Hi, Alex Coventry wrote (06 Mar 2015 17:25:50 GMT) : > ** Guest overview
> - Virtualbox VM running barebones debian with the same window manager > as tails. Constructed using debian live. > - Does not share clipboard through vbox at all. > - Shares the ~/.tor-browser, ~/.mozilla, "~/{,Persistence/}Tor Browser" > directories with the host as Virtualbox shared folders. > - Does not share the tor browser binary/libraries with the host, but > they can be essentially the same as in tails, using the host tor > daemon via ports 9050/9051. > - When the guest wm is ready to start a browser, drops a file in a > shared folder to indicate this to the host. > - A guest daemon watches the guest [[ > http://www.pygtk.org/pygtk2reference/class-gtkclipboard.html][clipboard]] > for changes and saves > them to a file in a shared folder. Sounds plausible. Has it been tested? > ** Host overview > - Guest is run on a host-only network. Ports 9050/9051 are forwarded > over iptables or something similar. > - Guest boots from a virtual optical disk so it's the same code > starting every time. > - Guest VM is displayed using virtualbox's seamless mode, so that its > browser windows appear in standalone windows on the host desktop. > - Host checks for hardware virtualization support by running "sudo > modprobe kvm_{intel,amd}, and checking dmesg output for "kvm: no > hardware support" or "kvm: disabled by bios." If it finds either > of these messages, warns user on browser start that it's > downgrading to unvirtualized browser, and everything runs the way > it does now. > - Host also checks whether it's running under virtualization with > "/usr/sbin/dmidecode -s system-product-name". If it is, check > whether any CPU flags in /proc/cpuinfo suggest support for nested > virtualization, and if not, same warning. > - Otherwise, all browser defaults are set to a script which > 1) starts the guest VM if it's not already up, removing any stale > indication that the guest is ready to start a browser, > 2) waits for indication from the guest that it's ready to start a > browser, and starts one with the supplied CL arguments, using > VboxManage guestcontrol > - Host has up and down buttons in the task bar which transfer the > contents of the clipboard from guest to host and vice versa. OK, sounds plausible as well. I'd love to see a proof-of-concept. > **** Could the guest be tails? > If you disabled the firewall and greeter, you could possibly use the > tails image itself for the guest, which would save a little space. > I think that has potential for confusion, though. Probably best to > make it the minimal image needed to get the job done. This has been looked into by David Wolinsky already, IIRC. You'll find the discussion in the ML archive. Cheers! -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.