Devuan's precursor's, as Tails, image in Qemu (10)

(No. 0)  No. 1  No. 2  No. 3  No. 4  No. 5  No. 6  No. 7  No. 8  No. 9    No. 10  

I tried all kinds with virt-install, but I couldn't boot Tails.

Eventually I booted Tails the simple Qemu way.


The uncenz records:



There would be more to say (the most said is the data though), but maybe just what newbies are likely to stumble at: You need to add some likes of these lines to your iptables rules:

echo " * allowing tap0 in"
$ipt -A INPUT -m physdev --physdev-in tap0 -j LOG --log-level warning --log-prefix mrfw_tap0_in
$ipt -A INPUT -m physdev --physdev-in tap0 -j ACCEPT
read FAKE

echo " * allowing tap0 out"
$ipt -A INPUT -m physdev --physdev-out tap0 -j LOG --log-level warning --log-prefix mrfw_tap0_out
$ipt -A INPUT -m physdev --physdev-out tap0 -j ACCEPT
read FAKE

echo " * allowing tap0 fwd in"
$ipt -A FORWARD -m physdev --physdev-in tap0 --physdev-out eth1 -j LOG --log-level warning --log-prefix mrfw_tap0_fwd_in
$ipt -A FORWARD -m physdev --physdev-in tap0 --physdev-out eth1 -j ACCEPT
read FAKE

echo " * allowing tap0 fwd out"
$ipt -A FORWARD -m physdev --physdev-in eth1 --physdev-out tap0 -j LOG --log-level warning --log-prefix mrfw_tap0_fwd_out
$ipt -A FORWARD -m physdev --physdev-in eth1 --physdev-out tap0 -j ACCEPT
read FAKE

And the command that I used to run Tails is:

exec qemu-system-x86_64 \
		-machine type=q35,accel=kvm \
		-enable-kvm \
		-cpu host \
		-drive file=tails12.img,if=virtio \
		-device virtio-net,netdev=internet \
		-netdev \
			bridge,br=br0,id=internet,helper=/usr/libexec/qemu-bridge-helper \
		-m 2048M \
		-monitor stdio \
		-display gtk \
		-name "Tails12" \
		# add:
		# -cdrom tails-i386-2.10.iso 

which you can save as and run as you can see in the screencast (just, if I have grsec's tpe, trusted path execution, enabled, I don't run with ./SOMECOMMAND, but just SOMECOMMAND, as I put them in /usr/local/bin/ to run from).

( NOTE: even though I created tails12.img with:

$ qemu-img create -f qcow2 tails12.img 10G

it apparently served no purpose, so probably you can omit that part/line. )


The files necessary for this study are listed in:



and verify to: ls-1pg9.sum signed by: ls-1pg9.sum.asc

You might find script from my uncenz program more useful then downloading each file separately.