Devuan's precursor's, as Tails, image in Qemu (10)
(No. 0) No. 1 No. 2 No. 3 No. 4 No. 5 No. 6 No. 7 No. 8 No. 9 No. 10 No. 11 No. 12 No. 13 No. 14
I tried all kinds with virt-install, but I wasn't able to boot Tails.
Eventually I booted Tails the simple Qemu way.
---
The uncenz records:
---
There would be more to say (the most said is the data though), but maybe just what newbies are likely to stumble at: You need to add some likes of these lines to your iptables rules:
echo " * allowing tap0 in" $ipt -A INPUT -m physdev --physdev-in tap0 -j LOG --log-level warning --log-prefix mrfw_tap0_in $ipt -A INPUT -m physdev --physdev-in tap0 -j ACCEPT read FAKE echo " * allowing tap0 out" $ipt -A INPUT -m physdev --physdev-out tap0 -j LOG --log-level warning --log-prefix mrfw_tap0_out $ipt -A INPUT -m physdev --physdev-out tap0 -j ACCEPT read FAKE echo " * allowing tap0 fwd in" $ipt -A FORWARD -m physdev --physdev-in tap0 --physdev-out eth1 -j LOG --log-level warning --log-prefix mrfw_tap0_fwd_in $ipt -A FORWARD -m physdev --physdev-in tap0 --physdev-out eth1 -j ACCEPT read FAKE echo " * allowing tap0 fwd out" $ipt -A FORWARD -m physdev --physdev-in eth1 --physdev-out tap0 -j LOG --log-level warning --log-prefix mrfw_tap0_fwd_out $ipt -A FORWARD -m physdev --physdev-in eth1 --physdev-out tap0 -j ACCEPT read FAKE
And the command that I used to run Tails is:
#!/bin/sh exec qemu-system-x86_64 \ -machine type=q35,accel=kvm \ -enable-kvm \ -cpu host \ -drive file=tails12.img,if=virtio \ -device virtio-net,netdev=internet \ -netdev \ bridge,br=br0,id=internet,helper=/usr/libexec/qemu-bridge-helper \ -m 2048M \ -monitor stdio \ -display gtk \ -name "Tails12" \ $@ # add: # -cdrom tails-i386-2.10.iso
which you can save as TailsVM12.sh and run as you can see in the screencast (just, if I have grsec's tpe, trusted path execution, enabled, I don't run with ./SOMECOMMAND, but just SOMECOMMAND, as I put them in /usr/local/bin/ to run from).
( NOTE: even though I created tails12.img with:
$ qemu-img create -f qcow2 tails12.img 10G
it apparently served no purpose, so probably you can omit that part/line. )
---
The files necessary for this study are listed in:
dump_170302_1721_g0n.pcap Screen_170302_1721_g0n.webm ipt_170302_1721_g0n.tarand verify to: ls-1pg9.sum signed by: ls-1pg9.sum.asc
You might find dump_dlo.sh script from my uncenz program more useful then downloading each file separately.