> hi, > > [email protected] wrote (26 Oct 2012 15:43:09 GMT) : >> Tails 0.14 rc1 686-pae sees all my cpu cores and RAM > > Nice to hear. > >> Time to test virtualization. > > Ah. FYI this is tracked on > https://tails.boum.org/todo/add_virtualbox_host_software/
Thanks, I'll see if I can add anything useful there > > (I'll ignore the proprietary vmware thing in what follows.) > >> virtualbox 4.2 will now install, compile & insert kernel modules > > Nice to read! > >> https://www.virtualbox.org/wiki/Linux_Downloads is verified by verisign, >> so you only get verisign/ssl-level security > > A long-term solution for Tails would have to be based on Debian, > rather than on Oracle's packages. Current status in Tails is a bit > kludgy: we are shipping a 4.1.10-dfsg-1~bpo60+1 custom backport of the > guest tools and drivers (custom because they are built against the > xorg from squeeze-backports). I retested the steps to install virtualbox using only debian packages, this is what I came up with: >From within tails-livecd 0.14 rc1, as root, over tor, in this order: # apt-get update # apt-get intall gcc # ln -s /usr/bin/gcc-4.4 /usr/bin/gcc-4.6 # apt-get install make # apt-get install linux-headers-3.2.0-4-686-pae # apt-get install virtualbox-dkms # apt-get install virtualbox-qt ^Now virtual box is installed & works, kernel modules compiled & inserted, and a link in the Applications menu is installed to the virtualbox graphical frontend After apt-get install virtualbox-dkms, apt-get showed: Get:1 http://backports.debian.org/debian-backports/ squeeze-backports/main virtualbox i386 4.0.10-dfsg-1~bpo60+1 [15.0 MB] So it appears to use backports for the virtualbox host binaries version 4.0.10-dfsg-1~bpo60+1 >we are shipping a 4.1.10-dfsg-1~bpo60+1 custom backport of the guest tools Good to know, can this present any problems with shipping the virtualbox host binaries? It looks all compatible to me > >> TODO: >> 1. Calculate what size requirements there would be if virtualbox was >> ever >> shipped with tails >> 2. See how a git patch could be made that is easy simple and just makes >> everything work well > > + check that issue, quoted directly from the aforementioned ticket: Ballpark 20MB on the tracking webpage https://tails.boum.org/todo/add_virtualbox_host_software/ so not too much > > IIRC, VirtualBox host software sets iptables/netfilter up in a way > that makes the guest system bypass the existing firewall / or be > blocked by it, so some care should be taken on this side. One idea is to use host-only networking in the virtualbox guest, and the apps in the guest can connect to appropriate socks-port(s) on the hosts host-only adapter Bridge mode is the problem, it would be worth checking if the amnesia user can leverage the virtualbox bridge kernel module/driver to bypass tor. This would violate tails design because currently the amnesia user is not allowed direct internet access. Bridge mode and NAT support could simply be left out alltogether from tails, any drivers deleted/not-installed If the kernel modules for bridge and NAT adapters is left out of tails, that would leave only the host-only networking adapter. That leaves problems for users who have legitimate reasons to use bridge or NAT mode (like me). > >> What does everyone think about virtualization and tails? > > Personally, I'd be very happy to see todo/add_virtualbox_host_software > solved, but I lack time to do it any time soon. You are most welcome > to go on working on this! :) I'll do what I can and continue working on this. Unfortunately after looking at it, it appears creating a git patch/branch that implements all this is beyond my current skill level. I'll do what work on this I'm able to do however :) _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
