> a...@riseup.net: >> I have a question about virtualbox as >> adrelanos said host-only networking requires both the vboxnetadp and >> vboxnetflt kernel modules to be inserted. > > anonym said so. :) > _______________________________________________ > tails-dev mailing list > tails-dev@boum.org > https://mailman.boum.org/listinfo/tails-dev >
My mistake adrelanos, I really like your multi machine design of whonix. I think since tails now supports bridges and obsproxy, then someone one day may implement a hardened firewall cd that runs in front of tails, and allows only traffic to the bridges the user has specified This would stop an attacker from learning the tails machine real IP even if they gained root on the machine, unless they could use a *rare* exploit against iptables or pf on the firewall machine (or some other attack) A multi machine setup may be less coding work for developers than setting up virtualization, and be more secure I have read people asking how to disable bridge adapters in virtualbox but enable host-only networking and I think the answer is no, you cannot disable bridge adapter functionality in the kernel being available to the users uid, without altering virtualbox source code. I dont have time to research this fully right now so I cannot guarantee this answer. I have asked on the virtual box mailing list For this reason QEMU may be better for the two layered virtualized system goal at https://tails.boum.org/todo/Two-layered_virtualized_system/ _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev