share/libvirt-dist/xml/Whonix-Workstation.xml || true
Expand All @@ -173,17 +124,17 @@ true "------------------------------------------------------------"
true "------------------------------------------------------------"
true "------------------------------------------------------------"

virsh -c qemu:///system define ./usr/share/libvirt-dist/xml/Whonix-Gateway.xml
virsh -c qemu:///system undefine Whonix-Gateway
virsh -c qemu:///session define ./usr/share/libvirt-dist/xml/Whonix-Gateway.xml
virsh -c qemu:///session undefine Whonix-Gateway

virsh -c qemu:///system define ./usr/share/libvirt-dist/xml/Whonix-Workstation.xml
virsh -c qemu:///system undefine Whonix-Workstation
virsh -c qemu:///session define ./usr/share/libvirt-dist/xml/Whonix-Workstation.xml
virsh -c qemu:///session undefine Whonix-Workstation

virsh -c qemu:///system define ./usr/share/libvirt-dist/xml/Whonix-Custom-Workstation.xml
virsh -c qemu:///system undefine Whonix-Custom-Workstation
virsh -c qemu:///session define ./usr/share/libvirt-dist/xml/Whonix-Custom-Workstation.xml
virsh -c qemu:///session undefine Whonix-Custom-Workstation

virsh -c qemu:///system define ./usr/share/libvirt-dist/xml/Kicksecure.xml
virsh -c qemu:///system undefine Kicksecure
virsh -c qemu:///session define ./usr/share/libvirt-dist/xml/Kicksecure.xml
virsh -c qemu:///session undefine Kicksecure

true "------------------------------------------------------------"
true "------------------------------------------------------------"
Expand Down
17 changes: 6 additions & 11 deletions usr/share/libvirt-dist/xml/Kicksecure.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,6 @@
<nosharepages/>
</memoryBacking>

<blkiotune>
<weight>250</weight>
</blkiotune>

<vcpu placement='static' cpuset='1'>1</vcpu>
<cpu mode='host-passthrough'/>

Expand Down Expand Up @@ -51,16 +47,15 @@
</pm>

<devices>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/Kicksecure.qcow2'/>
<target dev='vda' bus='virtio'/>
<disk type="volume" device="disk">
<driver name="qemu" type="qcow2"/>
<source pool="default" volume="Kicksecure.qcow2"/>
<target dev="vda" bus="virtio"/>
</disk>

<interface type='network'>
<source network='default'/>
<interface type='user'>
<backend type='passt'/>
<model type='virtio'/>
<driver name='qemu'/>
</interface>

<controller type='virtio-serial' index='0'/>
Expand Down
22 changes: 10 additions & 12 deletions usr/share/libvirt-dist/xml/Whonix-Custom-Workstation.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,6 @@
<nosharepages/>
</memoryBacking>

<blkiotune>
<weight>250</weight>
</blkiotune>

<vcpu placement='static' cpuset='1'>1</vcpu>
<cpu mode='host-passthrough'/>

Expand Down Expand Up @@ -51,16 +47,17 @@
</pm>

<devices>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/Whonix-Custom-Workstation.qcow2'/>
<target dev='vda' bus='virtio'/>
<disk type="volume" device="disk">
<driver name="qemu" type="qcow2"/>
<source pool="default" volume="Whonix-Custom-Workstation.qcow2"/>
<target dev="vda" bus="virtio"/>
</disk>

<interface type='network'>
<source network='Whonix-Internal'/>
<model type='virtio'/>
<driver name='qemu'/>
<interface type='udp'>
<source address='127.0.0.1' port='6688'>
<local address='127.0.0.1' port='5577'/>
</source>
<model type="virtio"/>
</interface>

<controller type='virtio-serial' index='0'/>
Expand Down Expand Up @@ -104,4 +101,5 @@
<backend model='random'>/dev/random</backend>
</rng>
</devices>

</domain>
10 changes: 0 additions & 10 deletions usr/share/libvirt-dist/xml/Whonix-External.xml
View file
Open in desktop

This file was deleted.

27 changes: 12 additions & 15 deletions usr/share/libvirt-dist/xml/Whonix-Gateway.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,6 @@
<nosharepages/>
</memoryBacking>

<blkiotune>
<weight>250</weight>
</blkiotune>

<vcpu placement='static' cpuset='0'>1</vcpu>
<cpu mode='host-passthrough'/>

Expand Down Expand Up @@ -51,22 +47,22 @@
</pm>

<devices>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/Whonix-Gateway.qcow2'/>
<target dev='vda' bus='virtio'/>
<disk type="volume" device="disk">
<driver name="qemu" type="qcow2"/>
<source pool="default" volume="Whonix-Gateway.qcow2"/>
<target dev="vda" bus="virtio"/>
</disk>

<interface type='network'>
<source network='Whonix-External'/>
<interface type='user'>
<backend type='passt'/>
<model type='virtio'/>
<driver name='qemu'/>
</interface>

<interface type='network'>
<source network='Whonix-Internal'/>
<model type='virtio'/>
<driver name='qemu'/>
<interface type="udp">
<source address="127.0.0.1" port="5577">
<local address="127.0.0.1" port="6688"/>
</source>
<model type="virtio"/>
</interface>

<controller type='virtio-serial' index='0'/>
Expand Down Expand Up @@ -110,4 +106,5 @@
<backend model='random'>/dev/random</backend>
</rng>
</devices>

</domain>
5 changes: 0 additions & 5 deletions usr/share/libvirt-dist/xml/Whonix-Internal.xml
View file
Open in desktop

This file was deleted.

22 changes: 10 additions & 12 deletions usr/share/libvirt-dist/xml/Whonix-Workstation.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,6 @@
<nosharepages/>
</memoryBacking>

<blkiotune>
<weight>250</weight>
</blkiotune>

<vcpu placement='static' cpuset='1'>1</vcpu>
<cpu mode='host-passthrough'/>

Expand Down Expand Up @@ -51,16 +47,17 @@
</pm>

<devices>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/Whonix-Workstation.qcow2'/>
<target dev='vda' bus='virtio'/>
<disk type="volume" device="disk">
<driver name="qemu" type="qcow2"/>
<source pool="default" volume="Whonix-Workstation.qcow2"/>
<target dev="vda" bus="virtio"/>
</disk>

<interface type='network'>
<source network='Whonix-Internal'/>
<model type='virtio'/>
<driver name='qemu'/>
<interface type='udp'>
<source address='127.0.0.1' port='6688'>
<local address='127.0.0.1' port='5577'/>
</source>
<model type="virtio"/>
</interface>

<controller type='virtio-serial' index='0'/>
Expand Down Expand Up @@ -104,4 +101,5 @@
<backend model='random'>/dev/random</backend>
</rng>
</devices>

</domain>