[libvirt] Enhancement: Random Clock Offset
Martin Kletzander
mkletzan at redhat.com
Wed Mar 2 10:09:20 UTC 2016
On Tue, Mar 01, 2016 at 07:51:48PM +0000, bancfc at openmailbox.org wrote:
>For better system anonymity (to decouple VM OS timestamps leaked in
>traffic from host ones) a feature can be added to the clock offset
>variable to select randomly from a specified range of seconds from
>instead of a fixed number of seconds. That way a guest's clock can vary
>unpredictably from the host's and confuse correlation by network
>adversaries.
>
>Full Disclosure: I am from the Tor centric Whonix Project - whonix.org
>and this would be a very useful feature for us.
>
Interesting idea. Should this be automated, I would expect this to be
done above libvirt, using libvirt's APIs. Particularly virDomainSetTime
[1] could be of use. There's a virsh command for that as well, called
domtime that can be called from a script.
HTH,
Martin
[1] https://libvirt.org/html/libvirt-libvirt-domain.html#virDomainSetTime
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20160302/3b022243/attachment-0001.sig>
More information about the libvir-list
mailing list